author | Wolfgang Rosenauer <wr@rosenauer.org> |
Sat, 12 Mar 2016 08:51:29 +0100 | |
branch | firefox45 |
changeset 904 | 6a889427cd4f |
parent 903 | 83801946c93f |
child 906 | 7e9a2b678bba |
permissions | -rw-r--r-- |
893
86f72f1e98a4
prepare Gtk3 based builds on a feature branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
892
diff
changeset
|
1 |
------------------------------------------------------------------- |
904 | 2 |
Sun Mar 6 19:52:13 UTC 2016 - wr@rosenauer.org |
3 |
||
4 |
- update to Firefox 45.0 |
|
5 |
* requires NSPR 4.12 / NSS 3.21.1 |
|
6 |
* Instant browser tab sharing through Hello |
|
7 |
* Synced Tabs button in button bar |
|
8 |
* Tabs synced via Firefox Accounts from other devices are now shown |
|
9 |
in dropdown area of Awesome Bar when searching |
|
10 |
* Introduce a new preference (network.dns.blockDotOnion) to allow |
|
11 |
blocking .onion at the DNS level |
|
12 |
* Tab Groups (Panorama) feature removed |
|
13 |
||
14 |
------------------------------------------------------------------- |
|
15 |
Sat Mar 5 15:27:00 UTC 2016 - olaf@aepfle.de |
|
16 |
||
17 |
- Remove B_CNT from symbols.zip filename to reduce build-compare noise |
|
18 |
||
19 |
------------------------------------------------------------------- |
|
903 | 20 |
Fri Feb 26 16:22:52 UTC 2016 - astieger@suse.com |
21 |
||
22 |
- fix build problems on i586, caused by too large unified compile |
|
23 |
units - adding mozilla-reduce-files-per-UnifiedBindings.patch |
|
24 |
||
25 |
------------------------------------------------------------------- |
|
26 |
Thu Feb 11 07:51:34 UTC 2016 - wr@rosenauer.org |
|
27 |
||
28 |
- update to Firefox 44.0.2 |
|
29 |
* MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) |
|
30 |
Same-origin-policy violation using Service Workers with plugins |
|
31 |
* Fix issue which could lead to the removal of stored passwords |
|
32 |
under certain circumstances (bmo#1242176) |
|
33 |
* Allows spaces in cookie names (bmo#1244505) |
|
34 |
* Disable opus/vorbis audio with H.264 (bmo#1245696) |
|
35 |
* Fix for graphics startup crash (GNU/Linux) (bmo#1222171) |
|
36 |
* Fix a crash in cache networking (bmo#1244076) |
|
37 |
* Fix using WebSockets in service worker controlled pages (bmo#1243942) |
|
38 |
||
39 |
------------------------------------------------------------------- |
|
900 | 40 |
Sun Jan 24 09:33:15 UTC 2016 - wr@rosenauer.org |
41 |
||
902 | 42 |
- update to Firefox 44.0 |
43 |
* MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633 |
|
44 |
Miscellaneous memory safety hazards |
|
45 |
* MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634 |
|
46 |
Out of Memory crash when parsing GIF format images |
|
47 |
* MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635 |
|
48 |
Buffer overflow in WebGL after out of memory allocation |
|
49 |
* MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637 |
|
50 |
Firefox allows for control characters to be set in cookie names |
|
51 |
* MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641 |
|
52 |
Missing delay following user click events in protocol handler dialog |
|
53 |
* MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731 |
|
54 |
Errors in mp_div and mp_exptmod cryptographic functions in NSS |
|
55 |
(fixed by requiring NSS 3.21) |
|
56 |
* MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590) |
|
57 |
Addressbar spoofing attacks boo#963643 |
|
58 |
* MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946 |
|
59 |
(bmo#1186621, bmo#1214782, bmo#1232096) boo#963644 |
|
60 |
Unsafe memory manipulation found through code inspection |
|
61 |
* MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645 |
|
62 |
Application Reputation service disabled in Firefox 43 |
|
899 | 63 |
* requires NSPR 4.11 |
64 |
* requires NSS 3.21 |
|
896
2b664b26b6b2
change was after submission
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
895
diff
changeset
|
65 |
- prepare mozilla-kde.patch for Gtk3 builds |
899 | 66 |
- rebased patches |
896
2b664b26b6b2
change was after submission
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
895
diff
changeset
|
67 |
|
2b664b26b6b2
change was after submission
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
895
diff
changeset
|
68 |
------------------------------------------------------------------- |
897 | 69 |
Mon Jan 11 08:04:24 UTC 2016 - astieger@suse.com |
70 |
||
71 |
- Mozilla Firefox 43.0.4: |
|
72 |
* Re-enable SHA-1 certificates to prevent outdated |
|
73 |
man-in-the-middle security devices from interfering with |
|
74 |
properly secured SSL/TLS connections (bmo#1236975) |
|
75 |
* Fix for startup crash for users of a third party antivirus tool |
|
76 |
(bmo#1235537) |
|
77 |
- The following change was previously in the package as a patch: |
|
78 |
* Multi-user GNU/Linux download folders can be created |
|
79 |
(bmo#1233434), removed mozilla-bmo1233434.patch |
|
80 |
||
81 |
------------------------------------------------------------------- |
|
895
b0e57b478b1b
merge change from mozilla:Factory (libXcomposite-devel requirement)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
894
diff
changeset
|
82 |
Tue Dec 29 20:29:35 UTC 2015 - wr@rosenauer.org |
892 | 83 |
|
84 |
- update to Firefox 43.0.3 |
|
85 |
* requires NSS 3.20.2 to fix |
|
86 |
MFSA 2015-150/CVE-2015-7575 (bmo#1158489) |
|
87 |
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in |
|
88 |
server signature |
|
89 |
* various changes to support Windows update (SHA-1 vs. SHA-2) |
|
90 |
* workaround Youtube user agent detection issue (bmo#1233970) |
|
91 |
- fix file download regression for multi user systems |
|
92 |
(bmo#1233434) (mozilla-bmo1233434.patch) |
|
895
b0e57b478b1b
merge change from mozilla:Factory (libXcomposite-devel requirement)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
894
diff
changeset
|
93 |
- explicitely requires libXcomposite-devel |
892 | 94 |
|
95 |
------------------------------------------------------------------- |
|
890 | 96 |
Sun Dec 13 23:07:56 UTC 2015 - wr@rosenauer.org |
97 |
||
98 |
- update to Firefox 43.0 (bnc#959277) |
|
889 | 99 |
* Improved API support for m4v video playback |
100 |
* Users can opt-in to receive search suggestions from the Awesome Bar |
|
101 |
* WebRTC streaming on multiple monitors |
|
102 |
* User selectable second block list for Private Browsing's Tracking |
|
103 |
Protection |
|
890 | 104 |
security fixes: |
105 |
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 |
|
106 |
Miscellaneous memory safety hazards |
|
107 |
* MFSA 2015-135/CVE-2015-7204 (bmo#1216130) |
|
108 |
Crash with JavaScript variable assignment with unboxed objects |
|
109 |
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256) |
|
110 |
Same-origin policy violation using perfomance.getEntries and |
|
111 |
history navigation |
|
112 |
* MFSA 2015-137/CVE-2015-7208 (bmo#1191423) |
|
113 |
Firefox allows for control characters to be set in cookies |
|
114 |
* MFSA 2015-138/CVE-2015-7210 (bmo#1218326) |
|
115 |
Use-after-free in WebRTC when datachannel is used after being |
|
116 |
destroyed |
|
117 |
* MFSA 2015-139/CVE-2015-7212 (bmo#1222809) |
|
118 |
Integer overflow allocating extremely large textures |
|
119 |
* MFSA 2015-140/CVE-2015-7215 (bmo#1160890) |
|
120 |
Cross-origin information leak through web workers error events |
|
121 |
* MFSA 2015-141/CVE-2015-7211 (bmo#1221444) |
|
122 |
Hash in data URI is incorrectly parsed |
|
123 |
* MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) |
|
124 |
DOS due to malformed frames in HTTP/2 |
|
125 |
* MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) |
|
126 |
Linux file chooser crashes on malformed images due to flaws in |
|
127 |
Jasper library |
|
128 |
* MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 |
|
129 |
(bmo#1201183, bmo#1178033, bmo#1199400) |
|
130 |
Buffer overflows found through code inspection |
|
131 |
* MFSA 2015-145/CVE-2015-7205 (bmo#1220493) |
|
132 |
Underflow through code inspection |
|
133 |
* MFSA 2015-146/CVE-2015-7213 (bmo#1206211) |
|
134 |
Integer overflow in MP4 playback in 64-bit versions |
|
135 |
* MFSA 2015-147/CVE-2015-7222 (bmo#1216748) |
|
136 |
Integer underflow and buffer overflow processing MP4 metadata in |
|
137 |
libstagefright |
|
138 |
* MFSA 2015-148/CVE-2015-7223 (bmo#1226423) |
|
139 |
Privilege escalation vulnerabilities in WebExtension APIs |
|
140 |
* MFSA 2015-149/CVE-2015-7214 (bmo#1228950) |
|
141 |
Cross-site reading attack through data and view-source URIs |
|
889 | 142 |
- rebased patches |
143 |
||
144 |
------------------------------------------------------------------- |
|
886
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
145 |
Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
146 |
|
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
147 |
- Add desktop menu action for private browsing window to desktop |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
148 |
file (boo#954747) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
149 |
- remove obsolete patch mozilla-bmo1005535.patch completely from |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
150 |
source package to avoid automatic check failures |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
151 |
|
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
152 |
------------------------------------------------------------------- |
885 | 153 |
Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org |
154 |
||
155 |
- update to Firefox 42.0 (bnc#952810) |
|
156 |
* Private Browsing with Tracking Protection blocks certain Web |
|
157 |
elements that could be used to record your behavior across sites |
|
158 |
* Control Center that contains site security and privacy controls |
|
159 |
* Login Manager improvements |
|
160 |
* WebRTC improvements |
|
161 |
* Indicator added to tabs that play audio with one-click muting |
|
162 |
* Media Source Extension for HTML5 video available for all sites |
|
886
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
163 |
security fixes: |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
164 |
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
165 |
Miscellaneous memory safety hazards |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
166 |
* MFSA 2015-117/CVE-2015-4515 (bmo#1046421) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
167 |
Information disclosure through NTLM authentication |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
168 |
* MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
169 |
CSP bypass due to permissive Reader mode whitelist |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
170 |
* MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
171 |
Firefox for Android addressbar can be removed after fullscreen mode |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
172 |
* MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
173 |
Reading sensitive profile files through local HTML file on Android |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
174 |
* MFSA 2015-121/CVE-2015-7187 (bmo#1195735) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
175 |
disabling scripts in Add-on SDK panels has no effect |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
176 |
* MFSA 2015-122/CVE-2015-7188 (bmo#1199430) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
177 |
Trailing whitespace in IP address hostnames can bypass same-origin policy |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
178 |
* MFSA 2015-123/CVE-2015-7189 (bmo#1205900) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
179 |
Buffer overflow during image interactions in canvas |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
180 |
* MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
181 |
Android intents can be used on Firefox for Android to open privileged files |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
182 |
* MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
183 |
XSS attack through intents on Firefox for Android |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
184 |
* MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
185 |
Crash when accessing HTML tables with accessibility tools on OS X |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
186 |
* MFSA 2015-127/CVE-2015-7193 (bmo#1210302) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
187 |
CORS preflight is bypassed when non-standard Content-Type headers |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
188 |
are received |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
189 |
* MFSA 2015-128/CVE-2015-7194 (bmo#1211262) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
190 |
Memory corruption in libjar through zip files |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
191 |
* MFSA 2015-129/CVE-2015-7195 (bmo#1211871) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
192 |
Certain escaped characters in host of Location-header are being |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
193 |
treated as non-escaped |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
194 |
* MFSA 2015-130/CVE-2015-7196 (bmo#1140616) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
195 |
JavaScript garbage collection crash with Java applet |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
196 |
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
197 |
(bmo#1188010, bmo#1204061, bmo#1204155) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
198 |
Vulnerabilities found through code inspection |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
199 |
* MFSA 2015-132/CVE-2015-7197 (bmo#1204269) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
200 |
Mixed content WebSocket policy bypass through workers |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
201 |
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
202 |
(bmo#1202868, bmo#1205157) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
203 |
NSS and NSPR memory corruption issues |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
204 |
(fixed in mozilla-nspr and mozilla-nss packages) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
205 |
- requires NSPR >= 4.10.10 and NSS >= 3.19.4 |
885 | 206 |
- removed obsolete patches |
207 |
* mozilla-arm-disable-edsp.patch |
|
208 |
* mozilla-icu-strncat.patch |
|
209 |
* mozilla-skia-be-le.patch |
|
210 |
* toolkit-download-folder.patch |
|
211 |
- fixed build with enable-libproxy (bmo#1220399) |
|
212 |
* mozilla-libproxy.patch |
|
213 |
||
214 |
------------------------------------------------------------------- |
|
884 | 215 |
Thu Oct 15 08:25:54 UTC 2015 - wr@rosenauer.org |
216 |
||
217 |
- update to Firefox 41.0.2 (bnc#950686) |
|
218 |
* MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669) |
|
219 |
Cross-origin restriction bypass using Fetch |
|
220 |
- added explicit appdata provides (bnc#949983) |
|
221 |
||
222 |
------------------------------------------------------------------- |
|
223 |
Sun Oct 4 09:20:56 UTC 2015 - wr@rosenauer.org |
|
224 |
||
225 |
- do not build with --enable-stdcxx-compat |
|
226 |
(this starts to fail build on various toolchain combinations |
|
227 |
and is not required for openSUSE builds in general |
|
228 |
||
229 |
------------------------------------------------------------------- |
|
230 |
Thu Oct 1 09:49:57 UTC 2015 - wr@rosenauer.org |
|
231 |
||
232 |
- update to Firefox 41.0.1 |
|
233 |
* Fix a startup crash related to Yandex toolbar and Adblock Plus |
|
234 |
(bmo#1209124) |
|
235 |
* Fix potential hangs with Flash plugins (bmo#1185639) |
|
236 |
* Fix a regression in the bookmark creation (bmo#1206376) |
|
237 |
* Fix a startup crash with some Intel Media Accelerator 3150 |
|
238 |
graphic cards (bmo#1207665) |
|
239 |
* Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601) |
|
240 |
||
241 |
------------------------------------------------------------------- |
|
883
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
242 |
Sat Sep 19 20:23:29 UTC 2015 - wr@rosenauer.org |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
243 |
|
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
244 |
- update to Firefox 41.0 (bnc#947003) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
245 |
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
246 |
Miscellaneous memory safety hazards |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
247 |
* MFSA 2015-97/CVE-2015-4503 (bmo#994337) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
248 |
Memory leak in mozTCPSocket to servers |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
249 |
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
250 |
Out of bounds read in QCMS library with ICC V4 profile attributes |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
251 |
* MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
252 |
Site attribute spoofing on Android by pasting URL with unknown scheme |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
253 |
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
254 |
Arbitrary file manipulation by local user through Mozilla updater |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
255 |
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
256 |
Buffer overflow in libvpx while parsing vp9 format video |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
257 |
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
258 |
Crash when using debugger with SavedStacks in JavaScript |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
259 |
* MFSA 2015-103/CVE-2015-4508 (bmo#1195976) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
260 |
URL spoofing in reader mode |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
261 |
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
262 |
Use-after-free with shared workers and IndexedDB |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
263 |
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
264 |
Buffer overflow while decoding WebM video |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
265 |
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
266 |
Use-after-free while manipulating HTML media content |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
267 |
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
268 |
Out-of-bounds read during 2D canvas display on Linux 16-bit |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
269 |
color depth systems |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
270 |
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
271 |
Scripted proxies can access inner window |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
272 |
* MFSA 2015-109/CVE-2015-4516 (bmo#904886) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
273 |
JavaScript immutable property enforcement can be bypassed |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
274 |
* MFSA 2015-110/CVE-2015-4519 (bmo#1189814) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
275 |
Dragging and dropping images exposes final URL after redirects |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
276 |
* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
277 |
Errors in the handling of CORS preflight request headers |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
278 |
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
279 |
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
280 |
CVE-2015-7180 |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
281 |
Vulnerabilities found through code inspection |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
282 |
* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
283 |
bmo#1190526) (Windows only) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
284 |
Memory safety errors in libGLES in the ANGLE graphics library |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
285 |
* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
286 |
Information disclosure via the High Resolution Time API |
882 | 287 |
- rebased patches |
288 |
- removed obsolete patches |
|
289 |
* mozilla-arm64-libjpeg-turbo.patch |
|
290 |
||
883
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
291 |
------------------------------------------------------------------ |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
292 |
Thu Aug 27 06:03:51 UTC 2015 - wr@rosenauer.org |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
293 |
|
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
294 |
- update to Firefox 40.0.3 (bnc#943550) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
295 |
* Disable the asynchronous plugin initialization (bmo#1198590) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
296 |
* Fix a segmentation fault in the GStreamer support (bmo#1145230) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
297 |
* Fix a regression with some Japanese fonts used in the <input> |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
298 |
field (bmo#1194055) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
299 |
* On some sites, the selection in a select combox box using the |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
300 |
mouse could be broken (bmo#1194733) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
301 |
security fixes |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
302 |
* MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
303 |
Use-after-free when resizing canvas element during restyling |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
304 |
* MFSA 2015-95/CVE-2015-4498 (bmo#1042699) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
305 |
Add-on notification bypass through data URLs |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
306 |
|
882 | 307 |
------------------------------------------------------------------- |
875 | 308 |
Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org |
309 |
||
310 |
- update to Firefox 40.0 (bnc#940806) |
|
311 |
* Added protection against unwanted software downloads |
|
312 |
* Suggested Tiles show sites of interest, based on categories |
|
313 |
from your recent browsing history |
|
314 |
* Hello allows adding a link to conversations to provide context |
|
315 |
on what the conversation will be about |
|
316 |
* New style for add-on manager based on the in-content |
|
317 |
preferences style |
|
318 |
* Improved scrolling, graphics, and video playback performance |
|
319 |
with off main thread compositing (GNU/Linux only) |
|
320 |
* Graphic blocklist mechanism improved: Firefox version ranges |
|
321 |
can be specified, limiting the number of devices blocked |
|
322 |
security fixes: |
|
323 |
* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 |
|
324 |
Miscellaneous memory safety hazards |
|
325 |
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396) |
|
326 |
Out-of-bounds read with malformed MP3 file |
|
327 |
* MFSA 2015-81/CVE-2015-4477 (bmo#1179484) |
|
328 |
Use-after-free in MediaStream playback |
|
329 |
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914) |
|
330 |
Redefinition of non-configurable JavaScript object properties |
|
331 |
* MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 |
|
332 |
Overflow issues in libstagefright |
|
333 |
* MFSA 2015-84/CVE-2015-4481 (bmo1171518) |
|
334 |
Arbitrary file overwriting through Mozilla Maintenance Service |
|
335 |
with hard links (only affected Windows) |
|
336 |
* MFSA 2015-85/CVE-2015-4482 (bmo#1184500) |
|
337 |
Out-of-bounds write with Updater and malicious MAR file |
|
338 |
(does not affect openSUSE RPM packages which do not ship the |
|
339 |
updater) |
|
340 |
* MFSA 2015-86/CVE-2015-4483 (bmo#1148732) |
|
341 |
Feed protocol with POST bypasses mixed content protections |
|
342 |
* MFSA 2015-87/CVE-2015-4484 (bmo#1171540) |
|
343 |
Crash when using shared memory in JavaScript |
|
344 |
* MFSA 2015-88/CVE-2015-4491 (bmo#1184009) |
|
345 |
Heap overflow in gdk-pixbuf when scaling bitmap images |
|
346 |
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) |
|
347 |
Buffer overflows on Libvpx when decoding WebM video |
|
348 |
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 |
|
349 |
Vulnerabilities found through code inspection |
|
350 |
* MFSA 2015-91/CVE-2015-4490 (bmo#1086999) |
|
351 |
Mozilla Content Security Policy allows for asterisk wildcards |
|
352 |
in violation of CSP specification |
|
353 |
* MFSA 2015-92/CVE-2015-4492 (bmo#1185820) |
|
354 |
Use-after-free in XMLHttpRequest with shared workers |
|
869 | 355 |
- added mozilla-no-stdcxx-check.patch |
356 |
- removed obsolete patches |
|
868 | 357 |
* mozilla-add-glibcxx_use_cxx11_abi.patch |
869 | 358 |
* firefox-multilocale-chrome.patch |
868 | 359 |
- rebased patches |
869 | 360 |
- requires version 40 of the branding package |
871 | 361 |
- removed browser/searchplugins/ location as it's not valid anymore |
867
3af93b7e5e3d
merge from firefox39 and switch to 40beta branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
866
diff
changeset
|
362 |
|
3af93b7e5e3d
merge from firefox39 and switch to 40beta branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
866
diff
changeset
|
363 |
------------------------------------------------------------------- |
870 | 364 |
Fri Aug 7 07:09:39 UTC 2015 - wr@rosenauer.org |
365 |
||
366 |
- security update to Firefox 39.0.3 (bnc#940918) |
|
367 |
* MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) |
|
368 |
Same origin violation and local file stealing via PDF reader |
|
369 |
||
370 |
------------------------------------------------------------------- |
|
866
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
371 |
Wed Jul 1 06:43:02 UTC 2015 - wr@rosenauer.org |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
372 |
|
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
373 |
- update to Firefox 39.0 (bnc#935979) |
863 | 374 |
* Share Hello URLs with social networks |
375 |
* Support for 'switch' role in ARIA 1.1 (web accessibility) |
|
376 |
* SafeBrowsing malware detection lookups enabled for downloads |
|
377 |
(Mac OS X and Linux) |
|
378 |
* Support for new Unicode 8.0 skin tone emoji |
|
379 |
* Removed support for insecure SSLv3 for network communications |
|
380 |
* Disable use of RC4 except for temporarily whitelisted hosts |
|
381 |
* NPAPI Plug-in performance improved via asynchronous initialization |
|
866
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
382 |
security fixes: |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
383 |
* MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726 |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
384 |
Miscellaneous memory safety hazards |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
385 |
* MFSA 2015-60/CVE-2015-2727 (bmo#1163422) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
386 |
Local files or privileged URLs in pages can be opened into new tabs |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
387 |
* MFSA 2015-61/CVE-2015-2728 (bmo#1142210) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
388 |
Type confusion in Indexed Database Manager |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
389 |
* MFSA 2015-62/CVE-2015-2729 (bmo#1122218) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
390 |
Out-of-bound read while computing an oscillator rendering range in Web Audio |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
391 |
* MFSA 2015-63/CVE-2015-2731 (bmo#1149891) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
392 |
Use-after-free in Content Policy due to microtask execution error |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
393 |
* MFSA 2015-64/CVE-2015-2730 (bmo#1125025) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
394 |
ECDSA signature validation fails to handle some signatures correctly |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
395 |
(this fix is shipped by NSS 3.19.1 externally) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
396 |
* MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
397 |
Use-after-free in workers while using XMLHttpRequest |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
398 |
* MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
399 |
CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
400 |
Vulnerabilities found through code inspection |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
401 |
* MFSA 2015-67/CVE-2015-2741 (bmo#1147497) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
402 |
Key pinning is ignored when overridable errors are encountered |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
403 |
* MFSA 2015-68/CVE-2015-2742 (bmo#1138669) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
404 |
OS X crash reports may contain entered key press information |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
405 |
(not relevant under Linux) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
406 |
* MFSA 2015-69/CVE-2015-2743 (bmo#1163109) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
407 |
Privilege escalation in PDF.js |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
408 |
* MFSA 2015-70/CVE-2015-4000 (bmo#1138554) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
409 |
NSS accepts export-length DHE keys with regular DHE cipher suites |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
410 |
(this fix is shipped by NSS 3.19.1 externally) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
411 |
* MFSA 2015-71/CVE-2015-2721 (bmo#1086145) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
412 |
NSS incorrectly permits skipping of ServerKeyExchange |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
413 |
(this fix is shipped by NSS 3.19.1 externally) |
857 | 414 |
- dropped mozilla-prefer_plugin_pref.patch as this feature is |
415 |
likely not worth maintaining further |
|
416 |
- rebased patches |
|
863 | 417 |
- require NSS 3.19.2 |
857 | 418 |
|
419 |
------------------------------------------------------------------- |
|
862
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
420 |
Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de |
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
421 |
|
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
422 |
- mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration |
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
423 |
|
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
424 |
------------------------------------------------------------------- |
854 | 425 |
Sun Jun 7 07:09:12 UTC 2015 - wr@rosenauer.org |
426 |
||
427 |
- update to Firefox 38.0.6 |
|
855 | 428 |
* fixes bmo#1171730 which is not really relevant to oS builds |
429 |
- fix KDE regression from 38.0.5 builds (bsc#933439) |
|
854 | 430 |
|
431 |
------------------------------------------------------------------- |
|
853 | 432 |
Sat May 23 21:13:49 UTC 2015 - wr@rosenauer.org |
433 |
||
434 |
- update to Firefox 38.0.5 |
|
435 |
* Keep track of articles and videos with Pocket |
|
436 |
* Clean formatting for articles and blog posts with Reader View |
|
437 |
* Share the active tab or window in a Hello conversation |
|
438 |
- add changes file as source for SRPM (bsc#932142) |
|
439 |
||
440 |
------------------------------------------------------------------- |
|
852 | 441 |
Fri May 15 10:40:19 UTC 2015 - normand@linux.vnet.ibm.com |
442 |
||
443 |
- add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from |
|
444 |
https://bugzilla.mozilla.org/show_bug.cgi?id=1153109 |
|
445 |
||
446 |
------------------------------------------------------------------- |
|
447 |
Fri May 15 07:37:46 UTC 2015 - wr@rosenauer.org |
|
448 |
||
449 |
- update to Firefox 38.0.1 |
|
450 |
stability and regression fixes |
|
451 |
* Systems with first generation NVidia Optimus graphics cards |
|
452 |
may crash on start-up |
|
453 |
* Users who import cookies from Google Chrome can end up with |
|
454 |
broken websites |
|
455 |
* Large animated images may fail to play and may stop other |
|
456 |
images from loading |
|
457 |
||
458 |
------------------------------------------------------------------- |
|
851 | 459 |
Sun May 10 07:07:49 UTC 2015 - wr@rosenauer.org |
460 |
||
852 | 461 |
- update to Firefox 38.0 (bnc#930622) |
462 |
* New tab-based preferences |
|
463 |
* Ruby annotation support |
|
464 |
* more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/ |
|
465 |
security fixes: |
|
466 |
* MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 |
|
467 |
Miscellaneous memory safety hazards |
|
468 |
* MFSA 2015-47/VE-2015-0797 (bmo#1080995) |
|
469 |
Buffer overflow parsing H.264 video with Linux Gstreamer |
|
470 |
* MFSA 2015-48/CVE-2015-2710 (bmo#1149542) |
|
471 |
Buffer overflow with SVG content and CSS |
|
472 |
* MFSA 2015-49/CVE-2015-2711 (bmo#1113431) |
|
473 |
Referrer policy ignored when links opened by middle-click and |
|
474 |
context menu |
|
475 |
* MFSA 2015-50/CVE-2015-2712 (bmo#1152280) |
|
476 |
Out-of-bounds read and write in asm.js validation |
|
477 |
* MFSA 2015-51/CVE-2015-2713 (bmo#1153478) |
|
478 |
Use-after-free during text processing with vertical text enabled |
|
479 |
* MFSA 2015-53/CVE-2015-2715 (bmo#988698) |
|
480 |
Use-after-free due to Media Decoder Thread creation during shutdown |
|
481 |
* MFSA 2015-54/CVE-2015-2716 (bmo#1140537) |
|
482 |
Buffer overflow when parsing compressed XML |
|
483 |
* MFSA 2015-55/CVE-2015-2717 (bmo#1154683) |
|
484 |
Buffer overflow and out-of-bounds read while parsing MP4 video |
|
485 |
metadata |
|
486 |
* MFSA 2015-56/CVE-2015-2718 (bmo#1146724) |
|
487 |
Untrusted site hosting trusted page can intercept webchannel |
|
488 |
responses |
|
489 |
* MFSA 2015-57/CVE-2011-3079 (bmo#1087565) |
|
490 |
Privilege escalation through IPC channel messages |
|
850 | 491 |
- requires NSS 3.18.1 |
851 | 492 |
- removed obsolete patches: |
493 |
* mozilla-skia-bmo1136958.patch |
|
494 |
- remove gnomevfs build options as it is removed from sources |
|
495 |
- rebased patches |
|
850 | 496 |
|
497 |
------------------------------------------------------------------- |
|
498 |
Fri Apr 17 16:39:20 UTC 2015 - wr@rosenauer.org |
|
499 |
||
500 |
- update to Firefox 37.0.2 (bnc#928116) |
|
501 |
* MFSA 2015-45/CVE-2015-2706 (bmo#1141081) |
|
502 |
Memory corruption during failed plugin initialization |
|
845 | 503 |
|
504 |
------------------------------------------------------------------- |
|
844 | 505 |
Fri Apr 3 08:27:24 UTC 2015 - wr@rosenauer.org |
506 |
||
507 |
- update to Firefox 37.0.1 (bnc#926166) |
|
508 |
* MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only) |
|
509 |
Loading privileged content through Reader mode |
|
510 |
* MFSA 2015-44/CVE-2015-0799 (bmo#1148328) |
|
511 |
Certificate verification bypass through the HTTP/2 Alt-Svc header |
|
512 |
||
513 |
------------------------------------------------------------------- |
|
514 |
Sat Mar 28 09:46:48 UTC 2015 - wr@rosenauer.org |
|
515 |
||
516 |
- update to Firefox 37.0 (bnc#925368) |
|
517 |
* Heartbeat user rating system |
|
518 |
* Yandex set as default search provider for the Turkish locale |
|
519 |
* Bing search now uses HTTPS for secure searching |
|
520 |
* Improved protection against site impersonation via OneCRL |
|
521 |
centralized certificate revocation |
|
522 |
* Opportunistically encrypt HTTP traffic where the server supports |
|
523 |
HTTP/2 AltSvc |
|
524 |
* some more behaviour changes for TLS |
|
525 |
security fixes: |
|
526 |
* MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 |
|
527 |
Miscellaneous memory safety hazards |
|
528 |
* MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) |
|
529 |
Use-after-free when using the Fluendo MP3 GStreamer plugin |
|
530 |
* MFSA 2015-32/CVE-2015-0812 (bmo#1128126) |
|
531 |
Add-on lightweight theme installation approval bypassed through |
|
532 |
MITM attack |
|
533 |
* MFSA 2015-33/CVE-2015-0816 (bmo#1144991) |
|
534 |
resource:// documents can load privileged pages |
|
535 |
* MFSA-2015-34/CVE-2015-0811 (bmo#1132468) |
|
536 |
Out of bounds read in QCMS library |
|
537 |
* MFSA-2015-35/CVE-2015-0810 (bmo#1125013) |
|
538 |
Cursor clickjacking with flash and images (OS X only) |
|
539 |
* MFSA-2015-36/CVE-2015-0808 (bmo#1109552) |
|
540 |
Incorrect memory management for simple-type arrays in WebRTC |
|
541 |
* MFSA-2015-37/CVE-2015-0807 (bmo#1111834) |
|
542 |
CORS requests should not follow 30x redirections after preflight |
|
543 |
* MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437) |
|
544 |
Memory corruption crashes in Off Main Thread Compositing |
|
545 |
* MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560) |
|
546 |
Use-after-free due to type confusion flaws |
|
547 |
* MFSA-2015-40/CVE-2015-0801 (bmo#1146339) |
|
548 |
Same-origin bypass through anchor navigation |
|
549 |
* MFSA-2015-41/CVE-2015-0800/CVE-2012-2808 |
|
550 |
PRNG weakness allows for DNS poisoning on Android (only) |
|
551 |
* MFSA-2015-42/CVE-2015-0802 (bmo#1124898) |
|
552 |
Windows can retain access to privileged content on navigation |
|
553 |
to unprivileged pages |
|
554 |
- removed obsolete patches |
|
837 | 555 |
* mozilla-bmo1088588.patch |
844 | 556 |
* mozilla-bmo1108834.patch |
836
12530a091878
prepare 37 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
831
diff
changeset
|
557 |
- requires NSPR 4.10.8 |
12530a091878
prepare 37 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
831
diff
changeset
|
558 |
|
12530a091878
prepare 37 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
831
diff
changeset
|
559 |
------------------------------------------------------------------- |
844 | 560 |
Tue Mar 24 15:35:24 UTC 2015 - dvaleev@suse.com |
561 |
||
562 |
- Fix builds with skia on Power |
|
563 |
mozilla-skia-be-le.patch (patch from #bmo1136958) |
|
564 |
mozilla-bmo1108834.patch |
|
565 |
mozilla-bmo1005535.patch |
|
566 |
||
567 |
------------------------------------------------------------------- |
|
839 | 568 |
Sat Mar 21 09:03:12 UTC 2015 - wr@rosenauer.org |
569 |
||
840 | 570 |
- update to Firefox 36.0.4 (bnc#923534) |
839 | 571 |
* MFSA 2015-28/CVE-2015-0818 (bmo#1144988) |
572 |
Privilege escalation through SVG navigation |
|
573 |
* MFSA 2015-29/CVE-2015-0817 (bmo#1145255) |
|
574 |
Code execution through incorrect JavaScript bounds checking |
|
575 |
elimination |
|
576 |
||
577 |
------------------------------------------------------------------- |
|
578 |
Fri Mar 20 15:02:33 UTC 2015 - dimstar@opensuse.org |
|
579 |
||
580 |
- Copy the icons to /usr/share/icons instead of symlinking them: |
|
581 |
in preparation for containerized apps (e.g. xdg-app) as well as |
|
582 |
AppStream metadata extraction, there are a couple locations that |
|
583 |
need to be real files for system integration (.desktop files, |
|
584 |
icons, mime-type info). |
|
585 |
||
586 |
------------------------------------------------------------------- |
|
838 | 587 |
Sat Mar 7 07:40:56 UTC 2015 - wr@rosenauer.org |
588 |
||
589 |
- update to Firefox 36.0.1 |
|
590 |
Bugfixes: |
|
591 |
* Disable the usage of the ANY DNS query type (bmo#1093983) |
|
592 |
* Hello may become inactive until restart (bmo#1137469) |
|
593 |
* Print preferences may not be preserved (bmo#1136855) |
|
594 |
* Hello contact tabs may not be visible (bmo#1137141) |
|
595 |
* Accept hostnames that include an underscore character ("_") |
|
596 |
(bmo#1136616) |
|
597 |
* WebGL may use significant memory with Canvas2d (bmo#1137251) |
|
598 |
* Option -remote has been restored (bmo#1080319) |
|
840 | 599 |
- added mozilla-skia-bmo1136958.patch to fix build issues for |
600 |
ARM and PPC |
|
838 | 601 |
|
602 |
------------------------------------------------------------------- |
|
832 | 603 |
Fri Feb 20 22:53:39 UTC 2015 - wr@rosenauer.org |
604 |
||
605 |
- update to Firefox 36.0 (bnc#917597) |
|
828 | 606 |
* mozilla-xremote-client was removed |
607 |
* added libclearkey.so media plugin |
|
832 | 608 |
* Pinned tiles on the new tab page can be synced |
609 |
* Support for the full HTTP/2 protocol. HTTP/2 enables a faster, |
|
610 |
more scalable, and more responsive web. |
|
611 |
* Locale added: Uzbek (uz) |
|
835 | 612 |
security fixes: |
613 |
* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 |
|
614 |
Miscellaneous memory safety hazards |
|
615 |
* MFSA 2015-12/CVE-2015-0833 (bmo#945192) |
|
616 |
Invoking Mozilla updater will load locally stored DLL files |
|
617 |
(Windows only) |
|
618 |
* MFSA 2015-13/CVE-2015-0832 (bmo#1065909) |
|
619 |
Appended period to hostnames can bypass HPKP and HSTS protections |
|
620 |
* MFSA 2015-14/CVE-2015-0830 (bmo#1110488) |
|
621 |
Malicious WebGL content crash when writing strings |
|
622 |
* MFSA 2015-15/CVE-2015-0834 (bmo#1098314) |
|
623 |
TLS TURN and STUN connections silently fail to simple TCP connections |
|
624 |
* MFSA 2015-16/CVE-2015-0831 (bmo#1130514) |
|
625 |
Use-after-free in IndexedDB |
|
626 |
* MFSA 2015-17/CVE-2015-0829 (bmo#1128939) |
|
627 |
Buffer overflow in libstagefright during MP4 video playback |
|
628 |
* MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) |
|
629 |
Double-free when using non-default memory allocators with a |
|
630 |
zero-length XHR |
|
631 |
* MFSA 2015-19/CVE-2015-0827 (bmo#1117304) |
|
632 |
Out-of-bounds read and write while rendering SVG content |
|
633 |
* MFSA 2015-20/CVE-2015-0826 (bmo#1092363) |
|
634 |
Buffer overflow during CSS restyling |
|
635 |
* MFSA 2015-21/CVE-2015-0825 (bmo#1092370) |
|
636 |
Buffer underflow during MP3 playback |
|
637 |
* MFSA 2015-22/CVE-2015-0824 (bmo#1095925) |
|
638 |
Crash using DrawTarget in Cairo graphics library |
|
639 |
* MFSA 2015-23/CVE-2015-0823 (bmo#1098497) |
|
640 |
Use-after-free in Developer Console date with OpenType Sanitiser |
|
641 |
* MFSA 2015-24/CVE-2015-0822 (bmo#1110557) |
|
642 |
Reading of local files through manipulation of form autocomplete |
|
643 |
* MFSA 2015-25/CVE-2015-0821 (bmo#1111960) |
|
644 |
Local files or privileged URLs in pages can be opened into new tabs |
|
645 |
* MFSA 2015-26/CVE-2015-0819 (bmo#1079554) |
|
646 |
UI Tour whitelisted sites in background tab can spoof foreground |
|
647 |
tabs |
|
648 |
* MFSA 2015-27CVE-2015-0820 (bmo#1125398) |
|
649 |
Caja Compiler JavaScript sandbox bypass |
|
832 | 650 |
- rebased patches |
830 | 651 |
- requires NSS 3.17.4 |
652 |
||
653 |
------------------------------------------------------------------- |
|
654 |
Sat Jan 31 18:37:38 UTC 2015 - wr@rosenauer.org |
|
655 |
||
656 |
- update to Firefox 35.0.1 |
|
657 |
* With the Enhanced Steam extension, Firefox could crash (bmo#1123732) |
|
658 |
* Kerberos authentication did not work with alias (bmo#1108971) |
|
659 |
* SVG / CSS animation had a regression causing rendering issues on |
|
660 |
websites like openstreemap.org (bmo#1083079) |
|
661 |
* On Godaddy webmail, Firefox could crash (bmo#1113121) |
|
662 |
* document.baseURI did not get updated to document.location after |
|
663 |
base tag was removed from DOM for site with a CSP (bmo#1121857) |
|
664 |
* With a Right-to-left (RTL) version of Firefox, the text selection |
|
665 |
could be broken (bmo#1104036) |
|
666 |
* CSP had a change in behavior with regard to case sensitivity |
|
667 |
resources loading (bmo#1122445) |
|
828 | 668 |
|
669 |
------------------------------------------------------------------- |
|
826 | 670 |
Sat Jan 10 18:36:37 UTC 2015 - wr@rosenauer.org |
671 |
||
672 |
- update to Firefox 35.0 (bnc#910669) |
|
827 | 673 |
notable features: |
674 |
* Firefox Hello with new rooms-based conversations model |
|
675 |
* Implemented HTTP Public Key Pinning Extension (for enhanced |
|
676 |
authentication of encrypted connections) |
|
677 |
security fixes: |
|
678 |
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 |
|
679 |
Miscellaneous memory safety hazards |
|
680 |
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536) |
|
681 |
Uninitialized memory use during bitmap rendering |
|
682 |
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987) |
|
683 |
sendBeacon requests lack an Origin header |
|
684 |
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859) |
|
685 |
Cookie injection through Proxy Authenticate responses |
|
686 |
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409) |
|
687 |
Read of uninitialized memory in Web Audio |
|
688 |
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455) |
|
689 |
Read-after-free in WebRTC |
|
690 |
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) |
|
691 |
Gecko Media Plugin sandbox escape |
|
692 |
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658) |
|
693 |
Delegated OCSP responder certificates failure with |
|
694 |
id-pkix-ocsp-nocheck extension |
|
695 |
* MFSA 2015-09/CVE-2014-8636 (bmo#987794) |
|
696 |
XrayWrapper bypass through DOM objects |
|
807
f54c68340963
Aurora 35.0 (20141115) uplift
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
806
diff
changeset
|
697 |
- rebased patches |
809
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
698 |
- dropped explicit support for everything older than 12.3 |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
699 |
(including SLES11) |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
700 |
* merge firefox-kde.patch and firefox-kde-114.patch |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
701 |
* dropped mozilla-sle11.patch |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
702 |
- reworked specfile to build conditionally based on release channel |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
703 |
either Firefox or Firefox Developer Edition |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
704 |
- added mozilla-openaes-decl.patch to fix implicit declarations |
819
5a18bd66e46c
[Bug 908892] Updated Firefox (33.0-1.90.1 -> 34.0.5-1.94.3) crashes in tracker-miner-firefox
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
818
diff
changeset
|
705 |
- obsolete tracker-miner-firefox < 0.15 because it leads to startup |
5a18bd66e46c
[Bug 908892] Updated Firefox (33.0-1.90.1 -> 34.0.5-1.94.3) crashes in tracker-miner-firefox
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
818
diff
changeset
|
706 |
crashes (bnc#908892) |
807
f54c68340963
Aurora 35.0 (20141115) uplift
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
806
diff
changeset
|
707 |
|
f54c68340963
Aurora 35.0 (20141115) uplift
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
806
diff
changeset
|
708 |
------------------------------------------------------------------- |
820 | 709 |
Sat Dec 13 22:13:00 UTC 2014 - Led <ledest@gmail.com> |
710 |
||
711 |
- fix bashism in mozilla.sh script |
|
712 |
||
713 |
------------------------------------------------------------------- |
|
813
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
714 |
Sat Nov 29 21:23:03 UTC 2014 - wr@rosenauer.org |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
715 |
|
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
716 |
- update to Firefox 34.0.5 (bnc#908009) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
717 |
* Default search engine changed to Yahoo! for North America |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
718 |
* Default search engine changed to Yandex for Belarusian, Kazakh, |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
719 |
and Russian locales |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
720 |
* Improved search bar (en-US only) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
721 |
* Firefox Hello real-time communication client |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
722 |
* Easily switch themes/personas directly in the Customizing mode |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
723 |
* Implementation of HTTP/2 (draft14) and ALPN |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
724 |
* Disabled SSLv3 |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
725 |
* MFSA 2014-83/CVE-2014-1587/CVE-2014-1588 |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
726 |
Miscellaneous memory safety hazards |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
727 |
* MFSA 2014-84/CVE-2014-1589 (bmo#1043787) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
728 |
XBL bindings accessible via improper CSS declarations |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
729 |
* MFSA 2014-85/CVE-2014-1590 (bmo#1087633) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
730 |
XMLHttpRequest crashes with some input streams |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
731 |
* MFSA 2014-86/CVE-2014-1591 (bmo#1069762) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
732 |
CSP leaks redirect data via violation reports |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
733 |
* MFSA 2014-87/CVE-2014-1592 (bmo#1088635) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
734 |
Use-after-free during HTML5 parsing |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
735 |
* MFSA 2014-88/CVE-2014-1593 (bmo#1085175) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
736 |
Buffer overflow while parsing media content |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
737 |
* MFSA 2014-89/CVE-2014-1594 (bmo#1074280) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
738 |
Bad casting from the BasicThebesLayer to BasicContainerLayer |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
739 |
- rebased patches |
806 | 740 |
- limit linker memory usage for %ix86 |
807
f54c68340963
Aurora 35.0 (20141115) uplift
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
806
diff
changeset
|
741 |
- rebased patches |
805 | 742 |
|
743 |
------------------------------------------------------------------- |
|
801
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
744 |
Fri Nov 7 20:14:32 UTC 2014 - wr@rosenauer.org |
787 | 745 |
|
746 |
- update to Firefox 33.1 |
|
802 | 747 |
* Adding DuckDuckGo as a search option (upstream) |
748 |
* Forget Button added |
|
749 |
* Enhanced Tiles |
|
750 |
* Privacy tour introduced |
|
797
3b2d52457c91
fix typo on Recommends
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
789
diff
changeset
|
751 |
- fix typo in GStreamer Recommends |
787 | 752 |
|
753 |
------------------------------------------------------------------- |
|
801
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
754 |
Tue Nov 4 18:00:35 UTC 2014 - guillaume@opensuse.org |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
755 |
|
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
756 |
- Disable elf-hack for aarch64 |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
757 |
- Enable EGL for aarch64 |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
758 |
- Limit RAM usage during link for %arm |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
759 |
- Fix _constraints for ARM |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
760 |
|
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
761 |
------------------------------------------------------------------- |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
762 |
Mon Nov 3 11:36:04 UTC 2014 - dmueller@suse.com |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
763 |
|
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
764 |
- use proper macros for ARM |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
765 |
|
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
766 |
------------------------------------------------------------------- |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
767 |
Mon Nov 3 11:26:23 UTC 2014 - josua.mayer97@gmail.com |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
768 |
|
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
769 |
- use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
770 |
to fix compiling. |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
771 |
- pass '-Wl,--no-keep-memory' to linker to reduce required memory during |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
772 |
linking on arm. |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
773 |
|
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
774 |
------------------------------------------------------------------- |
788 | 775 |
Thu Oct 30 11:31:05 UTC 2014 - wr@rosenauer.org |
776 |
||
777 |
- update to Firefox 33.0.2 |
|
778 |
* Fix a startup crash with some combination of hardware and drivers |
|
779 |
33.0.1 |
|
780 |
* Firefox displays a black screen at start-up with certain |
|
781 |
graphics drivers |
|
782 |
- adjusted _constraints for ARM |
|
783 |
||
784 |
------------------------------------------------------------------- |
|
786 | 785 |
Tue Oct 28 15:23:09 UTC 2014 - josua.mayer97@gmail.com |
786 |
||
787 |
- added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588) |
|
785 | 788 |
|
789 |
------------------------------------------------------------------- |
|
781
4ee017942f28
use /usr/share/myspell directly and remove add-plugins.sh
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
780
diff
changeset
|
790 |
Sat Oct 25 08:45:43 UTC 2014 - wr@rosenauer.org |
4ee017942f28
use /usr/share/myspell directly and remove add-plugins.sh
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
780
diff
changeset
|
791 |
|
4ee017942f28
use /usr/share/myspell directly and remove add-plugins.sh
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
780
diff
changeset
|
792 |
- define /usr/share/myspell as additional dictionary location |
4ee017942f28
use /usr/share/myspell directly and remove add-plugins.sh
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
780
diff
changeset
|
793 |
and remove add-plugins.sh finally (bnc#900639) |
4ee017942f28
use /usr/share/myspell directly and remove add-plugins.sh
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
780
diff
changeset
|
794 |
|
4ee017942f28
use /usr/share/myspell directly and remove add-plugins.sh
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
780
diff
changeset
|
795 |
------------------------------------------------------------------- |
780
c20a07035a80
use Firefox default optimization flags instead of -Os
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
777
diff
changeset
|
796 |
Sun Oct 19 12:59:28 UTC 2014 - vindex17@outlook.it |
c20a07035a80
use Firefox default optimization flags instead of -Os
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
777
diff
changeset
|
797 |
|
c20a07035a80
use Firefox default optimization flags instead of -Os
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
777
diff
changeset
|
798 |
- use Firefox default optimization flags instead of -Os |
c20a07035a80
use Firefox default optimization flags instead of -Os
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
777
diff
changeset
|
799 |
- specfile cleanup |
c20a07035a80
use Firefox default optimization flags instead of -Os
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
777
diff
changeset
|
800 |
|
c20a07035a80
use Firefox default optimization flags instead of -Os
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
777
diff
changeset
|
801 |
------------------------------------------------------------------- |
777 | 802 |
Wed Oct 15 08:05:33 UTC 2014 - wr@rosenauer.org |
803 |
||
804 |
- fix build for all ppc by not enabling elf-hack |
|
805 |
(bnc#901213) |
|
806 |
||
807 |
------------------------------------------------------------------- |
|
776
fd46c2b70724
prepare 33.0 final release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
774
diff
changeset
|
808 |
Sat Oct 11 08:48:24 UTC 2014 - wr@rosenauer.org |
fd46c2b70724
prepare 33.0 final release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
774
diff
changeset
|
809 |
|
777 | 810 |
- update to Firefox 33.0 (bnc#900941) |
811 |
New features: |
|
812 |
* OpenH264 support (sandboxed) |
|
813 |
* Enhanced Tiles |
|
814 |
* Improved search experience through the location bar |
|
815 |
* Slimmer and faster JavaScript strings |
|
816 |
* New CSP (Content Security Policy) backend |
|
817 |
* Support for connecting to HTTP proxy over HTTPS |
|
818 |
* Improved reliability of the session restoration |
|
819 |
* Proprietary window.crypto properties/functions removed |
|
820 |
Security: |
|
821 |
* MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 |
|
822 |
Miscellaneous memory safety hazards |
|
823 |
* MFSA 2014-75/CVE-2014-1576 (bmo#1041512) |
|
824 |
Buffer overflow during CSS manipulation |
|
825 |
* MFSA 2014-76/CVE-2014-1577 (bmo#1012609) |
|
826 |
Web Audio memory corruption issues with custom waveforms |
|
827 |
* MFSA 2014-77/CVE-2014-1578 (bmo#1063327) |
|
828 |
Out-of-bounds write with WebM video |
|
829 |
* MFSA 2014-78/CVE-2014-1580 (bmo#1063733) |
|
830 |
Further uninitialized memory use during GIF rendering |
|
831 |
* MFSA 2014-79/CVE-2014-1581 (bmo#1068218) |
|
832 |
Use-after-free interacting with text directionality |
|
833 |
* MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) |
|
834 |
Key pinning bypasses |
|
835 |
* MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) |
|
836 |
Inconsistent video sharing within iframe |
|
837 |
* MFSA 2014-82/CVE-2014-1583 (bmo#1015540) |
|
838 |
Accessing cross-origin objects via the Alarms API |
|
839 |
(only relevant for installed web apps) |
|
765 | 840 |
- requires NSPR 4.10.7 |
773 | 841 |
- requires NSS 3.17.1 |
776
fd46c2b70724
prepare 33.0 final release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
774
diff
changeset
|
842 |
- removed obsolete patches: |
773 | 843 |
* mozilla-ppc.patch |
776
fd46c2b70724
prepare 33.0 final release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
774
diff
changeset
|
844 |
* mozilla-libproxy-compat.patch |
774
f61bd1cd52c2
added basic appstream appdata information
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
773
diff
changeset
|
845 |
- added basic appdata information |
769 | 846 |
|
847 |
------------------------------------------------------------------- |
|
848 |
Sat Sep 20 13:33:51 UTC 2014 - wr@rosenauer.org |
|
849 |
||
850 |
- update to Firefox 32.0.2 |
|
851 |
* just a version bump for our builds |
|
852 |
* fixed the in application update process for certain environments |
|
853 |
(in application update is not enabled in openSUSE and Linux |
|
854 |
is unaffected in any case) |
|
855 |
- build with --disable-optimize for 13.1 and above for i586 to |
|
856 |
workaround miscompilations (bnc#896624) |
|
767 | 857 |
- use some more build flags to align with upstream |
765 | 858 |
|
859 |
------------------------------------------------------------------- |
|
761 | 860 |
Sat Sep 13 16:58:16 UTC 2014 - wr@rosenauer.org |
861 |
||
862 |
- update to Firefox 32.0.1 |
|
863 |
* fixed stability issues for computers with multiple graphics cards |
|
864 |
* mixed content icon may be incorrectly displayed instead of lock |
|
865 |
icon for SSL sites in 32.0 ( |
|
866 |
* WebRTC: setRemoteDescription() silently fails if no success |
|
867 |
callback is specified (bmo#1063971) |
|
868 |
||
869 |
------------------------------------------------------------------- |
|
759
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
870 |
Sun Aug 31 07:44:54 UTC 2014 - wr@rosenauer.org |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
871 |
|
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
872 |
- update to Firefox 32.0 (bnc#894370) |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
873 |
* MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562 |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
874 |
Miscellaneous memory safety hazards |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
875 |
* MFSA 2014-68/CVE-2014-1563 (bmo#1018524) |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
876 |
Use-after-free during DOM interactions with SVG |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
877 |
* MFSA 2014-69/CVE-2014-1564 (bmo#1045977) |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
878 |
Uninitialized memory use during GIF rendering |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
879 |
* MFSA 2014-70/CVE-2014-1565 (bmo#1047831) |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
880 |
Out-of-bounds read in Web Audio audio timeline |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
881 |
* MFSA 2014-72/CVE-2014-1567 (bmo#1037641) |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
882 |
Use-after-free setting text directionality |
748
72ba5129e5fd
full rebase to Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
746
diff
changeset
|
883 |
- rebased patches |
756 | 884 |
- requires NSS 3.16.4 |
748
72ba5129e5fd
full rebase to Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
746
diff
changeset
|
885 |
- removed upstreamed patch |
72ba5129e5fd
full rebase to Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
746
diff
changeset
|
886 |
* mozilla-aarch64-bmo-810631.patch |
72ba5129e5fd
full rebase to Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
746
diff
changeset
|
887 |
|
72ba5129e5fd
full rebase to Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
746
diff
changeset
|
888 |
------------------------------------------------------------------- |
759
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
889 |
Wed Aug 20 13:50:58 CEST 2014 - behlert@suse.de |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
890 |
|
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
891 |
- adapted _constraints, used more than 3900MB on s390x during |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
892 |
last build |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
893 |
|
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
894 |
------------------------------------------------------------------- |
753 | 895 |
Sun Jul 20 18:11:44 UTC 2014 - wr@rosenauer.org |
896 |
||
897 |
- update to Firefox 31.0 (bnc#887746) |
|
898 |
* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 |
|
899 |
Miscellaneous memory safety hazards |
|
900 |
* MFSA 2014-57/CVE-2014-1549 (bmo#1020205) |
|
901 |
Buffer overflow during Web Audio buffering for playback |
|
902 |
* MFSA 2014-58/CVE-2014-1550 (bmo#1020411) |
|
903 |
Use-after-free in Web Audio due to incorrect control message ordering |
|
904 |
* MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375) |
|
905 |
Toolbar dialog customization event spoofing |
|
906 |
* MFSA 2014-61/CVE-2014-1555 (bmo#1023121) |
|
907 |
Use-after-free with FireOnStateChange event |
|
908 |
* MFSA 2014-62/CVE-2014-1556 (bmo#1028891) |
|
909 |
Exploitable WebGL crash with Cesium JavaScript library |
|
910 |
* MFSA 2014-63/CVE-2014-1544 (bmo#963150) |
|
911 |
Use-after-free while when manipulating certificates in the trusted cache |
|
912 |
(solved with NSS 3.16.2 requirement) |
|
913 |
* MFSA 2014-64/CVE-2014-1557 (bmo#913805) |
|
914 |
Crash in Skia library when scaling high quality images |
|
915 |
* MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560 |
|
916 |
(bmo#1015973, bmo#1026022, bmo#997795) |
|
917 |
Certificate parsing broken by non-standard character encoding |
|
918 |
* MFSA 2014-66/CVE-2014-1552 (bmo#985135) |
|
919 |
IFRAME sandbox same-origin access through redirect |
|
920 |
- use EGL on ARM |
|
746
b441942b2a3f
update meta data for Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
744
diff
changeset
|
921 |
- rebased patches |
b441942b2a3f
update meta data for Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
744
diff
changeset
|
922 |
- requires NSS 3.16.2 |
753 | 923 |
- requires python-devel (not only python) |
746
b441942b2a3f
update meta data for Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
744
diff
changeset
|
924 |
|
b441942b2a3f
update meta data for Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
744
diff
changeset
|
925 |
------------------------------------------------------------------- |
744
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
926 |
Mon Jun 9 08:28:17 UTC 2014 - wr@rosenauer.org |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
927 |
|
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
928 |
- update to Firefox 30.0 (bnc#881874) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
929 |
* MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
930 |
(bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874, |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
931 |
bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981, |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
932 |
bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817, |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
933 |
bmo#996536, bmo#996715, bmo#999651, bmo#1000598, |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
934 |
bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223, |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
935 |
bmo#1009952, bmo#1011007) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
936 |
Miscellaneous memory safety hazards (rv:30.0) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
937 |
* MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
938 |
(bmo#989994, bmo#999274, bmo#1005584) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
939 |
Use-after-free and out of bounds issues found using Address |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
940 |
Sanitizer |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
941 |
* MFSA 2014-50/CVE-2014-1539 (bmo#995603) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
942 |
Clickjacking through cursor invisability after Flash interaction |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
943 |
* MFSA 2014-51/CVE-2014-1540 (bmo#978862) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
944 |
Use-after-free in Event Listener Manager |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
945 |
* MFSA 2014-52/CVE-2014-1541 (bmo#1000185) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
946 |
Use-after-free with SMIL Animation Controller |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
947 |
* MFSA 2014-53/CVE-2014-1542 (bmo#991533) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
948 |
Buffer overflow in Web Audio Speex resampler |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
949 |
* MFSA 2014-54/CVE-2014-1543 (bmo#1011859) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
950 |
Buffer overflow in Gamepad API |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
951 |
* MFSA 2014-55/CVE-2014-1545 (bmo#1018783) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
952 |
Out of bounds write in NSPR |
733
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
953 |
- rebased patches |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
954 |
- removed obsolete patches |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
955 |
* firefox-browser-css.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
956 |
* mozilla-aarch64-bmo-962488.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
957 |
* mozilla-aarch64-bmo-963023.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
958 |
* mozilla-aarch64-bmo-963024.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
959 |
* mozilla-aarch64-bmo-963027.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
960 |
* mozilla-ppc64-xpcom.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
961 |
* mozilla-ppc64le-javascript.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
962 |
* mozilla-ppc64le-libffi.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
963 |
* mozilla-ppc64le-mfbt.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
964 |
* mozilla-ppc64le-webrtc.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
965 |
* mozilla-ppc64le-xpcom.patch |
744
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
966 |
* mozilla-ppc64le-build.patch |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
967 |
- requires NSPR 4.10.6 |
725 | 968 |
- enabled GStreamer 1.0 usage for 13.2 and above |
969 |
||
970 |
------------------------------------------------------------------- |
|
738 | 971 |
Sat May 10 06:09:37 UTC 2014 - wr@rosenauer.org |
972 |
||
973 |
- update to Firefox 29.0.1 |
|
974 |
* Seer disabled by default (bmo#1005958) |
|
975 |
* Session Restore failed with a corrupted sessionstore.js file |
|
976 |
(bmo#1001167) |
|
977 |
* pdf.js printing white page (bmo#1003707, bnc#876833) |
|
733
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
978 |
- general.useragent.locale gets overwritten with en-US while it |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
979 |
should be using the active langpack's setting |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
980 |
|
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
981 |
------------------------------------------------------------------- |
727
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
982 |
Sat Apr 26 12:18:07 UTC 2014 - wr@rosenauer.org |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
983 |
|
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
984 |
- update to Firefox 29.0 (bnc#875378) |
733
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
985 |
* MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
986 |
Miscellaneous memory safety hazards |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
987 |
* MFSA 2014-36/CVE-2014-1522 (bmo#995289) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
988 |
Web Audio memory corruption issues |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
989 |
* MFSA 2014-37/CVE-2014-1523 (bmo#969226) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
990 |
Out of bounds read while decoding JPG images |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
991 |
* MFSA 2014-38/CVE-2014-1524 (bmo#989183) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
992 |
Buffer overflow when using non-XBL object as XBL |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
993 |
* MFSA 2014-39/CVE-2014-1525 (bmo#989210) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
994 |
Use-after-free in the Text Track Manager for HTML video |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
995 |
* MFSA 2014-41/CVE-2014-1528 (bmo#963962) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
996 |
Out-of-bounds write in Cairo |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
997 |
* MFSA 2014-42/CVE-2014-1529 (bmo#987003) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
998 |
Privilege escalation through Web Notification API |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
999 |
* MFSA 2014-43/CVE-2014-1530 (bmo#895557) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
1000 |
Cross-site scripting (XSS) using history navigations |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
1001 |
* MFSA 2014-44/CVE-2014-1531 (bmo#987140) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
1002 |
Use-after-free in imgLoader while resizing images |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
1003 |
* MFSA 2014-45/CVE-2014-1492 (bmo#903885) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
1004 |
Incorrect IDNA domain name matching for wildcard certificates |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
1005 |
(fixed by NSS 3.16) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
1006 |
* MFSA 2014-46/CVE-2014-1532 (bmo#966006) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
1007 |
Use-after-free in nsHostResolver |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
1008 |
* MFSA 2014-47/CVE-2014-1526 (bmo#988106) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
1009 |
Debugger can bypass XrayWrappers with JavaScript |
727
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
1010 |
- rebased patches |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
1011 |
- removed obsolete patches |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
1012 |
* firefox-browser-css.patch |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
1013 |
* mozilla-aarch64-599882cfb998.diff |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
1014 |
* mozilla-aarch64-bmo-963028.patch |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
1015 |
* mozilla-aarch64-bmo-963029.patch |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
1016 |
* mozilla-aarch64-bmo-963030.patch |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
1017 |
* mozilla-aarch64-bmo-963031.patch |
716
cef565f1c325
update to Firefox 29.0b7
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
715
diff
changeset
|
1018 |
- requires NSS 3.16 |
cef565f1c325
update to Firefox 29.0b7
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
715
diff
changeset
|
1019 |
- added mozilla-icu-strncat.patch to fix post build checks |
cef565f1c325
update to Firefox 29.0b7
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
715
diff
changeset
|
1020 |
|
cef565f1c325
update to Firefox 29.0b7
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
715
diff
changeset
|
1021 |
------------------------------------------------------------------- |
715 | 1022 |
Mon Apr 7 15:34:31 UTC 2014 - dmueller@suse.com |
1023 |
||
1024 |
- add mozilla-aarch64-599882cfb998.patch, |
|
1025 |
mozilla-aarch64-bmo-810631.patch, |
|
1026 |
mozilla-aarch64-bmo-962488.patch, |
|
1027 |
mozilla-aarch64-bmo-963030.patch, |
|
1028 |
mozilla-aarch64-bmo-963027.patch, |
|
1029 |
mozilla-aarch64-bmo-963028.patch, |
|
1030 |
mozilla-aarch64-bmo-963029.patch, |
|
1031 |
mozilla-aarch64-bmo-963023.patch, |
|
1032 |
mozilla-aarch64-bmo-963024.patch, |
|
1033 |
mozilla-aarch64-bmo-963031.patch: AArch64 porting |
|
1034 |
||
1035 |
------------------------------------------------------------------- |
|
714
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1036 |
Mon Mar 24 16:18:44 UTC 2014 - dvaleev@suse.com |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1037 |
|
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1038 |
- Add patch for bmo#973977 |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1039 |
* mozilla-ppc64-xpcom.patch |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1040 |
|
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1041 |
------------------------------------------------------------------- |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1042 |
Mon Mar 24 14:29:12 UTC 2014 - dvaleev@suse.com |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1043 |
|
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1044 |
- Refresh mozilla-ppc64le-xpcom.patch patch |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1045 |
|
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1046 |
------------------------------------------------------------------- |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1047 |
Fri Mar 21 19:01:42 UTC 2014 - dvaleev@suse.com |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1048 |
|
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1049 |
- Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1050 |
|
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
1051 |
------------------------------------------------------------------- |
711
012a5adf5c74
moved to mozilla-release (28.0build2)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
710
diff
changeset
|
1052 |
Sun Mar 16 13:39:15 UTC 2014 - wr@rosenauer.org |
012a5adf5c74
moved to mozilla-release (28.0build2)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
710
diff
changeset
|
1053 |
|
712 | 1054 |
- update to Firefox 28.0 (bnc#868603) |
1055 |
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 |
|
1056 |
Miscellaneous memory safety hazards |
|
1057 |
* MFSA 2014-17/CVE-2014-1497 (bmo#966311) |
|
1058 |
Out of bounds read during WAV file decoding |
|
1059 |
* MFSA 2014-18/CVE-2014-1498 (bmo#935618) |
|
1060 |
crypto.generateCRMFRequest does not validate type of key |
|
1061 |
* MFSA 2014-19/CVE-2014-1499 (bmo#961512) |
|
1062 |
Spoofing attack on WebRTC permission prompt |
|
1063 |
* MFSA 2014-20/CVE-2014-1500 (bmo#956524) |
|
1064 |
onbeforeunload and Javascript navigation DOS |
|
1065 |
* MFSA 2014-22/CVE-2014-1502 (bmo#972622) |
|
1066 |
WebGL content injection from one domain to rendering in another |
|
1067 |
* MFSA 2014-23/CVE-2014-1504 (bmo#911547) |
|
1068 |
Content Security Policy for data: documents not preserved by |
|
1069 |
session restore |
|
1070 |
* MFSA 2014-26/CVE-2014-1508 (bmo#963198) |
|
1071 |
Information disclosure through polygon rendering in MathML |
|
1072 |
* MFSA 2014-27/CVE-2014-1509 (bmo#966021) |
|
1073 |
Memory corruption in Cairo during PDF font rendering |
|
1074 |
* MFSA 2014-28/CVE-2014-1505 (bmo#941887) |
|
1075 |
SVG filters information disclosure through feDisplacementMap |
|
1076 |
* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) |
|
1077 |
Privilege escalation using WebIDL-implemented APIs |
|
1078 |
* MFSA 2014-30/CVE-2014-1512 (bmo#982957) |
|
1079 |
Use-after-free in TypeObject |
|
1080 |
* MFSA 2014-31/CVE-2014-1513 (bmo#982974) |
|
1081 |
Out-of-bounds read/write through neutering ArrayBuffer objects |
|
1082 |
* MFSA 2014-32/CVE-2014-1514 (bmo#983344) |
|
1083 |
Out-of-bounds write through TypedArrayObject after neutering |
|
707 | 1084 |
- requires NSPR 4.10.3 and NSS 3.15.5 |
712 | 1085 |
- new build dependency (and recommends): |
703 | 1086 |
* libpulse |
710
5341dc98d26c
update of PPC64LE patches taken from
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
707
diff
changeset
|
1087 |
- update of PowerPC 64 patches (bmo#976648) (pcerny@suse.com) |