author | Ludwig Nussel <lnussel@suse.de> |
Mon, 16 Sep 2013 17:39:33 +0200 | |
branch | firefox24 |
changeset 666 | 0d913ca30238 |
parent 664 | 1276f5ff4bcb |
child 667 | 6c1407488870 |
permissions | -rw-r--r-- |
539
b1134fe91f9a
merge latest changes from firefox16
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
536
diff
changeset
|
1 |
------------------------------------------------------------------- |
666
0d913ca30238
move greek to the translations-common package (bnc#840551)
Ludwig Nussel <lnussel@suse.de>
parents:
664
diff
changeset
|
2 |
Mon Sep 16 11:59:18 UTC 2013 - lnussel@suse.de |
0d913ca30238
move greek to the translations-common package (bnc#840551)
Ludwig Nussel <lnussel@suse.de>
parents:
664
diff
changeset
|
3 |
|
0d913ca30238
move greek to the translations-common package (bnc#840551)
Ludwig Nussel <lnussel@suse.de>
parents:
664
diff
changeset
|
4 |
- move greek to the translations-common package (bnc#840551) |
0d913ca30238
move greek to the translations-common package (bnc#840551)
Ludwig Nussel <lnussel@suse.de>
parents:
664
diff
changeset
|
5 |
|
0d913ca30238
move greek to the translations-common package (bnc#840551)
Ludwig Nussel <lnussel@suse.de>
parents:
664
diff
changeset
|
6 |
------------------------------------------------------------------- |
664 | 7 |
Sat Sep 14 14:39:58 UTC 2013 - wr@rosenauer.org |
8 |
||
666
0d913ca30238
move greek to the translations-common package (bnc#840551)
Ludwig Nussel <lnussel@suse.de>
parents:
664
diff
changeset
|
9 |
- update to Firefox 24.0 (bnc#840485) |
0d913ca30238
move greek to the translations-common package (bnc#840551)
Ludwig Nussel <lnussel@suse.de>
parents:
664
diff
changeset
|
10 |
- enable gstreamer via pref (gecko.js) |
663 | 11 |
- require NSS 3.15.1 |
661 | 12 |
|
13 |
------------------------------------------------------------------- |
|
664 | 14 |
Mon Aug 26 07:35:36 UTC 2013 - wr@rosenauer.org |
15 |
||
16 |
- update to Firefox 23.0.1 |
|
17 |
* Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls |
|
18 |
(bmo#901527) |
|
19 |
||
20 |
------------------------------------------------------------------- |
|
661 | 21 |
Sun Aug 4 18:30:11 UTC 2013 - wr@rosenauer.org |
22 |
||
23 |
- update to Firefox 23.0 (bnc#833389) |
|
24 |
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 |
|
25 |
Miscellaneous memory safety hazards |
|
26 |
* MFSA 2013-64/CVE-2013-1704 (bmo#883313) |
|
27 |
Use after free mutating DOM during SetBody |
|
28 |
* MFSA 2013-65/CVE-2013-1705 (bmo#882865) |
|
29 |
Buffer underflow when generating CRMF requests |
|
30 |
* MFSA 2013-67/CVE-2013-1708 (bmo#879924) |
|
31 |
Crash during WAV audio file decoding |
|
32 |
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) |
|
33 |
Document URI misrepresentation and masquerading |
|
34 |
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) |
|
35 |
CRMF requests allow for code execution and XSS attacks |
|
36 |
* MFSA 2013-70/CVE-2013-1711 (bmo#843829) |
|
37 |
Bypass of XrayWrappers using XBL Scopes |
|
38 |
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) |
|
39 |
Wrong principal used for validating URI for some Javascript |
|
40 |
components |
|
41 |
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) |
|
42 |
Same-origin bypass with web workers and XMLHttpRequest |
|
43 |
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) |
|
44 |
Local Java applets may read contents of local file system |
|
653 | 45 |
- requires NSPR 4.10 and NSS 3.15 |
659 | 46 |
|
47 |
------------------------------------------------------------------- |
|
48 |
Wed Jul 3 17:14:35 UTC 2013 - dmueller@suse.com |
|
49 |
||
50 |
- fix build on ARM (/-g/ matches /-grecord-switches/) |
|
51 |
||
52 |
------------------------------------------------------------------- |
|
53 |
Sat Jun 22 17:48:06 UTC 2013 - wr@rosenauer.org |
|
54 |
||
55 |
- update to Firefox 22.0 (bnc#825935) |
|
650 | 56 |
* removed obsolete patches |
57 |
+ mozilla-qcms-ppc.patch |
|
58 |
+ mozilla-gstreamer-760140.patch |
|
659 | 59 |
* GStreamer support does not build on 12.1 anymore (build only |
60 |
on 12.2 and later) |
|
61 |
* MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 |
|
62 |
Miscellaneous memory safety hazards |
|
63 |
* MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 |
|
64 |
Memory corruption found using Address Sanitizer |
|
65 |
* MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) |
|
66 |
Privileged content access and execution via XBL |
|
67 |
* MFSA 2013-52/CVE-2013-1688 (bmo#873966) |
|
68 |
Arbitrary code execution within Profiler |
|
69 |
* MFSA 2013-53/CVE-2013-1690 (bmo#857883) |
|
70 |
Execution of unmapped memory through onreadystatechange event |
|
71 |
* MFSA 2013-54/CVE-2013-1692 (bmo#866915) |
|
72 |
Data in the body of XHR HEAD requests leads to CSRF attacks |
|
73 |
* MFSA 2013-55/CVE-2013-1693 (bmo#711043) |
|
74 |
SVG filters can lead to information disclosure |
|
75 |
* MFSA 2013-56/CVE-2013-1694 (bmo#848535) |
|
76 |
PreserveWrapper has inconsistent behavior |
|
77 |
* MFSA 2013-57/CVE-2013-1695 (bmo#849791) |
|
78 |
Sandbox restrictions not applied to nested frame elements |
|
79 |
* MFSA 2013-58/CVE-2013-1696 (bmo#761667) |
|
80 |
X-Frame-Options ignored when using server push with multi-part |
|
81 |
responses |
|
82 |
* MFSA 2013-59/CVE-2013-1697 (bmo#858101) |
|
83 |
XrayWrappers can be bypassed to run user defined methods in a |
|
84 |
privileged context |
|
85 |
* MFSA 2013-60/CVE-2013-1698 (bmo#876044) |
|
86 |
getUserMedia permission dialog incorrectly displays location |
|
87 |
* MFSA 2013-61/CVE-2013-1699 (bmo#840882) |
|
88 |
Homograph domain spoofing in .com, .net and .name |
|
650 | 89 |
|
90 |
------------------------------------------------------------------- |
|
91 |
Tue Jun 11 21:06:58 UTC 2013 - dvaleev@suse.com |
|
92 |
||
93 |
- Fix qcms altivec include (mozilla-qcms-ppc.patch) |
|
94 |
||
95 |
------------------------------------------------------------------- |
|
647 | 96 |
Fri May 10 05:25:39 UTC 2013 - wr@rosenauer.org |
97 |
||
98 |
- update to Firefox 21.0 (bnc#819204) |
|
99 |
* removed upstreamed patch firefox-712763.patch |
|
100 |
* removed disabled mozilla-disable-neon-option.patch |
|
101 |
* MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 |
|
102 |
Miscellaneous memory safety hazards |
|
103 |
* MFSA 2013-42/CVE-2013-1670 (bmo#853709) |
|
104 |
Privileged access for content level constructor |
|
105 |
* MFSA 2013-43/CVE-2013-1671 (bmo#842255) |
|
106 |
File input control has access to full path |
|
107 |
* MFSA 2013-46/CVE-2013-1674 (bmo#860971) |
|
108 |
Use-after-free with video and onresize event |
|
109 |
* MFSA 2013-47/CVE-2013-1675 (bmo#866825) |
|
110 |
Uninitialized functions in DOMSVGZoomEvent |
|
111 |
* MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ |
|
112 |
CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 |
|
113 |
Memory corruption found using Address Sanitizer |
|
645 | 114 |
|
115 |
------------------------------------------------------------------- |
|
116 |
Tue Apr 9 06:41:31 UTC 2013 - wr@rosenauer.org |
|
117 |
||
118 |
- revert to use GStreamer 0.10 on 12.3 (bnc#814101) |
|
119 |
(remove mozilla-gstreamer-1.patch) |
|
120 |
||
121 |
------------------------------------------------------------------- |
|
640
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
122 |
Fri Apr 5 17:04:11 UTC 2013 - schwab@linux-m68k.org |
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
123 |
|
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
124 |
- Explicitly disable WebRTC support on non-x86, the configure script |
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
125 |
disables it only half-heartedly |
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
126 |
|
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
127 |
------------------------------------------------------------------- |
639 | 128 |
Fri Mar 29 22:15:21 UTC 2013 - wr@rosenauer.org |
129 |
||
130 |
- update to Firefox 20.0 (bnc#813026) |
|
131 |
* requires NSPR 4.9.5 and NSS 3.14.3 |
|
640
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
132 |
* mozilla-webrtc-ppc.patch included upstream |
639 | 133 |
* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 |
134 |
Miscellaneous memory safety hazards |
|
135 |
* MFSA 2013-31/CVE-2013-0800 (bmo#825721) |
|
136 |
Out-of-bounds write in Cairo library |
|
137 |
* MFSA 2013-35/CVE-2013-0796 (bmo#827106) |
|
138 |
WebGL crash with Mesa graphics driver on Linux |
|
139 |
* MFSA 2013-36/CVE-2013-0795 (bmo#825697) |
|
140 |
Bypass of SOW protections allows cloning of protected nodes |
|
141 |
* MFSA 2013-37/CVE-2013-0794 (bmo#626775) |
|
142 |
Bypass of tab-modal dialog origin disclosure |
|
143 |
* MFSA 2013-38/CVE-2013-0793 (bmo#803870) |
|
144 |
Cross-site scripting (XSS) using timed history navigations |
|
145 |
* MFSA 2013-39/CVE-2013-0792 (bmo#722831) |
|
146 |
Memory corruption while rendering grayscale PNG images |
|
625
9f6e14430916
Bug 806917 - support GStreamer 1.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
624
diff
changeset
|
147 |
- use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch) |
633 | 148 |
|
149 |
------------------------------------------------------------------- |
|
631 | 150 |
Tue Mar 12 23:08:15 UTC 2013 - dmueller@suse.com |
151 |
||
152 |
- build fixes for armv7hl: |
|
153 |
* disable debug build as armv7hl does not have enough memory |
|
154 |
* disable webrtc on armv7hl as it is non-compiling |
|
155 |
||
156 |
------------------------------------------------------------------- |
|
157 |
Thu Mar 7 19:03:32 UTC 2013 - wr@rosenauer.org |
|
158 |
||
159 |
- update to Firefox 19.0.2 (bnc#808243) |
|
160 |
* MFSA 2013-29/CVE-2013-0787 (bmo#848644) |
|
161 |
Use-after-free in HTML Editor |
|
162 |
||
163 |
------------------------------------------------------------------- |
|
623 | 164 |
Thu Feb 28 22:06:36 UTC 2013 - wr@rosenauer.org |
165 |
||
166 |
- update to Firefox 19.0.1 |
|
167 |
* blocklist updates |
|
168 |
||
169 |
------------------------------------------------------------------- |
|
615
fb49ee6e3828
Firefox 19.0 goes release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
613
diff
changeset
|
170 |
Sat Feb 16 07:08:55 UTC 2013 - wr@rosenauer.org |
fb49ee6e3828
Firefox 19.0 goes release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
613
diff
changeset
|
171 |
|
619 | 172 |
- update to Firefox 19.0 (bnc#804248) |
173 |
* MFSA 2013-21/CVE-2013-0783/2013-0784 |
|
174 |
Miscellaneous memory safety hazards |
|
175 |
* MFSA 2013-22/CVE-2013-0772 (bmo#801366) |
|
176 |
Out-of-bounds read in image rendering |
|
177 |
* MFSA 2013-23/CVE-2013-0765 (bmo#830614) |
|
178 |
Wrapped WebIDL objects can be wrapped again |
|
179 |
* MFSA 2013-24/CVE-2013-0773 (bmo#809652) |
|
180 |
Web content bypass of COW and SOW security wrappers |
|
181 |
* MFSA 2013-25/CVE-2013-0774 (bmo#827193) |
|
182 |
Privacy leak in JavaScript Workers |
|
183 |
* MFSA 2013-26/CVE-2013-0775 (bmo#831095) |
|
184 |
Use-after-free in nsImageLoadingContent |
|
185 |
* MFSA 2013-27/CVE-2013-0776 (bmo#796475) |
|
186 |
Phishing on HTTPS connection through malicious proxy |
|
187 |
* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ |
|
188 |
CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 |
|
189 |
Use-after-free, out of bounds read, and buffer overflow issues |
|
190 |
found using Address Sanitizer |
|
191 |
- removed obsolete patches |
|
192 |
* mozilla-webrtc.patch |
|
193 |
* mozilla-gstreamer-803287.patch |
|
616
f46af22f1079
Bug 712763 - Backout changes from bug 669272 to keep original window order when restoring a session
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
615
diff
changeset
|
194 |
- added patch to fix session restore window order (bmo#712763) |
613 | 195 |
|
196 |
------------------------------------------------------------------- |
|
611 | 197 |
Sat Feb 2 08:40:52 UTC 2013 - wr@rosenauer.org |
198 |
||
199 |
- update to Firefox 18.0.2 |
|
200 |
* blocklist and CTP updates |
|
201 |
* fixes in JS engine |
|
202 |
||
203 |
------------------------------------------------------------------- |
|
604 | 204 |
Wed Jan 16 20:51:55 UTC 2013 - wr@rosenauer.org |
205 |
||
206 |
- update to Firefox 18.0.1 |
|
207 |
* blocklist updates |
|
208 |
* backed out bmo#677092 (removed patch) |
|
609 | 209 |
* fixed problems involving HTTP proxy transactions |
604 | 210 |
|
211 |
------------------------------------------------------------------- |
|
603
cfcae96df099
imported patch to fix PPC build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
601
diff
changeset
|
212 |
Sat Jan 12 17:25:11 UTC 2013 - schwab@linux-m68k.org |
cfcae96df099
imported patch to fix PPC build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
601
diff
changeset
|
213 |
|
cfcae96df099
imported patch to fix PPC build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
601
diff
changeset
|
214 |
- Fix WebRTC to build on powerpc |
cfcae96df099
imported patch to fix PPC build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
601
diff
changeset
|
215 |
|
cfcae96df099
imported patch to fix PPC build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
601
diff
changeset
|
216 |
------------------------------------------------------------------- |
600 | 217 |
Sun Jan 6 21:54:18 UTC 2013 - wr@rosenauer.org |
218 |
||
219 |
- update to Firefox 18.0 (bnc#796895) |
|
601 | 220 |
* MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 |
221 |
Miscellaneous memory safety hazards |
|
222 |
* MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 |
|
223 |
CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 |
|
224 |
Use-after-free and buffer overflow issues found using Address Sanitizer |
|
225 |
* MFSA 2013-03/CVE-2013-0768 (bmo#815795) |
|
226 |
Buffer Overflow in Canvas |
|
227 |
* MFSA 2013-04/CVE-2012-0759 (bmo#802026) |
|
228 |
URL spoofing in addressbar during page loads |
|
229 |
* MFSA 2013-05/CVE-2013-0744 (bmo#814713) |
|
230 |
Use-after-free when displaying table with many columns and column groups |
|
231 |
* MFSA 2013-06/CVE-2013-0751 (bmo#790454) |
|
232 |
Touch events are shared across iframes |
|
233 |
* MFSA 2013-07/CVE-2013-0764 (bmo#804237) |
|
234 |
Crash due to handling of SSL on threads |
|
235 |
* MFSA 2013-08/CVE-2013-0745 (bmo#794158) |
|
236 |
AutoWrapperChanger fails to keep objects alive during garbage collection |
|
237 |
* MFSA 2013-09/CVE-2013-0746 (bmo#816842) |
|
238 |
Compartment mismatch with quickstubs returned values |
|
239 |
* MFSA 2013-10/CVE-2013-0747 (bmo#733305) |
|
240 |
Event manipulation in plugin handler to bypass same-origin policy |
|
241 |
* MFSA 2013-11/CVE-2013-0748 (bmo#806031) |
|
242 |
Address space layout leaked in XBL objects |
|
243 |
* MFSA 2013-12/CVE-2013-0750 (bmo#805121) |
|
244 |
Buffer overflow in Javascript string concatenation |
|
245 |
* MFSA 2013-13/CVE-2013-0752 (bmo#805024) |
|
246 |
Memory corruption in XBL with XML bindings containing SVG |
|
247 |
* MFSA 2013-14/CVE-2013-0757 (bmo#813901) |
|
248 |
Chrome Object Wrapper (COW) bypass through changing prototype |
|
249 |
* MFSA 2013-15/CVE-2013-0758 (bmo#813906) |
|
250 |
Privilege escalation through plugin objects |
|
251 |
* MFSA 2013-16/CVE-2013-0753 (bmo#814001) |
|
252 |
Use-after-free in serializeToStream |
|
253 |
* MFSA 2013-17/CVE-2013-0754 (bmo#814026) |
|
254 |
Use-after-free in ListenerManager |
|
255 |
* MFSA 2013-18/CVE-2013-0755 (bmo#814027) |
|
256 |
Use-after-free in Vibrate |
|
257 |
* MFSA 2013-19/CVE-2013-0756 (bmo#814029) |
|
258 |
Use-after-free in Javascript Proxy objects |
|
259 |
- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743) |
|
260 |
- removed obsolete SLE11 patches (mozilla-gcc43*) |
|
585
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
261 |
- reenable WebRTC |
600 | 262 |
- added mozilla-libproxy-compat.patch for libproxy API compat |
263 |
on openSUSE 11.2 and earlier |
|
601 | 264 |
- backed out restartless language packs as it broke multi-locale |
265 |
setup (bmo#677092, bmo#818468) |
|
585
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
266 |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
267 |
------------------------------------------------------------------- |
595 | 268 |
Thu Nov 29 19:56:51 UTC 2012 - wr@rosenauer.org |
269 |
||
270 |
- update to Firefox 17.0.1 |
|
271 |
* revert some useragent changes introduced in 17.0 |
|
272 |
* leaving private browsing with social enabled doesn't reset all |
|
273 |
social components (bmo#815042) |
|
274 |
- fix KDE integration for file dialogs |
|
275 |
||
276 |
------------------------------------------------------------------- |
|
585
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
277 |
Tue Nov 20 19:52:02 UTC 2012 - wr@rosenauer.org |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
278 |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
279 |
- update to Firefox 17.0 (bnc#790140) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
280 |
* MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
281 |
Miscellaneous memory safety hazards |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
282 |
* MFSA 2012-92/CVE-2012-4202 (bmo#758200) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
283 |
Buffer overflow while rendering GIF images |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
284 |
* MFSA 2012-93/CVE-2012-4201 (bmo#747607) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
285 |
evalInSanbox location context incorrectly applied |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
286 |
* MFSA 2012-94/CVE-2012-5836 (bmo#792857) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
287 |
Crash when combining SVG text on path with CSS |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
288 |
* MFSA 2012-95/CVE-2012-4203 (bmo#765628) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
289 |
Javascript: URLs run in privileged context on New Tab page |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
290 |
* MFSA 2012-96/CVE-2012-4204 (bmo#778603) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
291 |
Memory corruption in str_unescape |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
292 |
* MFSA 2012-97/CVE-2012-4205 (bmo#779821) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
293 |
XMLHttpRequest inherits incorrect principal within sandbox |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
294 |
* MFSA 2012-99/CVE-2012-4208 (bmo#798264) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
295 |
XrayWrappers exposes chrome-only properties when not in chrome |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
296 |
compartment |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
297 |
* MFSA 2012-100/CVE-2012-5841 (bmo#805807) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
298 |
Improper security filtering for cross-origin wrappers |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
299 |
* MFSA 2012-101/CVE-2012-4207 (bmo#801681) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
300 |
Improper character decoding in HZ-GB-2312 charset |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
301 |
* MFSA 2012-102/CVE-2012-5837 (bmo#800363) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
302 |
Script entered into Developer Toolbar runs with chrome privileges |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
303 |
* MFSA 2012-103/CVE-2012-4209 (bmo#792405) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
304 |
Frames can shadow top.location |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
305 |
* MFSA 2012-104/CVE-2012-4210 (bmo#796866) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
306 |
CSS and HTML injection through Style Inspector |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
307 |
* MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
308 |
CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
309 |
CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
310 |
Use-after-free and buffer overflow issues found using Address |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
311 |
Sanitizer |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
312 |
* MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
313 |
Use-after-free, buffer overflow, and memory corruption issues |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
314 |
found using Address Sanitizer |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
315 |
- rebased patches |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
316 |
- disabled WebRTC since build is broken (bmo#776877) |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
317 |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
318 |
------------------------------------------------------------------- |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
319 |
Tue Nov 20 15:42:55 UTC 2012 - pcerny@suse.com |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
320 |
|
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
321 |
- build on SLE11 |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
322 |
* mozilla-gcc43-enums.patch |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
323 |
* mozilla-gcc43-template_hacks.patch |
5a44d417c9b5
prepare for Beta 18 phase
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
572
diff
changeset
|
324 |
* mozilla-gcc43-templates_instantiation.patch |
568
2c74c5927ea2
first working Aurora 18 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
563
diff
changeset
|
325 |
|
2c74c5927ea2
first working Aurora 18 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
563
diff
changeset
|
326 |
------------------------------------------------------------------- |
572 | 327 |
Wed Oct 24 08:27:29 UTC 2012 - wr@rosenauer.org |
328 |
||
329 |
- update to Firefox 16.0.2 (bnc#786522) |
|
330 |
* MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 |
|
331 |
(bmo#800666, bmo#793121, bmo#802557) |
|
332 |
Fixes for Location object issues |
|
333 |
- bring back Obsoletes for libproxy's mozjs plugin for distributions |
|
334 |
before 12.2 to avoid crashes |
|
539
b1134fe91f9a
merge latest changes from firefox16
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
536
diff
changeset
|
335 |
|
414 | 336 |
------------------------------------------------------------------- |
563 | 337 |
Thu Oct 11 01:51:16 UTC 2012 - wr@rosenauer.org |
338 |
||
339 |
- update to Firefox 16.0.1 (bnc#783533) |
|
340 |
* MFSA 2012-88/CVE-2012-4191 (bmo#798045) |
|
341 |
Miscellaneous memory safety hazards |
|
342 |
* MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) |
|
343 |
defaultValue security checks not applied |
|
344 |
||
345 |
------------------------------------------------------------------- |
|
346 |
Sun Oct 7 21:40:14 UTC 2012 - wr@rosenauer.org |
|
347 |
||
348 |
- update to Firefox 16.0 (bnc#783533) |
|
349 |
* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 |
|
350 |
Miscellaneous memory safety hazards |
|
351 |
* MFSA 2012-75/CVE-2012-3984 (bmo#575294) |
|
352 |
select element persistance allows for attacks |
|
353 |
* MFSA 2012-76/CVE-2012-3985 (bmo#655649) |
|
354 |
Continued access to initial origin after setting document.domain |
|
355 |
* MFSA 2012-77/CVE-2012-3986 (bmo#775868) |
|
356 |
Some DOMWindowUtils methods bypass security checks |
|
357 |
* MFSA 2012-79/CVE-2012-3988 (bmo#725770) |
|
358 |
DOS and crash with full screen and history navigation |
|
359 |
* MFSA 2012-80/CVE-2012-3989 (bmo#783867) |
|
360 |
Crash with invalid cast when using instanceof operator |
|
361 |
* MFSA 2012-81/CVE-2012-3991 (bmo#783260) |
|
362 |
GetProperty function can bypass security checks |
|
363 |
* MFSA 2012-82/CVE-2012-3994 (bmo#765527) |
|
364 |
top object and location property accessible by plugins |
|
365 |
* MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) |
|
366 |
Chrome Object Wrapper (COW) does not disallow acces to privileged |
|
367 |
functions or properties |
|
368 |
* MFSA 2012-84/CVE-2012-3992 (bmo#775009) |
|
369 |
Spoofing and script injection through location.hash |
|
370 |
* MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ |
|
371 |
CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 |
|
372 |
Use-after-free, buffer overflow, and out of bounds read issues |
|
373 |
found using Address Sanitizer |
|
374 |
* MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ |
|
375 |
CVE-2012-4188 |
|
376 |
Heap memory corruption issues found using Address Sanitizer |
|
377 |
* MFSA 2012-87/CVE-2012-3990 (bmo#787704) |
|
378 |
Use-after-free in the IME State Manager |
|
533 | 379 |
- requires NSPR 4.9.2 |
529
4812378b5646
import GStreamer improvement from bmo#760140 (support mpeg audio)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
513
diff
changeset
|
380 |
- improve GStreamer integration (bmo#760140) |
533 | 381 |
- removed upstreamed mozilla-crashreporter-restart-args.patch |
382 |
- webapprt now included |
|
536 | 383 |
- use kmozillahelper's new REVEAL command (bnc#777415) |
538
be682f8c9361
revert API version change for kmozillahelper
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
536
diff
changeset
|
384 |
(requires mozilla-kde4-integration >= 0.6.4) |
563 | 385 |
- updated translations-other with new languages |
529
4812378b5646
import GStreamer improvement from bmo#760140 (support mpeg audio)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
513
diff
changeset
|
386 |
|
4812378b5646
import GStreamer improvement from bmo#760140 (support mpeg audio)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
513
diff
changeset
|
387 |
------------------------------------------------------------------- |
541
830e50bbfc79
working Aurora 17.0 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
540
diff
changeset
|
388 |
Mon Sep 10 19:37:56 UTC 2012 - wr@rosenauer.org |
830e50bbfc79
working Aurora 17.0 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
540
diff
changeset
|
389 |
|
830e50bbfc79
working Aurora 17.0 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
540
diff
changeset
|
390 |
- update to Firefox 15.0.1 (bnc#779936) |
830e50bbfc79
working Aurora 17.0 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
540
diff
changeset
|
391 |
* Sites visited while in Private Browsing mode could be found |
547 | 392 |
through manual browser cache inspection (bmo#787743) |
541
830e50bbfc79
working Aurora 17.0 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
540
diff
changeset
|
393 |
|
830e50bbfc79
working Aurora 17.0 build
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
540
diff
changeset
|
394 |
------------------------------------------------------------------- |
533 | 395 |
Sun Aug 26 13:47:43 UTC 2012 - wr@rosenauer.org |
396 |
||
397 |
- update to Firefox 15.0 (bnc#777588) |
|
398 |
* MFSA 2012-57/CVE-2012-1970 |
|
399 |
Miscellaneous memory safety hazards |
|
400 |
* MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975 |
|
401 |
CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959 |
|
402 |
CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964 |
|
403 |
Use-after-free issues found using Address Sanitizer |
|
404 |
* MFSA 2012-59/CVE-2012-1956 (bmo#756719) |
|
405 |
Location object can be shadowed using Object.defineProperty |
|
406 |
* MFSA 2012-60/CVE-2012-3965 (bmo#769108) |
|
407 |
Escalation of privilege through about:newtab |
|
408 |
* MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793) |
|
409 |
Memory corruption with bitmap format images with negative height |
|
410 |
* MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 |
|
411 |
WebGL use-after-free and memory corruption |
|
412 |
* MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 |
|
413 |
SVG buffer overflow and use-after-free issues |
|
414 |
* MFSA 2012-64/CVE-2012-3971 |
|
415 |
Graphite 2 memory corruption |
|
416 |
* MFSA 2012-65/CVE-2012-3972 (bmo#746855) |
|
417 |
Out-of-bounds read in format-number in XSLT |
|
418 |
* MFSA 2012-66/CVE-2012-3973 (bmo#757128) |
|
419 |
HTTPMonitor extension allows for remote debugging without explicit |
|
420 |
activation |
|
421 |
* MFSA 2012-68/CVE-2012-3975 (bmo#770684) |
|
422 |
DOMParser loads linked resources in extensions when parsing |
|
423 |
text/html |
|
424 |
* MFSA 2012-69/CVE-2012-3976 (bmo#768568) |
|
425 |
Incorrect site SSL certificate data display |
|
426 |
* MFSA 2012-70/CVE-2012-3978 (bmo#770429) |
|
427 |
Location object security checks bypassed by chrome code |
|
428 |
* MFSA 2012-72/CVE-2012-3980 (bmo#771859) |
|
429 |
Web console eval capable of executing chrome-privileged code |
|
471
73b631ab214b
adding fixes to spec file and changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
463
diff
changeset
|
430 |
- fix HTML5 video crash with GStreamer enabled (bmo#761030) |
513 | 431 |
- GStreamer is only used for MP4 (no WebM, OGG) |
491 | 432 |
- updated filelist |
529
4812378b5646
import GStreamer improvement from bmo#760140 (support mpeg audio)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
513
diff
changeset
|
433 |
- moved browser specific preferences to correct location |
4812378b5646
import GStreamer improvement from bmo#760140 (support mpeg audio)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
513
diff
changeset
|
434 |
|
4812378b5646
import GStreamer improvement from bmo#760140 (support mpeg audio)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
513
diff
changeset
|
435 |
------------------------------------------------------------------- |
4812378b5646
import GStreamer improvement from bmo#760140 (support mpeg audio)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
513
diff
changeset
|
436 |
Sun Jul 29 08:34:39 UTC 2012 - aj@suse.de |
4812378b5646
import GStreamer improvement from bmo#760140 (support mpeg audio)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
513
diff
changeset
|
437 |
|
4812378b5646
import GStreamer improvement from bmo#760140 (support mpeg audio)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
513
diff
changeset
|
438 |
- Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16) |
491 | 439 |
|
440 |
------------------------------------------------------------------- |
|
500 | 441 |
Sat Jul 14 19:31:51 UTC 2012 - wr@rosenauer.org |
442 |
||
443 |
- update to 14.0.1 (bnc#771583) |
|
444 |
* MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 |
|
445 |
Miscellaneous memory safety hazards |
|
446 |
* MFSA 2012-43/CVE-2012-1950 |
|
447 |
Incorrect URL displayed in addressbar through drag and drop |
|
448 |
* MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 |
|
449 |
Gecko memory corruption |
|
450 |
* MFSA 2012-45/CVE-2012-1955 (bmo#757376) |
|
451 |
Spoofing issue with location |
|
452 |
* MFSA 2012-46/CVE-2012-1966 (bmo#734076) |
|
453 |
XSS through data: URLs |
|
454 |
* MFSA 2012-47/CVE-2012-1957 (bmo#750096) |
|
455 |
Improper filtering of javascript in HTML feed-view |
|
456 |
* MFSA 2012-48/CVE-2012-1958 (bmo#750820) |
|
457 |
use-after-free in nsGlobalWindow::PageHidden |
|
458 |
* MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) |
|
459 |
Same-compartment Security Wrappers can be bypassed |
|
460 |
* MFSA 2012-50/CVE-2012-1960 (bmo#761014) |
|
461 |
Out of bounds read in QCMS |
|
462 |
* MFSA 2012-51/CVE-2012-1961 (bmo#761655) |
|
463 |
X-Frame-Options header ignored when duplicated |
|
464 |
* MFSA 2012-52/CVE-2012-1962 (bmo#764296) |
|
465 |
JSDependentString::undepend string conversion results in memory |
|
466 |
corruption |
|
467 |
* MFSA 2012-53/CVE-2012-1963 (bmo#767778) |
|
468 |
Content Security Policy 1.0 implementation errors cause data |
|
469 |
leakage |
|
470 |
* MFSA 2012-55/CVE-2012-1965 (bmo#758990) |
|
471 |
feed: URLs with an innerURI inherit security context of page |
|
472 |
* MFSA 2012-56/CVE-2012-1967 (bmo#758344) |
|
473 |
Code execution through javascript: URLs |
|
491 | 474 |
- license change from tri license to MPL-2.0 |
475 |
- fix crashreporter restart option (bmo#762780) |
|
476 |
- require NSS 3.13.5 |
|
477 |
- remove mozjs pacrunner obsoletes again for now |
|
478 |
- adopted mozilla-prefer_plugin_pref.patch |
|
500 | 479 |
- PPC fixes: |
480 |
* reenabled mozilla-yarr-pcre.patch to fix build for PPC |
|
481 |
* add patches for bmo#750620 and bmo#746112 |
|
482 |
* fix xpcshell segfault on ppc |
|
491 | 483 |
|
484 |
------------------------------------------------------------------- |
|
485 |
Fri Jun 15 12:37:09 UTC 2012 - wr@rosenauer.org |
|
486 |
||
487 |
- update to Firefox 13.0.1 |
|
488 |
* bugfix release |
|
489 |
- obsolete libproxy's mozjs pacrunner (bnc#759123) |
|
457 | 490 |
|
491 |
------------------------------------------------------------------- |
|
462
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
492 |
Sat Jun 2 08:22:51 UTC 2012 - wr@rosenauer.org |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
493 |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
494 |
- update to Firefox 13.0 (bnc#765204) |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
495 |
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
496 |
Miscellaneous memory safety hazards |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
497 |
* MFSA 2012-36/CVE-2012-1944 (bmo#751422) |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
498 |
Content Security Policy inline-script bypass |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
499 |
* MFSA 2012-37/CVE-2012-1945 (bmo#670514) |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
500 |
Information disclosure though Windows file shares and shortcut |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
501 |
files |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
502 |
* MFSA 2012-38/CVE-2012-1946 (bmo#750109) |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
503 |
Use-after-free while replacing/inserting a node in a document |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
504 |
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
505 |
Buffer overflow and use-after-free issues found using Address |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
506 |
Sanitizer |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
507 |
- require NSS 3.13.4 |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
508 |
* MFSA 2012-39/CVE-2012-0441 (bmo#715073) |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
509 |
- fix sound notifications when filename/path contains a whitespace |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
510 |
(bmo#749739) |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
511 |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
512 |
------------------------------------------------------------------- |
457 | 513 |
Wed May 23 14:40:16 UTC 2012 - adrian@suse.de |
514 |
||
515 |
- fix build on arm |
|
435
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
516 |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
517 |
------------------------------------------------------------------- |
462
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
518 |
Wed May 16 05:34:01 UTC 2012 - wr@rosenauer.org |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
519 |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
520 |
- reenabled crashreporter for Factory/12.2 |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
521 |
(fix in mozilla-gcc47.patch) |
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
522 |
|
2d86bdb4277f
14.0b6 (Aurora->Beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
457
diff
changeset
|
523 |
------------------------------------------------------------------- |
435
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
524 |
Sat Apr 21 10:02:37 UTC 2012 - wr@rosenauer.org |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
525 |
|
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
526 |
- update to Firefox 12.0 (bnc#758408) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
527 |
* rebased patches |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
528 |
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
529 |
Miscellaneous memory safety hazards |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
530 |
* MFSA 2012-22/CVE-2012-0469 (bmo#738985) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
531 |
use-after-free in IDBKeyRange |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
532 |
* MFSA 2012-23/CVE-2012-0470 (bmo#734288) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
533 |
Invalid frees causes heap corruption in gfxImageSurface |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
534 |
* MFSA 2012-24/CVE-2012-0471 (bmo#715319) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
535 |
Potential XSS via multibyte content processing errors |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
536 |
* MFSA 2012-25/CVE-2012-0472 (bmo#744480) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
537 |
Potential memory corruption during font rendering using cairo-dwrite |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
538 |
* MFSA 2012-26/CVE-2012-0473 (bmo#743475) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
539 |
WebGL.drawElements may read illegal video memory due to |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
540 |
FindMaxUshortElement error |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
541 |
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
542 |
Page load short-circuit can lead to XSS |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
543 |
* MFSA 2012-28/CVE-2012-0475 (bmo#694576) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
544 |
Ambiguous IPv6 in Origin headers may bypass webserver access |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
545 |
restrictions |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
546 |
* MFSA 2012-29/CVE-2012-0477 (bmo#718573) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
547 |
Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
548 |
* MFSA 2012-30/CVE-2012-0478 (bmo#727547) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
549 |
Crash with WebGL content using textImage2D |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
550 |
* MFSA 2012-31/CVE-2011-3062 (bmo#739925) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
551 |
Off-by-one error in OpenType Sanitizer |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
552 |
* MFSA 2012-32/CVE-2011-1187 (bmo#624621) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
553 |
HTTP Redirections and remote content can be read by javascript errors |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
554 |
* MFSA 2012-33/CVE-2012-0479 (bmo#714631) |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
555 |
Potential site identity spoofing when loading RSS and Atom feeds |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
556 |
- added mozilla-libnotify.patch to allow fallback from libnotify |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
557 |
to xul based events if no notification-daemon is running |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
558 |
- gcc 4.7 fixes |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
559 |
* mozilla-gcc47.patch |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
560 |
* disabled crashreporter temporarily for Factory |
df9c4a6e84f8
update version/tree information for Aurora 14 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
423
diff
changeset
|
561 |
- recommend libcanberra0 for proper sound notifications |
414 | 562 |
|
407 | 563 |
------------------------------------------------------------------- |
408 | 564 |
Fri Mar 9 21:47:07 UTC 2012 - wr@rosenauer.org |
565 |
||
566 |
- update to Firefox 11.0 (bnc#750044) |
|
410 | 567 |
* MFSA 2012-13/CVE-2012-0455 (bmo#704354) |
568 |
XSS with Drag and Drop and Javascript: URL |
|
569 |
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) |
|
570 |
SVG issues found with Address Sanitizer |
|
571 |
* MFSA 2012-15/CVE-2012-0451 (bmo#717511) |
|
572 |
XSS with multiple Content Security Policy headers |
|
573 |
* MFSA 2012-16/CVE-2012-0458 |
|
574 |
Escalation of privilege with Javascript: URL as home page |
|
575 |
* MFSA 2012-17/CVE-2012-0459 (bmo#723446) |
|
576 |
Crash when accessing keyframe cssText after dynamic modification |
|
577 |
* MFSA 2012-18/CVE-2012-0460 (bmo#727303) |
|
578 |
window.fullScreen writeable by untrusted content |
|
579 |
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ |
|
580 |
CVE-2012-0463 |
|
581 |
Miscellaneous memory safety hazards |
|
407 | 582 |
- ported and reenabled KDE integration (bnc#746591) |
583 |
- explicitely build-require X libs |
|
584 |
||
404
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
401
diff
changeset
|
585 |
------------------------------------------------------------------- |
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
401
diff
changeset
|
586 |
Mon Mar 5 13:31:48 UTC 2012 - vdziewiecki@suse.com |
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
401
diff
changeset
|
587 |
|
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
401
diff
changeset
|
588 |
- add Provides: browser(npapi) FATE#313084 |
5f3bccaf6d52
provide browser(npapi)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
401
diff
changeset
|
589 |
|
398
937669e1c537
ported and reenabled KDE integration (bnc#746591)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
590 |
------------------------------------------------------------------- |
937669e1c537
ported and reenabled KDE integration (bnc#746591)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
591 |
Fri Feb 17 17:41:11 UTC 2012 - pcerny@suse.com |
937669e1c537
ported and reenabled KDE integration (bnc#746591)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
592 |
|
937669e1c537
ported and reenabled KDE integration (bnc#746591)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
593 |
- better plugin directory resolution (bnc#747320) |
937669e1c537
ported and reenabled KDE integration (bnc#746591)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
387
diff
changeset
|
594 |
|
386 | 595 |
------------------------------------------------------------------- |
387 | 596 |
Thu Feb 16 08:47:31 UTC 2012 - wr@rosenauer.org |
597 |
||
598 |
- update to Firefox 10.0.2 (bnc#747328) |
|
599 |
* CVE-2011-3026 (bmo#727401) |
|
600 |
libpng: integer overflow leading to heap-buffer overflow |
|
386 | 601 |
|
602 |
------------------------------------------------------------------- |
|
603 |
Thu Feb 9 09:26:11 UTC 2012 - wr@rosenauer.org |
|
604 |
||
605 |
- update to Firefox 10.0.1 (bnc#746616) |
|
606 |
* MFSA 2012-10/CVE-2012-0452 (bmo#724284) |
|
607 |
use after free in nsXBLDocumentInfo::ReadPrototypeBindings |
|
608 |
||
378 | 609 |
------------------------------------------------------------------- |
610 |
Tue Feb 7 10:40:58 UTC 2012 - dvaleev@suse.com |
|
611 |
||
612 |
- Use YARR interpreter instead of PCRE on platforms where YARR JIT |
|
613 |
is not supported, since PCRE doesnt build (bmo#691898) |
|
614 |
- fix ppc64 build (bmo#703534) |
|
615 |
||
373 | 616 |
------------------------------------------------------------------- |
617 |
Mon Jan 30 09:41:59 UTC 2012 - wr@rosenauer.org |
|
618 |
||
375
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
619 |
- update to Firefox 10.0 (bnc#744275) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
620 |
* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
621 |
Miscellaneous memory safety hazards |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
622 |
* MFSA 2012-03/CVE-2012-0445 (bmo#701071) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
623 |
<iframe> element exposed across domains via name attribute |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
624 |
* MFSA 2012-04/CVE-2011-3659 (bmo#708198) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
625 |
Child nodes from nsDOMAttribute still accessible after removal |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
626 |
of nodes |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
627 |
* MFSA 2012-05/CVE-2012-0446 (bmo#705651) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
628 |
Frame scripts calling into untrusted objects bypass security |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
629 |
checks |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
630 |
* MFSA 2012-06/CVE-2012-0447 (bmo#710079) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
631 |
Uninitialized memory appended when encoding icon images may |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
632 |
cause information disclosure |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
633 |
* MFSA 2012-07/CVE-2012-0444 (bmo#719612) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
634 |
Potential Memory Corruption When Decoding Ogg Vorbis files |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
635 |
* MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
636 |
Crash with malformed embedded XSLT stylesheets |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
637 |
- KDE integration has been disabled since it needs refactoring |
d75cd0dac058
final 10.0 updates (changelog)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
373
diff
changeset
|
638 |
- removed obsolete ppc64 patch |
373 | 639 |
|
371
ead21d122ed0
introduce --disable-neon option and use on ARM
Joop Boonen <joop.boonen@opensuse.org>
parents:
366
diff
changeset
|
640 |
------------------------------------------------------------------- |
ead21d122ed0
introduce --disable-neon option and use on ARM
Joop Boonen <joop.boonen@opensuse.org>
parents:
366
diff
changeset
|
641 |
Sun Jan 22 12:08:07 UTC 2012 - joop.boonen@opensuse.org |
ead21d122ed0
introduce --disable-neon option and use on ARM
Joop Boonen <joop.boonen@opensuse.org>
parents:
366
diff
changeset
|
642 |
|
ead21d122ed0
introduce --disable-neon option and use on ARM
Joop Boonen <joop.boonen@opensuse.org>
parents:
366
diff
changeset
|
643 |
- Disable neon for arm as it doesn't build correctly |
ead21d122ed0
introduce --disable-neon option and use on ARM
Joop Boonen <joop.boonen@opensuse.org>
parents:
366
diff
changeset
|
644 |
|
ead21d122ed0
introduce --disable-neon option and use on ARM
Joop Boonen <joop.boonen@opensuse.org>
parents:
366
diff
changeset
|
645 |
------------------------------------------------------------------- |
366 | 646 |
Fri Dec 23 17:02:01 UTC 2011 - wr@rosenauer.org |
647 |
||
648 |
- update to Firefox 9.0.1 |
|
649 |
* (strongparent) parentNode of element gets lost (bmo#335998) |
|
650 |
||
364
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
651 |
------------------------------------------------------------------- |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
652 |
Sun Dec 18 09:58:52 UTC 2011 - adrian@suse.de |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
653 |
|
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
654 |
- fix arm build, don't package crashreporter there |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
655 |
|
363
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
358
diff
changeset
|
656 |
------------------------------------------------------------------- |
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
358
diff
changeset
|
657 |
Sun Dec 18 09:52:08 UTC 2011 - wr@rosenauer.org |
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
358
diff
changeset
|
658 |
|
364
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
659 |
- update to Firefox 9 (bnc#737533) |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
660 |
* MFSA 2011-53/CVE-2011-3660 |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
661 |
Miscellaneous memory safety hazards (rv:9.0) |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
662 |
* MFSA 2011-54/CVE-2011-3661 (bmo#691299) |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
663 |
Potentially exploitable crash in the YARR regular expression |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
664 |
library |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
665 |
* MFSA 2011-55/CVE-2011-3658 (bmo#708186) |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
666 |
nsSVGValue out-of-bounds access |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
667 |
* MFSA 2011-56/CVE-2011-3663 (bmo#704482) |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
668 |
Key detection without JavaScript via SVG animation |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
669 |
* MFSA 2011-58/VE-2011-3665 (bmo#701259) |
0f5c150b9dcd
merge changes from mozilla:Factory including full changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
363
diff
changeset
|
670 |
Crash scaling <video> to extreme sizes |
363
48596576f932
update to 9.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
358
diff
changeset
|
671 |
|
358
b28670af14d5
Read a11y status from Gnome3
Michael Gorse <mgorse@suse.com>
parents:
355
diff
changeset
|
672 |
------------------------------------------------------------------- |
b28670af14d5
Read a11y status from Gnome3
Michael Gorse <mgorse@suse.com>
parents:
355
diff
changeset
|
673 |
Sun Nov 27 03:51:54 UTC 2011 - mgorse@suse.com |
b28670af14d5
Read a11y status from Gnome3
Michael Gorse <mgorse@suse.com>
parents:
355
diff
changeset
|
674 |
|
b28670af14d5
Read a11y status from Gnome3
Michael Gorse <mgorse@suse.com>
parents:
355
diff
changeset
|
675 |
- Fix accessibility under GNOME 3 (bnc#732898) |
b28670af14d5
Read a11y status from Gnome3
Michael Gorse <mgorse@suse.com>
parents:
355
diff
changeset
|
676 |
|
355 | 677 |
------------------------------------------------------------------- |
678 |
Sat Nov 12 15:16:38 UTC 2011 - dvaleev@suse.com |
|
679 |
||
680 |
- fix ppc64 build |
|
681 |
||
350
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
344
diff
changeset
|
682 |
------------------------------------------------------------------- |
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
344
diff
changeset
|
683 |
Sun Nov 6 08:20:59 UTC 2011 - wr@rosenauer.org |
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
344
diff
changeset
|
684 |
|
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
344
diff
changeset
|
685 |
- update to Firefox 8 (bnc#728520) |
354 | 686 |
* MFSA 2011-47/CVE-2011-3648 (bmo#690225) |
687 |
Potential XSS against sites using Shift-JIS |
|
688 |
* MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 |
|
689 |
Miscellaneous memory safety hazards |
|
690 |
* MFSA 2011-49/CVE-2011-3650 (bmo#674776) |
|
691 |
Memory corruption while profiling using Firebug |
|
692 |
* MFSA 2011-52/CVE-2011-3655 (bmo#672182) |
|
693 |
Code execution via NoWaiverWrapper |
|
350
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
344
diff
changeset
|
694 |
- rebased patches |
9d46eaac2549
update to Firefox 8 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
344
diff
changeset
|
695 |
|
344
880a90eb0f92
enable telemetry opt-in prompt
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
339
diff
changeset
|
696 |
------------------------------------------------------------------- |
880a90eb0f92
enable telemetry opt-in prompt
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
339
diff
changeset
|
697 |
Thu Oct 20 12:34:47 UTC 2011 - wr@rosenauer.org |
880a90eb0f92
enable telemetry opt-in prompt
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
339
diff
changeset
|
698 |
|
880a90eb0f92
enable telemetry opt-in prompt
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
339
diff
changeset
|
699 |
- enable telemetry prompt |
880a90eb0f92
enable telemetry opt-in prompt
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
339
diff
changeset
|
700 |
|
337 | 701 |
------------------------------------------------------------------- |
702 |
Fri Sep 30 10:52:36 UTC 2011 - wr@rosenauer.org |
|
703 |
||
704 |
- update to minor release 7.0.1 |
|
705 |
* fixed staged addon updates |
|
339
db8b891eeb1e
locale should always match the system one in a package environment
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
706 |
- set intl.locale.matchOS=true in the base package as it causes |
db8b891eeb1e
locale should always match the system one in a package environment
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
337
diff
changeset
|
707 |
too much confusion when it's only available with branding-openSUSE |
337 | 708 |
|
334 | 709 |
------------------------------------------------------------------- |
710 |
Fri Sep 23 11:22:22 UTC 2011 - wr@rosenauer.org |
|
711 |
||
712 |
- update to Firefox 7 (bnc#720264) |
|
713 |
including |
|
714 |
* Improve Responsiveness with Memory Reductions |
|
715 |
* Instant Sync |
|
716 |
* WebSocket protocol 8 |
|
337 | 717 |
* MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997 |
718 |
Miscellaneous memory safety hazards |
|
719 |
* MFSA 2011-39/CVE-2011-3000 (bmo#655389) |
|
720 |
Defense against multiple Location headers due to CRLF Injection |
|
721 |
* MFSA 2011-40/CVE-2011-2372/CVE-2011-3001 |
|
722 |
Code installation through holding down Enter |
|
723 |
* MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335) |
|
724 |
Potentially exploitable WebGL crashes |
|
725 |
* MFSA 2011-42/CVE-2011-3232 (bmo#653672) |
|
726 |
Potentially exploitable crash in the YARR regular expression |
|
727 |
library |
|
728 |
* MFSA 2011-43/CVE-2011-3004 (bmo#653926) |
|
729 |
loadSubScript unwraps XPCNativeWrapper scope parameter |
|
730 |
* MFSA 2011-44/CVE-2011-3005 (bmo#675747) |
|
731 |
Use after free reading OGG headers |
|
732 |
* MFSA 2011-45 |
|
733 |
Inferring keystrokes from motion data |
|
334 | 734 |
- removed obsolete mozilla-cairo-lcd.patch |
735 |
- rebased patches |
|
736 |
- removed XLIB_SKIP_ARGB_VISUALS=1 from environment in |
|
737 |
mozilla.sh.in (bnc#680758) |
|
738 |
||
327
34013ee9fafd
fixed loading of kde.js under KDE (bnc#718311)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
316
diff
changeset
|
739 |
------------------------------------------------------------------- |
34013ee9fafd
fixed loading of kde.js under KDE (bnc#718311)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
316
diff
changeset
|
740 |
Fri Sep 16 06:57:38 UTC 2011 - wr@rosenauer.org |
34013ee9fafd
fixed loading of kde.js under KDE (bnc#718311)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
316
diff
changeset
|
741 |
|
34013ee9fafd
fixed loading of kde.js under KDE (bnc#718311)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
316
diff
changeset
|
742 |
- fixed loading of kde.js under KDE (bnc#718311) |
34013ee9fafd
fixed loading of kde.js under KDE (bnc#718311)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
316
diff
changeset
|
743 |
|
312
fab4bf560637
add dbus-1-glib-devel to BuildRequires (not pulled in automatically anymore on 12.1)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
311
diff
changeset
|
744 |
------------------------------------------------------------------- |
316 | 745 |
Wed Sep 14 07:02:04 UTC 2011 - wr@rosenauer.org |
312
fab4bf560637
add dbus-1-glib-devel to BuildRequires (not pulled in automatically anymore on 12.1)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
311
diff
changeset
|
746 |
|
fab4bf560637
add dbus-1-glib-devel to BuildRequires (not pulled in automatically anymore on 12.1)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
311
diff
changeset
|
747 |
- add dbus-1-glib-devel to BuildRequires (not pulled in |
fab4bf560637
add dbus-1-glib-devel to BuildRequires (not pulled in automatically anymore on 12.1)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
311
diff
changeset
|
748 |
automatically anymore on 12.1) |
316 | 749 |
- increase minversions for NSPR and NSS |
750 |
||
751 |
------------------------------------------------------------------- |
|
752 |
Fri Sep 9 20:44:15 UTC 2011 - wr@rosenauer.org |
|
753 |
||
754 |
- recreated source archive to get correct source-stamp.txt |
|
312
fab4bf560637
add dbus-1-glib-devel to BuildRequires (not pulled in automatically anymore on 12.1)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
311
diff
changeset
|
755 |
|
311 | 756 |
------------------------------------------------------------------- |
757 |
Wed Sep 7 14:30:34 UTC 2011 - pcerny@suse.com |
|
758 |
||
759 |
- security update to 6.0.2 (bnc#714931) |
|
760 |
* Complete blocking of certificates issued by DigiNotar |
|
761 |
(bmo#683449) |
|
762 |
||
763 |
------------------------------------------------------------------- |
|
764 |
Fri Sep 2 14:40:07 UTC 2011 - pcerny@suse.com |
|
765 |
||
766 |
- security update to 6.0.1 (bnc#714931) |
|
767 |
* MFSA 2011-34 |
|
768 |
Protection against fraudulent DigiNotar certificates |
|
769 |
(bmo#682927) |
|
770 |
||
306
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
771 |
------------------------------------------------------------------- |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
772 |
Fri Aug 12 21:16:19 UTC 2011 - wr@rosenauer.org |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
773 |
|
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
774 |
- update to 6.0 (bnc#712224) |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
775 |
included security fixes MFSA 2011-29 |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
776 |
* CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985 |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
777 |
Miscellaneous memory safety hazards |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
778 |
* CVE-2011-2993 (bmo#657267) |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
779 |
Unsigned scripts can call script inside signed JAR |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
780 |
* CVE-2011-2988 (bmo#665934) |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
781 |
Heap overflow in ANGLE library |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
782 |
* CVE-2011-0084 (bmo#648094) |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
783 |
Crash in SVGTextElement.getCharNumAtPosition() |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
784 |
* CVE-2011-2990 |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
785 |
Credential leakage using Content Security Policy reports |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
786 |
* CVE-2011-2986 (bmo#655836) |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
787 |
Cross-origin data theft using canvas and Windows D2D |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
788 |
- removed obsolete curl header dependency (mozilla-curl.patch) |
e6df4625c730
update to 7.0b1 (aurora->beta)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
293
diff
changeset
|
789 |
|
289
3c0dff7ca9c4
Update to version 6.0b1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
288
diff
changeset
|
790 |
------------------------------------------------------------------- |
292 | 791 |
Fri Jul 22 13:34:12 UTC 2011 - wr@rosenauer.org |
792 |
||
793 |
- update to 6.0b3 |
|
289
3c0dff7ca9c4
Update to version 6.0b1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
288
diff
changeset
|
794 |
* removed obsolete patches |
3c0dff7ca9c4
Update to version 6.0b1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
288
diff
changeset
|
795 |
- firefox-shellservice.patch |
3c0dff7ca9c4
Update to version 6.0b1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
288
diff
changeset
|
796 |
- mozilla-gio.patch |
3c0dff7ca9c4
Update to version 6.0b1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
288
diff
changeset
|
797 |
- mozilla-ppc-ipc.patch |
3c0dff7ca9c4
Update to version 6.0b1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
288
diff
changeset
|
798 |
- firefox-linkorder.patch |
3c0dff7ca9c4
Update to version 6.0b1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
288
diff
changeset
|
799 |
- firefox-no-sync-l10n.patch |
293
3fd4e37e5e52
fix symbolstore.py for linux3
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
292
diff
changeset
|
800 |
- recognize linux3 as platform for symbolstore.py |
289
3c0dff7ca9c4
Update to version 6.0b1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
288
diff
changeset
|
801 |
|
288
d51f3999a1c2
make Firefox an ftp handler
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
286
diff
changeset
|
802 |
------------------------------------------------------------------- |
d51f3999a1c2
make Firefox an ftp handler
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
286
diff
changeset
|
803 |
Fri Jul 1 19:53:18 CEST 2011 - vuntz@opensuse.org |
d51f3999a1c2
make Firefox an ftp handler
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
286
diff
changeset
|
804 |
|
d51f3999a1c2
make Firefox an ftp handler
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
286
diff
changeset
|
805 |
- Add x-scheme-handler/ftp to the MimeType key in the .desktop, to |
d51f3999a1c2
make Firefox an ftp handler
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
286
diff
changeset
|
806 |
let desktops know that Firefox can deal with ftp: URIs. |
d51f3999a1c2
make Firefox an ftp handler
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
286
diff
changeset
|
807 |
|
286
b1d254616456
reenable branding-upstream package
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
283
diff
changeset
|
808 |
------------------------------------------------------------------- |
b1d254616456
reenable branding-upstream package
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
283
diff
changeset
|
809 |
Fri Jul 1 06:45:08 UTC 2011 - wr@rosenauer.org |
b1d254616456
reenable branding-upstream package
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
283
diff
changeset
|
810 |
|
b1d254616456
reenable branding-upstream package
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
283
diff
changeset
|
811 |
- create upstream branding package again (supposedly empty) |
b1d254616456
reenable branding-upstream package
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
283
diff
changeset
|
812 |
(bnc#703401) |
b1d254616456
reenable branding-upstream package
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
283
diff
changeset
|
813 |
- fix build on SLE11 (changes do not affect/are not applied for |
b1d254616456
reenable branding-upstream package
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
283
diff
changeset
|
814 |
later versions) |
b1d254616456
reenable branding-upstream package
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
283
diff
changeset
|
815 |
|
283 | 816 |
------------------------------------------------------------------- |
817 |
Wed Jun 22 06:41:17 UTC 2011 - wr@rosenauer.org |
|
818 |
||
819 |
- enable startup notification (bnc#701465) |
|
820 |
||
821 |
------------------------------------------------------------------- |
|
822 |
Mon Jun 20 19:37:01 UTC 2011 - wr@rosenauer.org |
|
823 |
||
824 |
- update to 5.0 final |
|
825 |
- included fixes for security issues: (bnc#701296, bnc#700578) |
|
826 |
* MFSA 2011-19/CVE-2011-2374 CVE-2011-2375 |
|
827 |
Miscellaneous memory safety hazards |
|
828 |
* MFSA 2011-20/CVE-2011-2373 (bmo#617247) |
|
829 |
Use-after-free vulnerability when viewing XUL document with |
|
830 |
script disabled |
|
831 |
* MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303) |
|
832 |
Memory corruption due to multipart/x-mixed-replace images |
|
833 |
* MFSA 2011-22/CVE-2011-2371 (bmo#664009) |
|
834 |
Integer overflow and arbitrary code execution in |
|
835 |
Array.reduceRight() |
|
836 |
* MFSA 2011-25/CVE-2011-2366 |
|
837 |
Stealing of cross-domain images using WebGL textures |
|
838 |
* MFSA 2011-26/CVE-2011-2367 CVE-2011-2368 |
|
839 |
Multiple WebGL crashes |
|
840 |
* MFSA 2011-27/CVE-2011-2369 (bmo#650001) |
|
841 |
XSS encoding hazard with inline SVG |
|
842 |
* MFSA 2011-28/CVE-2011-2370 (bmo#645699) |
|
843 |
Non-whitelisted site can trigger xpinstall |
|
844 |
||
279 | 845 |
------------------------------------------------------------------- |
282
78a523efc513
fix build for 12.1 and above by building dump_syms dynamic
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
281
diff
changeset
|
846 |
Mon Jun 20 09:17:42 UTC 2011 - wr@rosenauer.org |
281 | 847 |
|
848 |
- update to 5.0b7 |
|
849 |
* updated supported locales |
|
282
78a523efc513
fix build for 12.1 and above by building dump_syms dynamic
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
281
diff
changeset
|
850 |
- do not build dump_syms static (not needed for us) |
78a523efc513
fix build for 12.1 and above by building dump_syms dynamic
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
281
diff
changeset
|
851 |
-> fix build for openSUSE 12.1 and above |
281 | 852 |
|
853 |
------------------------------------------------------------------- |
|
854 |
Wed Jun 15 14:59:32 UTC 2011 - wr@rosenauer.org |
|
279 | 855 |
|
856 |
- update to 5.0b6 |
|
857 |
- include proper revision information into the build |
|
858 |
- speedier find-external-requires.sh |
|
859 |
||
263
64adf7ca3005
standalone firefox building now; runtime untested
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
252
diff
changeset
|
860 |
------------------------------------------------------------------- |
277 | 861 |
Tue May 31 06:53:55 UTC 2011 - wr@rosenauer.org |
862 |
||
863 |
- update to 5.0b3 |
|
263
64adf7ca3005
standalone firefox building now; runtime untested
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
252
diff
changeset
|
864 |
- transformed to standalone Firefox (not xulrunner based) |
64adf7ca3005
standalone firefox building now; runtime untested
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
252
diff
changeset
|
865 |
(with new Firefox rapid release cycle it makes no sense anymore) |
64adf7ca3005
standalone firefox building now; runtime untested
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
252
diff
changeset
|
866 |
* imported all relevant xulrunner patches |
277 | 867 |
- do not compile in build timestamp |
263
64adf7ca3005
standalone firefox building now; runtime untested
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
252
diff
changeset
|
868 |
|
252 | 869 |
------------------------------------------------------------------- |
281 | 870 |
Fri Apr 15 07:08:53 UTC 2011 - wr@rosenauer.org |
871 |
||
872 |
- security update to 4.0.1 (bnc#689281) |
|
873 |
* MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0079 |
|
874 |
CVE-2011-0080 CVE-2011-0081 |
|
875 |
Miscellaneous memory safety hazards |
|
876 |
* MFSA 2011-17/CVE-2011-0068 (bmo#623791) |
|
877 |
WebGLES vulnerabilities |
|
878 |
* MFSA 2011-18/CVE-2011-1202 (bmo#640339) |
|
879 |
XSLT generate-id() function heap address leak |
|
880 |
||
881 |
------------------------------------------------------------------- |
|
252 | 882 |
Wed Mar 30 11:24:36 UTC 2011 - wr@rosenauer.org |
883 |
||
884 |
- add all available icon sizes |
|
885 |
||
247
71521dfedb0b
license update: MPLv1.1 or GPLv2+ or LGPLv2+
cfarrell@novell.com
parents:
239
diff
changeset
|
886 |
------------------------------------------------------------------- |
71521dfedb0b
license update: MPLv1.1 or GPLv2+ or LGPLv2+
cfarrell@novell.com
parents:
239
diff
changeset
|
887 |
Tue Mar 29 11:55:53 UTC 2011 - cfarrell@novell.com |
71521dfedb0b
license update: MPLv1.1 or GPLv2+ or LGPLv2+
cfarrell@novell.com
parents:
239
diff
changeset
|
888 |
|
71521dfedb0b
license update: MPLv1.1 or GPLv2+ or LGPLv2+
cfarrell@novell.com
parents:
239
diff
changeset
|
889 |
- license update: MPLv1.1 or GPLv2+ or LGPLv2+ |
71521dfedb0b
license update: MPLv1.1 or GPLv2+ or LGPLv2+
cfarrell@novell.com
parents:
239
diff
changeset
|
890 |
Sync licenses with Fedora. MPL does not state ^or later^ |
71521dfedb0b
license update: MPLv1.1 or GPLv2+ or LGPLv2+
cfarrell@novell.com
parents:
239
diff
changeset
|
891 |
|
236
a4f5954df3a3
update for 2.0/4.0rc1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
230
diff
changeset
|
892 |
------------------------------------------------------------------- |
239 | 893 |
Fri Mar 18 08:49:15 UTC 2011 - wr@rosenauer.org |
894 |
||
895 |
- update to version 4.0rc2 |
|
238
d537c4a65693
fixed rpm macros (bnc#679950)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
236
diff
changeset
|
896 |
- fixed rpm macros delivered with devel package (bnc#679950) |
236
a4f5954df3a3
update for 2.0/4.0rc1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
230
diff
changeset
|
897 |
|
230
e4846f1b81c5
real update to 4.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
229
diff
changeset
|
898 |
------------------------------------------------------------------- |
e4846f1b81c5
real update to 4.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
229
diff
changeset
|
899 |
Wed Feb 23 07:52:04 UTC 2011 - wr@rosenauer.org |
e4846f1b81c5
real update to 4.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
229
diff
changeset
|
900 |
|
e4846f1b81c5
real update to 4.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
229
diff
changeset
|
901 |
- update to version 4.0b12 |
e4846f1b81c5
real update to 4.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
229
diff
changeset
|
902 |
- rebased patches |
e4846f1b81c5
real update to 4.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
229
diff
changeset
|
903 |
|
223 | 904 |
------------------------------------------------------------------- |
229
298263f797be
update to 2.0b12/4.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
226
diff
changeset
|
905 |
Fri Feb 4 09:32:50 UTC 2011 - wr@rosenauer.org |
226
6bf3bb4c115e
update for 2.0b11/4.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
225
diff
changeset
|
906 |
|
6bf3bb4c115e
update for 2.0b11/4.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
225
diff
changeset
|
907 |
- update to version 4.0b11 |
229
298263f797be
update to 2.0b12/4.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
226
diff
changeset
|
908 |
* loads of bugfixes compared to last beta |
298263f797be
update to 2.0b12/4.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
226
diff
changeset
|
909 |
* added "Do Not Track" option |
298263f797be
update to 2.0b12/4.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
226
diff
changeset
|
910 |
- rebased patches |
298263f797be
update to 2.0b12/4.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
226
diff
changeset
|
911 |
- disable testpilot |
226
6bf3bb4c115e
update for 2.0b11/4.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
225
diff
changeset
|
912 |
|
6bf3bb4c115e
update for 2.0b11/4.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
225
diff
changeset
|
913 |
------------------------------------------------------------------- |
6bf3bb4c115e
update for 2.0b11/4.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
225
diff
changeset
|
914 |
Fri Jan 28 08:56:12 UTC 2011 - wr@rosenauer.org |
223 | 915 |
|
916 |
- set correct desktop file name within KDE for 11.4 and up |
|
225
5a7504b93699
Provide devel package with helper script and rpm macros for easier addon packaging. (patch submitted from Ludwig Nussel)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
223
diff
changeset
|
917 |
- add devel package with macros for extensions (from lnussel@suse.de) |
223 | 918 |
|
221
488440b896fe
fixed testpilot packaging
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
217
diff
changeset
|
919 |
------------------------------------------------------------------- |
488440b896fe
fixed testpilot packaging
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
217
diff
changeset
|
920 |
Sat Jan 22 22:21:52 UTC 2011 - wr@rosenauer.org |
488440b896fe
fixed testpilot packaging
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
217
diff
changeset
|
921 |
|
488440b896fe
fixed testpilot packaging
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
217
diff
changeset
|
922 |
- update to version 4.0b10 |
488440b896fe
fixed testpilot packaging
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
217
diff
changeset
|
923 |
- removed obsolete firefox-shell-bmo624267.patch |
488440b896fe
fixed testpilot packaging
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
217
diff
changeset
|
924 |
- testpilot moved to distribution/extensions |
488440b896fe
fixed testpilot packaging
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
217
diff
changeset
|
925 |
- updated locale provides and removed bn-IN from locales |
488440b896fe
fixed testpilot packaging
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
217
diff
changeset
|
926 |
|
210
f4f4388b26a8
update to 2.0b9/4.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
207
diff
changeset
|
927 |
------------------------------------------------------------------- |
f4f4388b26a8
update to 2.0b9/4.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
207
diff
changeset
|
928 |
Tue Jan 11 06:13:40 UTC 2011 - wr@rosenauer.org |
f4f4388b26a8
update to 2.0b9/4.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
207
diff
changeset
|
929 |
|
f4f4388b26a8
update to 2.0b9/4.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
207
diff
changeset
|
930 |
- update to version 4.0b9 |
f4f4388b26a8
update to 2.0b9/4.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
207
diff
changeset
|
931 |
- added x-scheme-handler for http and https to desktop file for |
f4f4388b26a8
update to 2.0b9/4.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
207
diff
changeset
|
932 |
newer Gnome environments |
f4f4388b26a8
update to 2.0b9/4.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
207
diff
changeset
|
933 |
- fixed default browser check/set for GIO (bmo#611953) |
f4f4388b26a8
update to 2.0b9/4.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
207
diff
changeset
|
934 |
(mozilla-shellservice.patch) |
f4f4388b26a8
update to 2.0b9/4.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
207
diff
changeset
|
935 |
- removed obsolete firefox-appname.patch (integrated into |
f4f4388b26a8
update to 2.0b9/4.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
207
diff
changeset
|
936 |
shellservice patch) |
217 | 937 |
- renamed desktop file to firefox.desktop for 11.4 and newer |
938 |
(bnc#664211) |
|
939 |
- removed support for 10.3 and older from the spec file |
|
940 |
- removed obsolete "Ximian" categories from desktop file |
|
210
f4f4388b26a8
update to 2.0b9/4.0b9
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
207
diff
changeset
|
941 |
|
207
2c6c3d0a8b61
Disable IPC for PowerPC (patch by Marcus Meissner)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
206
diff
changeset
|
942 |
------------------------------------------------------------------- |
2c6c3d0a8b61
Disable IPC for PowerPC (patch by Marcus Meissner)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
206
diff
changeset
|
943 |
Mon Jan 3 17:35:46 CET 2011 - meissner@suse.de |
2c6c3d0a8b61
Disable IPC for PowerPC (patch by Marcus Meissner)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
206
diff
changeset
|
944 |
|
2c6c3d0a8b61
Disable IPC for PowerPC (patch by Marcus Meissner)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
206
diff
changeset
|
945 |
- Mirror ac_add_options --disable-ipc from xulrunner for PowerPC. |
2c6c3d0a8b61
Disable IPC for PowerPC (patch by Marcus Meissner)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
206
diff
changeset
|
946 |
|
203
3820fe99f0fe
Update to latest snapshot (20101207)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
195
diff
changeset
|
947 |
------------------------------------------------------------------- |
206
80e6366ea8ce
update for 2.0b8/4.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
203
diff
changeset
|
948 |
Wed Dec 15 07:49:45 UTC 2010 - wr@rosenauer.org |
80e6366ea8ce
update for 2.0b8/4.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
203
diff
changeset
|
949 |
|
80e6366ea8ce
update for 2.0b8/4.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
203
diff
changeset
|
950 |
- update to version 4.0beta8 |
203
3820fe99f0fe
Update to latest snapshot (20101207)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
195
diff
changeset
|
951 |
|
3820fe99f0fe
Update to latest snapshot (20101207)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
195
diff
changeset
|
952 |
------------------------------------------------------------------- |
3820fe99f0fe
Update to latest snapshot (20101207)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
195
diff
changeset
|
953 |
Tue Nov 30 14:19:59 UTC 2010 - wr@rosenauer.org |
3820fe99f0fe
Update to latest snapshot (20101207)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
195
diff
changeset
|
954 |
|
3820fe99f0fe
Update to latest snapshot (20101207)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
195
diff
changeset
|
955 |
- major update to version 4.0beta7 |
3820fe99f0fe
Update to latest snapshot (20101207)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
195
diff
changeset
|
956 |
* based on mozilla-xulrunner20 |
3820fe99f0fe
Update to latest snapshot (20101207)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
195
diff
changeset
|
957 |
* far too many internal changes to list |
3820fe99f0fe
Update to latest snapshot (20101207)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
195
diff
changeset
|
958 |
|
195
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
959 |
------------------------------------------------------------------- |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
960 |
Wed Oct 27 07:12:14 CEST 2010 - wr@rosenauer.org |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
961 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
962 |
- security update to 3.6.12 (bnc#649492) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
963 |
* MFSA 2010-73/CVE-2010-3765 (bmo#607222) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
964 |
Heap buffer overflow mixing document.write and DOM insertion |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
965 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
966 |
------------------------------------------------------------------- |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
967 |
Wed Oct 6 07:13:52 CEST 2010 - wr@rosenauer.org |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
968 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
969 |
- security update to 3.6.11 (bnc#645315) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
970 |
* MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176 |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
971 |
Miscellaneous memory safety hazards |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
972 |
* MFSA 2010-65/CVE-2010-3179 (bmo#583077) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
973 |
Buffer overflow and memory corruption using document.write |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
974 |
* MFSA 2010-66/CVE-2010-3180 (bmo#588929) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
975 |
Use-after-free error in nsBarProp |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
976 |
* MFSA 2010-67/CVE-2010-3183 (bmo#598669) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
977 |
Dangling pointer vulnerability in LookupGetterOrSetter |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
978 |
* MFSA 2010-68/CVE-2010-3177 (bmo#556734) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
979 |
XSS in gopher parser when parsing hrefs |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
980 |
* MFSA 2010-69/CVE-2010-3178 (bmo#576616) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
981 |
Cross-site information disclosure via modal calls |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
982 |
* MFSA 2010-70/CVE-2010-3170 (bmo#578697) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
983 |
SSL wildcard certificate matching IP addresses |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
984 |
* MFSA 2010-71/CVE-2010-3182 (bmo#590753) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
985 |
Unsafe library loading vulnerabilities |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
986 |
* MFSA 2010-72/CVE-2010-3173 |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
987 |
Insecure Diffie-Hellman key exchange |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
988 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
989 |
------------------------------------------------------------------- |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
990 |
Wed Sep 15 07:39:22 CEST 2010 - wr@rosenauer.org |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
991 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
992 |
- update to 3.6.10 |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
993 |
* fixing startup topcrash (bmo#594699) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
994 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
995 |
------------------------------------------------------------------- |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
996 |
Thu Aug 26 07:40:28 CEST 2010 - wr@rosenauer.org |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
997 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
998 |
- security update to 3.6.9 (bnc#637303) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
999 |
* MFSA 2010-49/CVE-2010-3169 |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1000 |
Miscellaneous memory safety hazards |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1001 |
* MFSA 2010-50/CVE-2010-2765 (bmo#576447) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1002 |
Frameset integer overflow vulnerability |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1003 |
* MFSA 2010-51/CVE-2010-2767 (bmo#584512) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1004 |
Dangling pointer vulnerability using DOM plugin array |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1005 |
* MFSA 2010-53/CVE-2010-3166 (bmo#579655) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1006 |
Heap buffer overflow in nsTextFrameUtils::TransformText |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1007 |
* MFSA 2010-54/CVE-2010-2760 (bmo#585815) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1008 |
Dangling pointer vulnerability in nsTreeSelection |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1009 |
* MFSA 2010-55/CVE-2010-3168 (bmo#576075) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1010 |
XUL tree removal crash and remote code execution |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1011 |
* MFSA 2010-56/CVE-2010-3167 (bmo#576070) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1012 |
Dangling pointer vulnerability in nsTreeContentView |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1013 |
* MFSA 2010-57/CVE-2010-2766 (bmo#580445) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1014 |
Crash and remote code execution in normalizeDocument |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1015 |
* MFSA 2010-59/CVE-2010-2762 (bmo#584180) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1016 |
SJOW creates scope chains ending in outer object |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1017 |
* MFSA 2010-61/CVE-2010-2768 (bmo#579744) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1018 |
UTF-7 XSS by overriding document charset using <object> type |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1019 |
attribute |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1020 |
* MFSA 2010-62/CVE-2010-2769 (bmo#520189) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1021 |
Copy-and-paste or drag-and-drop into designMode document allows |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1022 |
XSS |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1023 |
* MFSA 2010-63/CVE-2010-2764 (bmo#552090) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1024 |
Information leak via XMLHttpRequest statusText |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1025 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1026 |
------------------------------------------------------------------- |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1027 |
Wed Jul 28 08:33:14 CEST 2010 - meissner@suse.de |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1028 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1029 |
- disable crash reporter for non x86/x86_64 to make it build. |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1030 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1031 |
------------------------------------------------------------------- |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1032 |
Sat Jul 24 12:42:58 CEST 2010 - wr@rosenauer.org |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1033 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1034 |
- security update to 3.6.8 (bnc#622506) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1035 |
* MFSA 2010-48/CVE-2010-2755 (bmo#575836) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1036 |
Dangling pointer crash regression from plugin parameter array |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1037 |
fix |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1038 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1039 |
------------------------------------------------------------------- |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1040 |
Fri Jul 16 06:48:44 CEST 2010 - wr@rosenauer.org |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1041 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1042 |
- security update to 3.6.7 (bnc#622506) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1043 |
* MFSA 2010-34/CVE-2010-1211/CVE-2010-1212 |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1044 |
Miscellaneous memory safety hazards |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1045 |
* MFSA 2010-35/CVE-2010-1208 (bmo#572986) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1046 |
DOM attribute cloning remote code execution vulnerability |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1047 |
* MFSA 2010-36/CVE-2010-1209 (bmo#552110) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1048 |
Use-after-free error in NodeIterator |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1049 |
* MFSA 2010-37/CVE-2010-1214 (bmo#572985) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1050 |
Plugin parameter EnsureCachedAttrParamArrays remote code |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1051 |
execution vulnerability |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1052 |
* MFSA 2010-38/CVE-2010-1215 (bmo#567069) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1053 |
Arbitrary code execution using SJOW and fast native function |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1054 |
* MFSA 2010-39/CVE-2010-2752 (bmo#574059) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1055 |
nsCSSValue::Array index integer overflow |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1056 |
* MFSA 2010-40/CVE-2010-2753 (bmo#571106) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1057 |
nsTreeSelection dangling pointer remote code execution |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1058 |
vulnerability |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1059 |
* MFSA 2010-41/CVE-2010-1205 (bmo#570451) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1060 |
Remote code execution using malformed PNG image |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1061 |
* MFSA 2010-42/CVE-2010-1213 (bmo#568148) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1062 |
Cross-origin data disclosure via Web Workers and importScripts |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1063 |
* MFSA 2010-43/CVE-2010-1207 (bmo#571287) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1064 |
Same-origin bypass using canvas context |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1065 |
* MFSA 2010-44/CVE-2010-1210 (bmo#564679) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1066 |
Characters mapped to U+FFFD in 8 bit encodings cause subsequent |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1067 |
character to vanish |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1068 |
* MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1069 |
Multiple location bar spoofing vulnerabilities |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1070 |
* MFSA 2010-46/CVE-2010-0654 (bmo#524223) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1071 |
Cross-domain data theft using CSS |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1072 |
* MFSA 2010-47/CVE-2010-2754 (bmo#568564) |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1073 |
Cross-origin data leakage from script filename in error messages |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1074 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1075 |
------------------------------------------------------------------- |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1076 |
Sun Jun 27 20:24:31 CEST 2010 - wr@rosenauer.org |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1077 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1078 |
- update to 3.6.6 release |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1079 |
* modifies the crash protection feature to increase the amount |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1080 |
of time that plugins are allowed to be non-responsive before |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1081 |
being terminated. |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1082 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1083 |
------------------------------------------------------------------- |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1084 |
Wed Jun 23 14:40:35 CEST 2010 - wr@rosenauer.org |
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|
1085 |
|
50b5cb1f2b86
sync with latest 3.6.x changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
67
diff
changeset
|