author | Wolfgang Rosenauer <wr@rosenauer.org> |
Thu, 23 Mar 2017 14:47:57 +0100 | |
changeset 953 | 6b282f295753 |
parent 951 | f7a8fa97a57e |
child 954 | 0100ca6f6eed |
permissions | -rw-r--r-- |
893
86f72f1e98a4
prepare Gtk3 based builds on a feature branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
892
diff
changeset
|
1 |
------------------------------------------------------------------- |
953 | 2 |
Mon Mar 20 15:48:56 UTC 2017 - wr@rosenauer.org |
951
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
3 |
|
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
4 |
- update to Firefox 53.0b4 |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
5 |
* requires NSS 3.29.3 |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
6 |
* Lightweight themes are now applied in private browsing windows |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
7 |
* Reader Mode now displays estimated reading time for the page |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
8 |
* Two new 'compact' themes available in Firefox, dark and light, |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
9 |
based on the Firefox Developer Edition theme |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
10 |
* Ended Firefox Linux support for processors older than Pentium 4 |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
11 |
and AMD Opteron |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
12 |
* Refresh of the media controls user interface |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
13 |
* Shortened titles on tabs are faded out instead of using ellipsis |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
14 |
for improved readability |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
15 |
* Media playback on new tabs is blocked until the tab is visible |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
16 |
* Permission notifications have a cleaner design and cannot be |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
17 |
easily missed |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
18 |
- removed browser(npapi) provides as these plugins are deprecated |
953 | 19 |
- switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for |
20 |
Leap 42 |
|
21 |
- Gtk2 is not longer an option; switched to Gtk3 |
|
22 |
||
23 |
------------------------------------------------------------------- |
|
24 |
Mon Mar 20 15:35:57 UTC 2017 - wr@rosenauer.org |
|
25 |
||
26 |
- disable rust usage for everything but x86(-64) |
|
951
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
27 |
|
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
28 |
------------------------------------------------------------------- |
946 | 29 |
Fri Mar 17 15:43:29 UTC 2017 - wr@rosenauer.org |
30 |
||
31 |
- update to Firefox 52.0.1 (boo#1029822) |
|
32 |
MFSA 2017-08 |
|
33 |
CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168) |
|
34 |
||
35 |
------------------------------------------------------------------- |
|
945 | 36 |
Thu Mar 9 12:30:14 UTC 2017 - wr@rosenauer.org |
37 |
||
38 |
- reenable ALSA support which was removed by default upstream |
|
39 |
||
40 |
------------------------------------------------------------------- |
|
944 | 41 |
Sat Mar 4 16:57:45 UTC 2017 - wr@rosenauer.org |
42 |
||
945 | 43 |
- update to Firefox 52.0 (boo#1028391) |
944 | 44 |
* requires NSS >= 3.28.3 |
942
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
45 |
* Pages containing insecure password fields now display a warning |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
46 |
directly within username and password fields. |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
47 |
* Send and open a tab from one device to another with Sync |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
48 |
* Removed NPAPI support for plugins other than Flash. Silverlight, |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
49 |
Java, Acrobat and the like are no longer supported. |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
50 |
* Removed Battery Status API to reduce fingerprinting of users by |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
51 |
trackers |
945 | 52 |
* MFSA 2017-05 |
53 |
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP |
|
54 |
(bmo#1334933) |
|
55 |
CVE-2017-5401: Memory Corruption when handling ErrorResult |
|
56 |
(bmo#1328861) |
|
57 |
CVE-2017-5402: Use-after-free working with events in FontFace |
|
58 |
objects (bmo#1334876) |
|
59 |
CVE-2017-5403: Use-after-free using addRange to add range to an |
|
60 |
incorrect root object (bmo#1340186) |
|
61 |
CVE-2017-5404: Use-after-free working with ranges in selections |
|
62 |
(bmo#1340138) |
|
63 |
CVE-2017-5406: Segmentation fault in Skia with canvas operations |
|
64 |
(bmo#1306890) |
|
65 |
CVE-2017-5407: Pixel and history stealing via floating-point |
|
66 |
timing side channel with SVG filters (bmo#1336622) |
|
67 |
CVE-2017-5410: Memory corruption during JavaScript garbage |
|
68 |
collection incremental sweeping (bmo#1330687) |
|
69 |
CVE-2017-5408: Cross-origin reading of video captions in violation |
|
70 |
of CORS (bmo#1313711) |
|
71 |
CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) |
|
72 |
CVE-2017-5413: Segmentation fault during bidirectional operations |
|
73 |
(bmo#1337504) |
|
74 |
CVE-2017-5414: File picker can choose incorrect default directory |
|
75 |
(bmo#1319370) |
|
76 |
CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) |
|
77 |
CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) |
|
78 |
CVE-2017-5417: Addressbar spoofing by draging and dropping URLs |
|
79 |
(bmo#791597) |
|
80 |
CVE-2017-5426: Gecko Media Plugin sandbox is not started if |
|
81 |
seccomp-bpf filter is running (bmo#1257361) |
|
82 |
CVE-2017-5427: Non-existent chrome.manifest file loaded during |
|
83 |
startup (bmo#1295542) |
|
84 |
CVE-2017-5418: Out of bounds read when parsing HTTP digest |
|
85 |
authorization responses (bmo#1338876) |
|
86 |
CVE-2017-5419: Repeated authentication prompts lead to DOS |
|
87 |
attack (bmo#1312243) |
|
88 |
CVE-2017-5420: Javascript: URLs can obfuscate addressbar |
|
89 |
location (bmo#1284395) |
|
90 |
CVE-2017-5405: FTP response codes can cause use of |
|
91 |
uninitialized values for ports (bmo#1336699) |
|
92 |
CVE-2017-5421: Print preview spoofing (bmo#1301876) |
|
93 |
CVE-2017-5422: DOS attack by using view-source: protocol |
|
94 |
repeatedly in one hyperlink (bmo#1295002) |
|
95 |
CVE-2017-5399: Memory safety bugs fixed in Firefox 52 |
|
96 |
CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and |
|
97 |
Firefox ESR 45.8 |
|
942
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
98 |
- removed obsolete patches |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
99 |
* mozilla-binutils-visibility.patch |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
100 |
* mozilla-check_return.patch |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
101 |
* mozilla-disable-skia-be.patch |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
102 |
* mozilla-skia-overflow.patch |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
103 |
* mozilla-skia-ppc-endianess.patch |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
104 |
- rebased patches |
943 | 105 |
- enable rust usage for Tumbleweed |
942
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
106 |
|
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
107 |
------------------------------------------------------------------- |
940 | 108 |
Fri Jan 27 20:25:59 UTC 2017 - astieger@suse.com |
109 |
||
110 |
- Mozilla Firefox 51.0.1: |
|
111 |
- Multiprocess incompatibility did not correctly register with |
|
112 |
some add-ons (bmo#1333423) |
|
113 |
||
114 |
------------------------------------------------------------------- |
|
935
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
115 |
Fri Jan 20 13:57:56 UTC 2017 - wr@rosenauer.org |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
116 |
|
940 | 117 |
- update to Firefox 51.0 |
935
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
118 |
* requires NSPR >= 4.13.1, NSS >= 3.28.1 |
936 | 119 |
* Added support for FLAC (Free Lossless Audio Codec) playback |
120 |
* Added support for WebGL 2 |
|
121 |
* Added Georgian (ka) and Kabyle (kab) locales |
|
122 |
* Support saving passwords for forms without 'submit' events |
|
123 |
* Improved video performance for users without GPU acceleration |
|
124 |
* Zoom indicator is shown in the URL bar if the zoom level is not |
|
125 |
at default level |
|
126 |
* View passwords from the prompt before saving them |
|
127 |
* Remove Belarusian (be) locale |
|
128 |
* Use Skia for content rendering (Linux) |
|
940 | 129 |
* MFSA 2017-01 |
130 |
CVE-2017-5375: Excessive JIT code allocation allows bypass of |
|
131 |
ASLR and DEP (bmo#1325200, boo#1021814) |
|
132 |
CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) |
|
133 |
CVE-2017-5377: Memory corruption with transforms to create |
|
134 |
gradients in Skia (bmo#1306883, boo#1021826) |
|
135 |
CVE-2017-5378: Pointer and frame data leakage of Javascript objects |
|
136 |
(bmo#1312001, bmo#1330769, boo#1021818) |
|
137 |
CVE-2017-5379: Use-after-free in Web Animations |
|
138 |
(bmo#1309198,boo#1021827) |
|
139 |
CVE-2017-5380: Potential use-after-free during DOM manipulations |
|
140 |
(bmo#1322107, boo#1021819) |
|
141 |
CVE-2017-5390: Insecure communication methods in Developer Tools |
|
142 |
JSON viewer (bmo#1297361, boo#1021820) |
|
143 |
CVE-2017-5389: WebExtensions can install additional add-ons via |
|
144 |
modified host requests (bmo#1308688, boo#1021828) |
|
145 |
CVE-2017-5396: Use-after-free with Media Decoder |
|
146 |
(bmo#1329403, boo#1021821) |
|
147 |
CVE-2017-5381: Certificate Viewer exporting can be used to navigate |
|
148 |
and save to arbitrary filesystem locations |
|
149 |
(bmo#1017616, boo#1021830) |
|
150 |
CVE-2017-5382: Feed preview can expose privileged content errors |
|
151 |
and exceptions (bmo#1295322, boo#1021831) |
|
152 |
CVE-2017-5383: Location bar spoofing with unicode characters |
|
153 |
(bmo#1323338, bmo#1324716, boo#1021822) |
|
154 |
CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) |
|
155 |
(bmo#1255474, boo#1021832) |
|
156 |
CVE-2017-5385: Data sent in multipart channels ignores referrer-policy |
|
157 |
response headers (bmo#1295945, boo#1021833) |
|
158 |
CVE-2017-5386: WebExtensions can use data: protocol to affect other |
|
159 |
extensions (bmo#1319070, boo#1021823) |
|
160 |
CVE-2017-5394: Android location bar spoofing using fullscreen and |
|
161 |
JavaScript events (bmo#1222798) |
|
162 |
CVE-2017-5391: Content about: pages can load privileged about: pages |
|
163 |
(bmo#1309310, boo#1021835) |
|
164 |
CVE-2017-5392: Weak references using multiple threads on weak proxy |
|
165 |
objects lead to unsafe memory usage (bmo#1293709) |
|
166 |
(Android only) |
|
167 |
CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for |
|
168 |
mozAddonManager (bmo#1309282, boo#1021837) |
|
169 |
CVE-2017-5395: Android location bar spoofing during scrolling |
|
170 |
(bmo#1293463) (Android only) |
|
171 |
CVE-2017-5387: Disclosure of local file existence through TRACK |
|
172 |
tag error messages (bmo#1295023, boo#1021839) |
|
173 |
CVE-2017-5388: WebRTC can be used to generate a large amount of |
|
174 |
UDP traffic for DDOS attacks |
|
175 |
(bmo#1281482, boo#1021840) |
|
176 |
CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841) |
|
177 |
CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and |
|
178 |
Firefox ESR 45.7 (boo#1021824) |
|
179 |
- switch Firefox to Gtk3 for Tumbleweed |
|
935
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
180 |
- removed obsolete patches |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
181 |
* mozilla-flex_buffer_overrun.patch |
939
3604ed712e16
51.0 as submitted to official openSUSE
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
938
diff
changeset
|
182 |
- updated RPM locale support tag |
3604ed712e16
51.0 as submitted to official openSUSE
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
938
diff
changeset
|
183 |
- improve recognition of LANGUAGE env variable (boo#1017174) |
940 | 184 |
- add upstream patch to fix PPC64LE (bmo#1319389) |
185 |
(mozilla-skia-ppc-endianess.patch) |
|
186 |
- fix build without skia (big endian archs) (bmo#1319374) |
|
187 |
(mozilla-disable-skia-be.patch) |
|
935
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
188 |
|
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
189 |
------------------------------------------------------------------- |
933 | 190 |
Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org |
191 |
||
935
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
192 |
- update to Firefox 50.1.0 (boo#1015422) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
193 |
* MFSA 2016-94 |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
194 |
CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
195 |
CVE-2016-9899: Use-after-free while manipulating DOM events and |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
196 |
audio elements (bmo#1317409) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
197 |
CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
198 |
CVE-2016-9896: Use-after-free with WebVR (bmo#1315543) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
199 |
CVE-2016-9897: Memory corruption in libGLES (bmo#1301381) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
200 |
CVE-2016-9898: Use-after-free in Editor while manipulating |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
201 |
DOM subtrees (bmo#1314442) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
202 |
CVE-2016-9900: Restricted external resources can be loaded by |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
203 |
SVG images through data URLs (bmo#1319122) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
204 |
CVE-2016-9904: Cross-origin information leak in shared atoms |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
205 |
(bmo#1317936) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
206 |
CVE-2016-9901: Data from Pocket server improperly sanitized |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
207 |
before execution (bmo#1320057) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
208 |
CVE-2016-9902: Pocket extension does not validate the origin |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
209 |
of events (bmo#1320039) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
210 |
CVE-2016-9903: XSS injection vulnerability in add-ons SDK |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
211 |
(bmo#1315435) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
212 |
CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
213 |
CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
214 |
Firefox ESR 45.6 |
933 | 215 |
|
216 |
------------------------------------------------------------------- |
|
217 |
Fri Dec 9 17:57:22 UTC 2016 - cgrobertson@novell.com |
|
218 |
||
219 |
- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922) |
|
220 |
||
221 |
------------------------------------------------------------------- |
|
222 |
Thu Dec 1 02:49:45 UTC 2016 - wr@rosenauer.org |
|
223 |
||
224 |
- update to Firefox 50.0.2 |
|
225 |
* Firefox crashes with 3rd party Chinese IME when using IME text |
|
226 |
(50.0.1) |
|
227 |
security fixes (in 50.0.1): (boo#1012807) |
|
228 |
* MFSA 2016-91 |
|
229 |
CVE-2016-9078: data: URL can inherit wrong origin after an |
|
230 |
HTTP redirect (bmo#1317641) |
|
231 |
security fixes (in 50.0.2) (boo#1012964) |
|
232 |
* MFSA 2016-92 |
|
233 |
CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066) |
|
234 |
||
235 |
------------------------------------------------------------------- |
|
932 | 236 |
Mon Nov 14 21:07:03 UTC 2016 - wr@rosenauer.org |
237 |
||
238 |
- update to Firefox 50.0 (boo#1009026) |
|
239 |
* requires NSS 3.26.2 |
|
240 |
new features |
|
241 |
* Updates to keyboard shortcuts |
|
242 |
Set a preference to have Ctrl+Tab cycle through tabs in recently |
|
243 |
used order |
|
244 |
View a page in Reader Mode by using Ctrl+Alt+R |
|
245 |
* Added option to Find in page that allows users to limit search to |
|
246 |
whole words only |
|
247 |
* Added download protection for a large number of executable file |
|
248 |
types on Windows, Mac and Linux |
|
249 |
* Fixed rendering of dashed and dotted borders with rounded corners |
|
250 |
(border-radius) |
|
251 |
* Added a built-in Emoji set for operating systems without native |
|
252 |
Emoji fonts (Windows 8.0 and lower and Linux) |
|
253 |
* Blocked versions of libavcodec older than 54.35.1 |
|
254 |
* additional locale |
|
255 |
security fixes: |
|
256 |
* MFSA 2016-89 |
|
257 |
CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 |
|
258 |
(bmo#1292443) |
|
259 |
CVE-2016-5292: URL parsing causes crash (bmo#1288482) |
|
260 |
CVE-2016-5293: Write to arbitrary file with updater and moz |
|
261 |
maintenance service using updater.log hardlink |
|
262 |
(Windows only) (bmo#1246945) |
|
263 |
CVE-2016-5294: Arbitrary target directory for result files of |
|
264 |
update process (Windows only) (bmo#1246972) |
|
265 |
CVE-2016-5297: Incorrect argument length checking in Javascript |
|
266 |
(bmo#1303678) |
|
267 |
CVE-2016-9064: Addons update must verify IDs match between |
|
268 |
current and new versions (bmo#1303418) |
|
269 |
CVE-2016-9065: Firefox for Android location bar spoofing usingfullscreen |
|
270 |
(Android only) (bmo#1306696) |
|
271 |
CVE-2016-9066: Integer overflow leading to a buffer overflow in |
|
272 |
nsScriptLoadHandler (bmo#1299686) |
|
273 |
CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore |
|
274 |
(bmo#1301777, bmo#1308922 (CVE-2016-9069)) |
|
275 |
CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973) |
|
276 |
CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile |
|
277 |
(bmo#1300083) (Windows only) |
|
278 |
CVE-2016-9075: WebExtensions can access the mozAddonManager API |
|
279 |
and use it to gain elevated privileges (bmo#1295324) |
|
280 |
CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied |
|
281 |
to cross-origin images, allowing timing attacks on them |
|
282 |
(bmo#1298552) |
|
283 |
CVE-2016-5291: Same-origin policy violation using local HTML file |
|
284 |
and saved shortcut file (bmo#1292159) |
|
285 |
CVE-2016-5295: Mozilla Maintenance Service: Ability to read |
|
286 |
arbitrary files as SYSTEM (Windows only) (bmo#1247239) |
|
287 |
CVE-2016-5298: SSL indicator can mislead the user about the real |
|
288 |
URL visited (bmo#1227538) (Android only) |
|
289 |
CVE-2016-5299: Firefox AuthToken in broadcast protected with |
|
290 |
signature-level permission can be accessed by an |
|
291 |
application installed beforehand that defines the |
|
292 |
same permissions (bmo#1245791) (Android only) |
|
293 |
CVE-2016-9061: API Key (glocation) in broadcast protected with |
|
294 |
signature-level permission can be accessed by an |
|
295 |
application installed beforehand that defines the |
|
296 |
same permissions (Android only) (bmo#1245795) |
|
297 |
CVE-2016-9062: Private browsing browser traces (android) in |
|
298 |
browser.db and wal file (Android only) (bmo#1294438) |
|
299 |
CVE-2016-9070: Sidebar bookmark can have reference to chrome window |
|
300 |
(bmo#1281071) |
|
301 |
CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl" |
|
302 |
(bmo#1289273) |
|
303 |
CVE-2016-9074: Insufficient timing side-channel resistance in |
|
304 |
divSpoiler (bmo#1293334) (fixed via NSS 3.26.1) |
|
305 |
CVE-2016-9076: select dropdown menu can be used for URL bar |
|
306 |
spoofing on e10s (bmo#1276976) |
|
307 |
CVE-2016-9063: Possible integer overflow to fix inside XML_Parse |
|
308 |
in expat (bmo#1274777) |
|
309 |
CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP |
|
310 |
(bmo#1285003) |
|
311 |
CVE-2016-5289: Memory safety bugs fixed in Firefox 50 |
|
312 |
CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 |
|
313 |
- make aarch64 build more similar to x86_64 build (remove conditionals |
|
314 |
that don't seem to be necessary anymore) |
|
315 |
||
316 |
------------------------------------------------------------------- |
|
931 | 317 |
Mon Oct 24 09:41:17 UTC 2016 - astieger@suse.com |
318 |
||
319 |
- Mozilla Firefox 49.0.2: |
|
320 |
* CVE-2016-5287: Crash in nsTArray_base (bsc#1006475) |
|
321 |
* CVE-2016-5288: Web content can read cache entries (bsc#1006476) |
|
322 |
* Asynchronous rendering of the Flash plugins is now enabled by |
|
323 |
default |
|
324 |
* Change D3D9 default fallback preference to prevent graphical |
|
325 |
artifacts |
|
326 |
* Network issue prevents some users from seeing the Firefox UI on |
|
327 |
startup |
|
328 |
* Web compatibility issue with file uploads |
|
329 |
* Web compatibility issue with Array.prototype.values |
|
330 |
* Diagnostic information on timing for tab switching |
|
331 |
* Fix a Canvas filters graphics issue affecting HTML5 apps |
|
332 |
||
333 |
------------------------------------------------------------------- |
|
930
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
334 |
Wed Oct 12 20:42:28 UTC 2016 - badshah400@gmail.com |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
335 |
|
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
336 |
- Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0 |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
337 |
and fixes have been incorporated by upstream. |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
338 |
|
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
339 |
------------------------------------------------------------------- |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
340 |
Fri Sep 23 20:36:39 UTC 2016 - astieger@suse.com |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
341 |
|
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
342 |
- Mozilla Firefox 49.0.1: |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
343 |
* Mitigate a startup crash issue caused by Websense - bmo#1304783 |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
344 |
|
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
345 |
------------------------------------------------------------------- |
929 | 346 |
Tue Sep 20 07:09:52 UTC 2016 - wr@rosenauer.org |
347 |
||
348 |
- update to Firefox 49.0 (boo#999701) |
|
349 |
new features |
|
350 |
* Updated Firefox Login Manager to allow HTTPS pages to use saved |
|
351 |
HTTP logins. |
|
352 |
* Added features to Reader Mode that make it easier on the eyes and |
|
353 |
the ears |
|
354 |
* Improved video performance for users on systems that support |
|
355 |
SSE3 without hardware acceleration |
|
356 |
* Added context menu controls to HTML5 audio and video that let users |
|
357 |
loops files or play files at 1.25x speed |
|
358 |
* Improvements in about:memory reports for tracking font memory usage |
|
359 |
security related |
|
360 |
* MFSA 2016-85 |
|
361 |
CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in |
|
362 |
mozilla::net::IsValidReferrerPolicy |
|
363 |
CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in |
|
364 |
nsCaseTransformTextRunFactory::TransformString |
|
365 |
CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in |
|
366 |
PropertyProvider::GetSpacingInternal |
|
367 |
CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin |
|
368 |
CVE-2016-5273 (bmo#1280387) - crash in |
|
369 |
mozilla::a11y::HyperTextAccessible::GetChildOffset |
|
370 |
CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in |
|
371 |
mozilla::a11y::DocAccessible::ProcessInvalidationList |
|
372 |
CVE-2016-5274 (bmo#1282076) - use-after-free in |
|
373 |
nsFrameManager::CaptureFrameState |
|
374 |
CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick |
|
375 |
CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in |
|
376 |
mozilla::gfx::FilterSupport::ComputeSourceNeededRegions |
|
377 |
CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in |
|
378 |
nsBMPEncoder::AddImageFrame |
|
379 |
CVE-2016-5279 (bmo#1249522) - Full local path of files is available |
|
380 |
to web pages after drag and drop |
|
381 |
CVE-2016-5280 (bmo#1289970) - Use-after-free in |
|
382 |
mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap |
|
383 |
CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength |
|
384 |
CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons |
|
385 |
from non-whitelisted schemes |
|
386 |
CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can |
|
387 |
reveal cross-origin data |
|
388 |
CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration |
|
389 |
CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 |
|
390 |
CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 |
|
391 |
- removed obsolete patches: |
|
392 |
* mozilla-aarch64-48bit-va.patch |
|
393 |
* mozilla-exclude-nametablecpp.patch |
|
394 |
* mozilla-old_configure-bmo1282843.patch |
|
395 |
- added patch mozilla-skia-overflow.patch (bmo#1304114) |
|
396 |
- requires NSS 3.25 |
|
397 |
||
398 |
------------------------------------------------------------------- |
|
928 | 399 |
Tue Aug 30 20:25:38 UTC 2016 - astieger@suse.com |
400 |
||
401 |
- Mozilla Firefox 48.0.2: |
|
402 |
* Mitigate a startup crash issue caused on Windows (bmo#1291738) |
|
403 |
||
404 |
------------------------------------------------------------------- |
|
927 | 405 |
Sat Aug 20 10:58:26 UTC 2016 - astieger@suse.com |
406 |
||
407 |
- Mozilla Firefox 48.0.1: |
|
408 |
* Fix an audio regression impacting some major websites |
|
409 |
(bmo#1295296) |
|
410 |
* Fix a top crash in the JavaScript engine (bmo#1290469) |
|
411 |
* Fix a startup crash issue caused by Websense (bmo#1291738) |
|
412 |
* Fix a different behavior with e10s / non-e10s on <select> and |
|
413 |
mouse events (bmo#1291078) |
|
414 |
* Fix a top crash caused by plugin issues (bmo#1264530) |
|
415 |
* Fix a shutdown issue (bmo#1276920) |
|
416 |
* Fix a crash in WebRTC |
|
417 |
||
418 |
------------------------------------------------------------------- |
|
925
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
419 |
Mon Aug 15 11:24:00 UTC 2016 - wr@rosenauer.org |
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
420 |
|
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
421 |
- added upstream patch so system plugins/extensions are correctly |
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
422 |
loaded again on x86-64 (bmo#1282843) |
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
423 |
(mozilla-old_configure-bmo1282843.patch) |
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
424 |
|
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
425 |
------------------------------------------------------------------- |
926
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
426 |
Fri Aug 5 13:47:12 UTC 2016 - pcerny@suse.com |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
427 |
|
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
428 |
- Fix for possible buffer overrun (bsc#990856) |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
429 |
CVE-2016-6354 (bmo#1292534) |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
430 |
[mozilla-flex_buffer_overrun.patch] |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
431 |
|
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
432 |
------------------------------------------------------------------- |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
433 |
Wed Aug 3 03:38:47 UTC 2016 - badshah400@gmail.com |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
434 |
|
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
435 |
- Update mozilla-gtk3_20.patch to latest version from Fedora. |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
436 |
|
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
437 |
------------------------------------------------------------------- |
923 | 438 |
Mon Aug 1 12:37:05 UTC 2016 - wr@rosenauer.org |
439 |
||
924 | 440 |
- update to Firefox 48.0 (boo#991809) |
923 | 441 |
* requires NSS 3.24 |
442 |
* Process separation (e10s) is enabled for some of you |
|
443 |
* Add-ons that have not been verified and signed by Mozilla will not load |
|
444 |
* WebRTC embetterments |
|
445 |
* The media parser has been redeveloped using the Rust programming |
|
446 |
language |
|
447 |
* better Canvas performance with speedy Skia support |
|
924 | 448 |
security fixes: |
449 |
* MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 |
|
450 |
Miscellaneous memory safety hazards |
|
451 |
* MFSA 2016-63/CVE-2016-2830 (bmo#1255270) |
|
452 |
Favicon network connection can persist when page is closed |
|
453 |
* MFSA 2016-64/CVE-2016-2838 (bmo#1279814) |
|
454 |
Buffer overflow rendering SVG with bidirectional content |
|
455 |
* MFSA 2016-65/CVE-2016-2839 (bmo#1275339) |
|
456 |
Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 |
|
457 |
* MFSA 2016-66/CVE-2016-5251 (bmo#1255570) |
|
458 |
Location bar spoofing via data URLs with malformed/invalid mediatypes |
|
459 |
* MFSA 2016-67/CVE-2016-5252 (bmo#1268854) |
|
460 |
Stack underflow during 2D graphics rendering |
|
461 |
* MFSA 2016-68/CVE-2016-0718 (bmo#1236923) |
|
462 |
Out-of-bounds read during XML parsing in Expat library |
|
463 |
* MFSA 2016-69/CVE-2016-5253 (bmo#1246944) |
|
464 |
Arbitrary file manipulation by local user through Mozilla updater |
|
465 |
and callback application path parameter (Windows-only) |
|
466 |
* MFSA 2016-70/CVE-2016-5254 (bmo#1266963) |
|
467 |
Use-after-free when using alt key and toplevel menus |
|
468 |
* MFSA 2016-71/CVE-2016-5255 (bmo#1212356) |
|
469 |
Crash in incremental garbage collection in JavaScript |
|
470 |
* MFSA 2016-72/CVE-2016-5258 (bmo#1279146) |
|
471 |
Use-after-free in DTLS during WebRTC session shutdown |
|
472 |
* MFSA 2016-73/CVE-2016-5259 (bmo#1282992) |
|
473 |
Use-after-free in service workers with nested sync events |
|
474 |
* MFSA 2016-74/CVE-2016-5260 (bmo#1280294) |
|
475 |
Form input type change from password to text can store plain |
|
476 |
text password in session restore file |
|
477 |
* MFSA 2016-75/CVE-2016-5261 (bmo#1287266) |
|
478 |
Integer overflow in WebSockets during data buffering |
|
479 |
* MFSA 2016-76/CVE-2016-5262 (bmo#1277475) |
|
480 |
Scripts on marquee tag can execute in sandboxed iframes |
|
481 |
* MFSA 2016-77/CVE-2016-2837 (bmo#1274637) |
|
482 |
Buffer overflow in ClearKey Content Decryption Module (CDM) |
|
483 |
during video playback |
|
484 |
* MFSA 2016-78/CVE-2016-5263 (bmo#1276897) |
|
485 |
Type confusion in display transformation |
|
486 |
* MFSA 2016-79/CVE-2016-5264 (bmo#1286183) |
|
487 |
Use-after-free when applying SVG effects |
|
488 |
* MFSA 2016-80/CVE-2016-5265 (bmo#1278013) |
|
489 |
Same-origin policy violation using local HTML file and saved shortcut file |
|
490 |
* MFSA 2016-81/CVE-2016-5266 (bmo#1226977) |
|
491 |
Information disclosure and local file manipulation through drag and drop |
|
492 |
* MFSA 2016-82/CVE-2016-5267 (bmo#1284372) |
|
493 |
Addressbar spoofing with right-to-left characters on Firefox for Android |
|
494 |
(Android only) |
|
495 |
* MFSA 2016-83/CVE-2016-5268 (bmo#1253673) |
|
496 |
Spoofing attack through text injection into internal error pages |
|
497 |
* MFSA 2016-84/CVE-2016-5250 (bmo#1254688) |
|
498 |
Information disclosure through Resource Timing API during page navigation |
|
923 | 499 |
- removed obsolete mozilla-gcc6.patch |
500 |
||
501 |
------------------------------------------------------------------- |
|
921
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
502 |
Fri Jul 29 01:26:13 UTC 2016 - badshah400@gmail.com |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
503 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
504 |
- Update description and screenshots in appdata.xml file. |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
505 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
506 |
------------------------------------------------------------------- |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
507 |
Sat Jul 23 20:13:08 UTC 2016 - antoine.belvire@laposte.net |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
508 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
509 |
- Fix Firefox crash on startup on i586 (boo#986541): |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
510 |
* Add -fno-delete-null-pointer-checks and |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
511 |
-fno-inline-small-functions to CFLAGS |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
512 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
513 |
------------------------------------------------------------------- |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
514 |
Tue Jul 19 20:12:11 UTC 2016 - mailaender@opensuse.org |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
515 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
516 |
- Update the appdata.xml file (replace Windows XP screenshot) |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
517 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
518 |
------------------------------------------------------------------- |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
519 |
Wed Jun 29 09:25:41 UTC 2016 - astieger@suse.com |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
520 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
521 |
- Mozilla Firefox 47.0.1: |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
522 |
* Selenium WebDriver may cause Firefox to crash at startup |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
523 |
(bmo#1280854) |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
524 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
525 |
------------------------------------------------------------------- |
920
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
526 |
Wed Jun 15 07:52:18 UTC 2016 - wr@rosenauer.org |
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
527 |
|
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
528 |
- mozilla-binutils-visibility.patch to fix build issues with |
921
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
529 |
gcc/binutils combination used in Leap 42.2 (boo#984637) |
920
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
530 |
|
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
531 |
------------------------------------------------------------------- |
919
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
532 |
Tue Jun 14 08:35:03 UTC 2016 - badshah400@gmail.com |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
533 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
534 |
- Update mozilla-gtk3_20.patch to latest version from Fedora. |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
535 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
536 |
------------------------------------------------------------------- |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
537 |
Mon Jun 13 20:28:01 UTC 2016 - agraf@suse.com |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
538 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
539 |
- Fix running on 48bit va aarch64 (bsc#984126) |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
540 |
* add patch mozilla-aarch64-48bit-va.patch |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
541 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
542 |
------------------------------------------------------------------- |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
543 |
Mon Jun 13 15:27:13 UTC 2016 - wr@rosenauer.org |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
544 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
545 |
- fix XUL dialog button order under KDE session (boo#984403) |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
546 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
547 |
------------------------------------------------------------------- |
916 | 548 |
Tue Jun 7 19:47:25 UTC 2016 - wr@rosenauer.org |
549 |
||
550 |
- update to Firefox 47.0 (boo#983549) |
|
551 |
* Enable VP9 video codec for users with fast machines |
|
552 |
* Embedded YouTube videos now play with HTML5 video if Flash is |
|
553 |
not installed |
|
554 |
* View and search open tabs from your smartphone or another |
|
555 |
computer in a sidebar |
|
556 |
* Allow no-cache on back/forward navigations for https resources |
|
557 |
security fixes: |
|
558 |
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818 |
|
559 |
(boo#983638) |
|
560 |
(bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743, |
|
561 |
bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493, |
|
562 |
bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752, |
|
563 |
bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130, |
|
564 |
bmo#1269729, bmo#1273202, bmo#1273701) |
|
565 |
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) |
|
566 |
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381) |
|
567 |
Buffer overflow parsing HTML5 fragments |
|
568 |
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460) |
|
569 |
Use-after-free deleting tables from a contenteditable document |
|
570 |
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129) |
|
571 |
Addressbar spoofing though the SELECT element |
|
572 |
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580) |
|
573 |
Out-of-bounds write with WebGL shader |
|
574 |
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093) |
|
575 |
Partial same-origin-policy through setting location.host |
|
576 |
through data URI |
|
577 |
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810) |
|
578 |
Use-after-free when textures are used in WebGL operations |
|
579 |
after recycle pool destruction |
|
580 |
* MFSA 2016-57/CVE-2016-2829 (boo#983644) (bmo#1248329) |
|
581 |
Incorrect icon displayed on permissions notifications |
|
582 |
* MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933) |
|
583 |
Entering fullscreen and persistent pointerlock without user |
|
584 |
permission |
|
585 |
* MFSA 2016-59/CVE-2016-2832 (boo#983632) (bmo#1025267) |
|
586 |
Information disclosure of disabled plugins through CSS |
|
587 |
pseudo-classes |
|
588 |
* MFSA 2016-60/CVE-2016-2833 (boo#983640) (bmo#908933) |
|
589 |
Java applets bypass CSP protections |
|
590 |
* MFSA 2016-62/CVE-2016-2834 (boo#983639) (bmo#1206283, |
|
591 |
bmo#1221620, bmo#1241034, bmo#1241037) |
|
592 |
Network Security Services (NSS) vulnerabilities |
|
593 |
fixed by requiring NSS 3.23 |
|
594 |
packaging changes: |
|
595 |
* cleanup configure options (boo#981695): |
|
596 |
- notably remove GStreamer support which is gone from FF |
|
597 |
* remove obsolete patches |
|
598 |
- mozilla-libproxy.patch |
|
599 |
- mozilla-repo.patch |
|
600 |
||
601 |
------------------------------------------------------------------- |
|
602 |
Wed May 25 16:36:23 UTC 2016 - badshah400@gmail.com |
|
603 |
||
604 |
- The conditional testing for gcc was failing for different |
|
605 |
openSUSE versions, drop it and apply patches unconditionally. |
|
606 |
||
607 |
------------------------------------------------------------------- |
|
608 |
Mon May 23 15:30:27 UTC 2016 - badshah400@gmail.com |
|
609 |
||
610 |
- Add patches to fix building with gcc6: |
|
611 |
+ mozilla-gcc6.patch: fix building with gcc >= 6.1; patch |
|
612 |
taken from upstream: |
|
613 |
https://hg.mozilla.org/mozilla-central/rev/55212130f19d. |
|
614 |
+ mozilla-exclude-nametablecpp.patch: Exclude NameTable.cpp |
|
615 |
from unified compilation because #include <cmath> in other |
|
616 |
source files causes gcc6 compilation failure; patch taken from |
|
617 |
upstream: |
|
618 |
https://hg.mozilla.org/mozilla-central/rev/9c57b7cacffc. |
|
619 |
||
620 |
------------------------------------------------------------------- |
|
621 |
Fri May 13 00:00:00 CEST 2016 - dsterba@suse.cz |
|
622 |
||
623 |
- enable build with PIE and full relro on x86_64 (boo#980384) |
|
624 |
||
625 |
------------------------------------------------------------------- |
|
914 | 626 |
Wed May 4 10:27:43 UTC 2016 - wr@rosenauer.org |
627 |
||
628 |
- update to Firefox 46.0.1 |
|
629 |
Fixed: |
|
630 |
* Search plugin issue for various locales |
|
631 |
* Add-on signing certificate expiration |
|
632 |
* Service worker update issue |
|
633 |
* Build issue when jit is disabled |
|
634 |
* Limit Sync registration updates |
|
635 |
- removed now obsolete mozilla-jit_branch64.patch |
|
636 |
||
637 |
------------------------------------------------------------------- |
|
913 | 638 |
Tue May 3 15:47:18 UTC 2016 - normand@linux.vnet.ibm.com |
639 |
||
640 |
- add mozilla-jit_branch64.patch to avoid PowerPC build failure |
|
641 |
(from bmo#1266366) |
|
642 |
||
643 |
------------------------------------------------------------------- |
|
909 | 644 |
Wed Apr 27 08:39:28 UTC 2016 - badshah400@gmail.com |
645 |
||
646 |
- Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest |
|
647 |
version from Fedora). |
|
648 |
||
649 |
------------------------------------------------------------------- |
|
650 |
Wed Apr 27 06:09:30 UTC 2016 - wr@rosenauer.org |
|
651 |
||
652 |
- update to Firefox 46.0 (boo#977333) |
|
653 |
* Improved security of the JavaScript Just In Time (JIT) Compiler |
|
654 |
* WebRTC fixes to improve performance and stability |
|
655 |
* Added support for document.elementsFromPoint |
|
656 |
* Added HKDF support for Web Crypto API |
|
657 |
* requires NSPR 4.12 and NSS 3.22.3 |
|
658 |
* added patch to fix unchecked return value |
|
659 |
mozilla-check_return.patch |
|
660 |
* Gtk3 builds not supported at the moment |
|
661 |
security fixes: |
|
662 |
* MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807 |
|
913 | 663 |
(boo#977373, boo#977375, boo#977376) |
909 | 664 |
Miscellaneous memory safety hazards |
913 | 665 |
* MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377) |
909 | 666 |
Privilege escalation through file deletion by Maintenance Service updater |
667 |
(Windows only) |
|
913 | 668 |
* MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378) |
909 | 669 |
Content provider permission bypass allows malicious application |
670 |
to access data (Android only) |
|
913 | 671 |
* MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 |
672 |
(bmo#1252330, bmo#1261776, boo#977379) |
|
909 | 673 |
Use-after-free and buffer overflow in Service Workers |
913 | 674 |
* MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380) |
909 | 675 |
Disclosure of user actions through JavaScript with motion and |
676 |
orientation sensors (only affects mobile variants) |
|
913 | 677 |
* MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381) |
909 | 678 |
Buffer overflow in libstagefright with CENC offsets |
913 | 679 |
* MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382) |
909 | 680 |
CSP not applied to pages sent with multipart/x-mixed-replace |
913 | 681 |
* MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384) |
909 | 682 |
Elevation of privilege with chrome.tabs.update API in web extensions |
913 | 683 |
* MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386) |
909 | 684 |
Write to invalid HashMap entry through JavaScript.watch() |
913 | 685 |
* MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388) |
909 | 686 |
Firefox Health Reports could accept events from untrusted domains |
687 |
||
688 |
------------------------------------------------------------------- |
|
908
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
689 |
Thu Apr 21 12:00:28 UTC 2016 - badshah400@gmail.com |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
690 |
|
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
691 |
- Update mozilla-gtk3_20.patch to fix scrollbar appearance under |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
692 |
gtk >= 3.20 (patch synced to Fedora's version). |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
693 |
|
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
694 |
------------------------------------------------------------------- |
907 | 695 |
Tue Apr 12 19:11:30 UTC 2016 - badshah400@gmail.com |
696 |
||
697 |
- Compile against gtk3 depending on whether the macro |
|
698 |
%firefox_use_gtk3 is defined or not (e.g., at the prjconf |
|
699 |
level); macro is undefined by default and so gtk2 is used as the |
|
700 |
default toolkit. |
|
701 |
- Add BuildRequires for additional packages needed when building |
|
702 |
against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0), |
|
703 |
pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0). |
|
704 |
- Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20; |
|
705 |
patch taken from Fedora (bmo#1230955). |
|
706 |
||
707 |
------------------------------------------------------------------- |
|
906 | 708 |
Mon Apr 11 22:49:24 UTC 2016 - astieger@suse.com |
709 |
||
710 |
- Mozilla Firefox 45.0.2: |
|
711 |
* Fix an issue impacting the cookie header when third-party |
|
712 |
cookies are blocked (bmo#1257861) |
|
713 |
* Fix a web compatibility regression impacting the srcset |
|
714 |
attribute of the image tag (bmo#1259482) |
|
715 |
* Fix a crash impacting the video playback with Media Source |
|
716 |
Extension (bmo#1258562) |
|
717 |
* Fix a regression impacting some specific uploads (bmo#1255735) |
|
718 |
* Fix a regression with the copy and paste with some old versions |
|
719 |
of some Gecko applications like Thunderbird (bmo#1254980) |
|
720 |
||
721 |
------------------------------------------------------------------- |
|
722 |
Fri Mar 18 08:52:58 UTC 2016 - astieger@suse.com |
|
723 |
||
724 |
- Mozilla Firefox 45.0.1: |
|
725 |
* Fix a regression causing search engine settings to be lost in |
|
726 |
some context (bmo#1254694) |
|
727 |
* Bring back non-standard jar: URIs to fix a regression in IBM |
|
728 |
iNotes (bmo#1255139) |
|
729 |
* XSLTProcessor.importStylesheet was failing when <import> was |
|
730 |
used (bmo#1249572) |
|
731 |
* Fix an issue which could cause the list of search provider to |
|
732 |
be empty (bmo#1255605) |
|
733 |
* Fix a regression when using the location bar (bmo#1254503) |
|
734 |
* Fix some loading issues when Accept third-party cookies: was |
|
735 |
set to Never (bmo#1254856) |
|
736 |
* Disabled Graphite font shaping library |
|
737 |
||
738 |
------------------------------------------------------------------- |
|
904 | 739 |
Sun Mar 6 19:52:13 UTC 2016 - wr@rosenauer.org |
740 |
||
906 | 741 |
- update to Firefox 45.0 (boo#969894) |
904 | 742 |
* requires NSPR 4.12 / NSS 3.21.1 |
743 |
* Instant browser tab sharing through Hello |
|
744 |
* Synced Tabs button in button bar |
|
745 |
* Tabs synced via Firefox Accounts from other devices are now shown |
|
746 |
in dropdown area of Awesome Bar when searching |
|
747 |
* Introduce a new preference (network.dns.blockDotOnion) to allow |
|
748 |
blocking .onion at the DNS level |
|
749 |
* Tab Groups (Panorama) feature removed |
|
906 | 750 |
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 |
751 |
Miscellaneous memory safety hazards |
|
752 |
* MFSA 2016-17/CVE-2016-1954 (bmo#1243178) |
|
753 |
Local file overwriting and potential privilege escalation through |
|
754 |
CSP reports |
|
755 |
* MFSA 2016-18/CVE-2016-1955 (bmo#1208946) |
|
756 |
CSP reports fail to strip location information for embedded iframe pages |
|
757 |
* MFSA 2016-19/CVE-2016-1956 (bmo#1199923) |
|
758 |
Linux video memory DOS with Intel drivers |
|
759 |
* MFSA 2016-20/CVE-2016-1957 (bmo#1227052) |
|
760 |
Memory leak in libstagefright when deleting an array during MP4 |
|
761 |
processing |
|
762 |
* MFSA 2016-21/CVE-2016-1958 (bmo#1228754) |
|
763 |
Displayed page address can be overridden |
|
764 |
* MFSA 2016-22/CVE-2016-1959 (bmo#1234949) |
|
765 |
Service Worker Manager out-of-bounds read in Service Worker Manager |
|
766 |
* MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) |
|
767 |
Use-after-free in HTML5 string parser |
|
768 |
* MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) |
|
769 |
Use-after-free in SetBody |
|
770 |
* MFSA 2016-25/CVE-2016-1962 (bmo#1240760) |
|
771 |
Use-after-free when using multiple WebRTC data channels |
|
772 |
* MFSA 2016-26/CVE-2016-1963 (bmo#1238440) |
|
773 |
Memory corruption when modifying a file being read by FileReader |
|
774 |
* MFSA 2016-27/CVE-2016-1964 (bmo#1243335) |
|
775 |
Use-after-free during XML transformations |
|
776 |
* MFSA 2016-28/CVE-2016-1965 (bmo#1245264) |
|
777 |
Addressbar spoofing though history navigation and Location protocol |
|
778 |
property |
|
779 |
* MFSA 2016-29/CVE-2016-1967 (bmo#1246956) |
|
780 |
Same-origin policy violation using perfomance.getEntries and |
|
781 |
history navigation with session restore |
|
782 |
* MFSA 2016-30/CVE-2016-1968 (bmo#1246742) |
|
783 |
Buffer overflow in Brotli decompression |
|
784 |
* MFSA 2016-31/CVE-2016-1966 (bmo#1246054) |
|
785 |
Memory corruption with malicious NPAPI plugin |
|
786 |
* MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ |
|
787 |
CVE-2016-1976/CVE-2016-1972 |
|
788 |
WebRTC and LibVPX vulnerabilities found through code inspection |
|
789 |
* MFSA 2016-33/CVE-2016-1973 (bmo#1219339) |
|
790 |
Use-after-free in GetStaticInstance in WebRTC |
|
791 |
* MFSA 2016-34/CVE-2016-1974 (bmo#1228103) |
|
792 |
Out-of-bounds read in HTML parser following a failed allocation |
|
793 |
* MFSA 2016-35/CVE-2016-1950 (bmo#1245528) |
|
794 |
Buffer overflow during ASN.1 decoding in NSS |
|
795 |
(fixed by requiring 3.21.1) |
|
796 |
* MFSA 2016-36/CVE-2016-1979 (bmo#1185033) |
|
797 |
Use-after-free during processing of DER encoded keys in NSS |
|
798 |
(fixed by requiring 3.21.1) |
|
799 |
* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ |
|
800 |
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ |
|
801 |
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ |
|
802 |
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 |
|
803 |
Font vulnerabilities in the Graphite 2 library |
|
904 | 804 |
|
805 |
------------------------------------------------------------------- |
|
806 |
Sat Mar 5 15:27:00 UTC 2016 - olaf@aepfle.de |
|
807 |
||
808 |
- Remove B_CNT from symbols.zip filename to reduce build-compare noise |
|
809 |
||
810 |
------------------------------------------------------------------- |
|
903 | 811 |
Fri Feb 26 16:22:52 UTC 2016 - astieger@suse.com |
812 |
||
813 |
- fix build problems on i586, caused by too large unified compile |
|
814 |
units - adding mozilla-reduce-files-per-UnifiedBindings.patch |
|
815 |
||
816 |
------------------------------------------------------------------- |
|
817 |
Thu Feb 11 07:51:34 UTC 2016 - wr@rosenauer.org |
|
818 |
||
819 |
- update to Firefox 44.0.2 |
|
820 |
* MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) |
|
821 |
Same-origin-policy violation using Service Workers with plugins |
|
822 |
* Fix issue which could lead to the removal of stored passwords |
|
823 |
under certain circumstances (bmo#1242176) |
|
824 |
* Allows spaces in cookie names (bmo#1244505) |
|
825 |
* Disable opus/vorbis audio with H.264 (bmo#1245696) |
|
826 |
* Fix for graphics startup crash (GNU/Linux) (bmo#1222171) |
|
827 |
* Fix a crash in cache networking (bmo#1244076) |
|
828 |
* Fix using WebSockets in service worker controlled pages (bmo#1243942) |
|
829 |
||
830 |
------------------------------------------------------------------- |
|
908
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
831 |
Sat Jan 30 08:28:17 UTC 2016 - dmueller@suse.com |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
832 |
|
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
833 |
- build fixes for arm/aarch64: |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
834 |
* disable webrtc for arm/aarch64 |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
835 |
* switch away from openGL-ES backend to default for arm/aarch64 |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
836 |
since it almost never builds |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
837 |
* reenable neon |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
838 |
- reenable webrtc for powerpc as it seems to build |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
839 |
|
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
840 |
------------------------------------------------------------------- |
900 | 841 |
Sun Jan 24 09:33:15 UTC 2016 - wr@rosenauer.org |
842 |
||
902 | 843 |
- update to Firefox 44.0 |
844 |
* MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633 |
|
845 |
Miscellaneous memory safety hazards |
|
846 |
* MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634 |
|
847 |
Out of Memory crash when parsing GIF format images |
|
848 |
* MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635 |
|
849 |
Buffer overflow in WebGL after out of memory allocation |
|
850 |
* MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637 |
|
851 |
Firefox allows for control characters to be set in cookie names |
|
852 |
* MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641 |
|
853 |
Missing delay following user click events in protocol handler dialog |
|
854 |
* MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731 |
|
855 |
Errors in mp_div and mp_exptmod cryptographic functions in NSS |
|
856 |
(fixed by requiring NSS 3.21) |
|
857 |
* MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590) |
|
858 |
Addressbar spoofing attacks boo#963643 |
|
859 |
* MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946 |
|
860 |
(bmo#1186621, bmo#1214782, bmo#1232096) boo#963644 |
|
861 |
Unsafe memory manipulation found through code inspection |
|
862 |
* MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645 |
|
863 |
Application Reputation service disabled in Firefox 43 |
|
899 | 864 |
* requires NSPR 4.11 |
865 |
* requires NSS 3.21 |
|
896
2b664b26b6b2
change was after submission
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
895
diff
changeset
|
866 |
- prepare mozilla-kde.patch for Gtk3 builds |
899 | 867 |
- rebased patches |
896
2b664b26b6b2
change was after submission
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
895
diff
changeset
|
868 |
|
2b664b26b6b2
change was after submission
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
895
diff
changeset
|
869 |
------------------------------------------------------------------- |
897 | 870 |
Mon Jan 11 08:04:24 UTC 2016 - astieger@suse.com |
871 |
||
872 |
- Mozilla Firefox 43.0.4: |
|
873 |
* Re-enable SHA-1 certificates to prevent outdated |
|
874 |
man-in-the-middle security devices from interfering with |
|
875 |
properly secured SSL/TLS connections (bmo#1236975) |
|
876 |
* Fix for startup crash for users of a third party antivirus tool |
|
877 |
(bmo#1235537) |
|
878 |
- The following change was previously in the package as a patch: |
|
879 |
* Multi-user GNU/Linux download folders can be created |
|
880 |
(bmo#1233434), removed mozilla-bmo1233434.patch |
|
881 |
||
882 |
------------------------------------------------------------------- |
|
895
b0e57b478b1b
merge change from mozilla:Factory (libXcomposite-devel requirement)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
894
diff
changeset
|
883 |
Tue Dec 29 20:29:35 UTC 2015 - wr@rosenauer.org |
892 | 884 |
|
885 |
- update to Firefox 43.0.3 |
|
886 |
* requires NSS 3.20.2 to fix |
|
887 |
MFSA 2015-150/CVE-2015-7575 (bmo#1158489) |
|
888 |
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in |
|
889 |
server signature |
|
890 |
* various changes to support Windows update (SHA-1 vs. SHA-2) |
|
891 |
* workaround Youtube user agent detection issue (bmo#1233970) |
|
892 |
- fix file download regression for multi user systems |
|
893 |
(bmo#1233434) (mozilla-bmo1233434.patch) |
|
895
b0e57b478b1b
merge change from mozilla:Factory (libXcomposite-devel requirement)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
894
diff
changeset
|
894 |
- explicitely requires libXcomposite-devel |
892 | 895 |
|
896 |
------------------------------------------------------------------- |
|
890 | 897 |
Sun Dec 13 23:07:56 UTC 2015 - wr@rosenauer.org |
898 |
||
899 |
- update to Firefox 43.0 (bnc#959277) |
|
889 | 900 |
* Improved API support for m4v video playback |
901 |
* Users can opt-in to receive search suggestions from the Awesome Bar |
|
902 |
* WebRTC streaming on multiple monitors |
|
903 |
* User selectable second block list for Private Browsing's Tracking |
|
904 |
Protection |
|
890 | 905 |
security fixes: |
906 |
* MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 |
|
907 |
Miscellaneous memory safety hazards |
|
908 |
* MFSA 2015-135/CVE-2015-7204 (bmo#1216130) |
|
909 |
Crash with JavaScript variable assignment with unboxed objects |
|
910 |
* MFSA 2015-136/CVE-2015-7207 (bmo#1185256) |
|
911 |
Same-origin policy violation using perfomance.getEntries and |
|
912 |
history navigation |
|
913 |
* MFSA 2015-137/CVE-2015-7208 (bmo#1191423) |
|
914 |
Firefox allows for control characters to be set in cookies |
|
915 |
* MFSA 2015-138/CVE-2015-7210 (bmo#1218326) |
|
916 |
Use-after-free in WebRTC when datachannel is used after being |
|
917 |
destroyed |
|
918 |
* MFSA 2015-139/CVE-2015-7212 (bmo#1222809) |
|
919 |
Integer overflow allocating extremely large textures |
|
920 |
* MFSA 2015-140/CVE-2015-7215 (bmo#1160890) |
|
921 |
Cross-origin information leak through web workers error events |
|
922 |
* MFSA 2015-141/CVE-2015-7211 (bmo#1221444) |
|
923 |
Hash in data URI is incorrectly parsed |
|
924 |
* MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) |
|
925 |
DOS due to malformed frames in HTTP/2 |
|
926 |
* MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) |
|
927 |
Linux file chooser crashes on malformed images due to flaws in |
|
928 |
Jasper library |
|
929 |
* MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 |
|
930 |
(bmo#1201183, bmo#1178033, bmo#1199400) |
|
931 |
Buffer overflows found through code inspection |
|
932 |
* MFSA 2015-145/CVE-2015-7205 (bmo#1220493) |
|
933 |
Underflow through code inspection |
|
934 |
* MFSA 2015-146/CVE-2015-7213 (bmo#1206211) |
|
935 |
Integer overflow in MP4 playback in 64-bit versions |
|
936 |
* MFSA 2015-147/CVE-2015-7222 (bmo#1216748) |
|
937 |
Integer underflow and buffer overflow processing MP4 metadata in |
|
938 |
libstagefright |
|
939 |
* MFSA 2015-148/CVE-2015-7223 (bmo#1226423) |
|
940 |
Privilege escalation vulnerabilities in WebExtension APIs |
|
941 |
* MFSA 2015-149/CVE-2015-7214 (bmo#1228950) |
|
942 |
Cross-site reading attack through data and view-source URIs |
|
889 | 943 |
- rebased patches |
944 |
||
945 |
------------------------------------------------------------------- |
|
886
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
946 |
Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
947 |
|
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
948 |
- Add desktop menu action for private browsing window to desktop |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
949 |
file (boo#954747) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
950 |
- remove obsolete patch mozilla-bmo1005535.patch completely from |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
951 |
source package to avoid automatic check failures |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
952 |
|
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
953 |
------------------------------------------------------------------- |
885 | 954 |
Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org |
955 |
||
956 |
- update to Firefox 42.0 (bnc#952810) |
|
957 |
* Private Browsing with Tracking Protection blocks certain Web |
|
958 |
elements that could be used to record your behavior across sites |
|
959 |
* Control Center that contains site security and privacy controls |
|
960 |
* Login Manager improvements |
|
961 |
* WebRTC improvements |
|
962 |
* Indicator added to tabs that play audio with one-click muting |
|
963 |
* Media Source Extension for HTML5 video available for all sites |
|
886
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
964 |
security fixes: |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
965 |
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
966 |
Miscellaneous memory safety hazards |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
967 |
* MFSA 2015-117/CVE-2015-4515 (bmo#1046421) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
968 |
Information disclosure through NTLM authentication |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
969 |
* MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
970 |
CSP bypass due to permissive Reader mode whitelist |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
971 |
* MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
972 |
Firefox for Android addressbar can be removed after fullscreen mode |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
973 |
* MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
974 |
Reading sensitive profile files through local HTML file on Android |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
975 |
* MFSA 2015-121/CVE-2015-7187 (bmo#1195735) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
976 |
disabling scripts in Add-on SDK panels has no effect |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
977 |
* MFSA 2015-122/CVE-2015-7188 (bmo#1199430) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
978 |
Trailing whitespace in IP address hostnames can bypass same-origin policy |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
979 |
* MFSA 2015-123/CVE-2015-7189 (bmo#1205900) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
980 |
Buffer overflow during image interactions in canvas |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
981 |
* MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
982 |
Android intents can be used on Firefox for Android to open privileged files |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
983 |
* MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
984 |
XSS attack through intents on Firefox for Android |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
985 |
* MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
986 |
Crash when accessing HTML tables with accessibility tools on OS X |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
987 |
* MFSA 2015-127/CVE-2015-7193 (bmo#1210302) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
988 |
CORS preflight is bypassed when non-standard Content-Type headers |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
989 |
are received |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
990 |
* MFSA 2015-128/CVE-2015-7194 (bmo#1211262) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
991 |
Memory corruption in libjar through zip files |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
992 |
* MFSA 2015-129/CVE-2015-7195 (bmo#1211871) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
993 |
Certain escaped characters in host of Location-header are being |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
994 |
treated as non-escaped |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
995 |
* MFSA 2015-130/CVE-2015-7196 (bmo#1140616) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
996 |
JavaScript garbage collection crash with Java applet |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
997 |
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
998 |
(bmo#1188010, bmo#1204061, bmo#1204155) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
999 |
Vulnerabilities found through code inspection |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
1000 |
* MFSA 2015-132/CVE-2015-7197 (bmo#1204269) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
1001 |
Mixed content WebSocket policy bypass through workers |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
1002 |
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
1003 |
(bmo#1202868, bmo#1205157) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
1004 |
NSS and NSPR memory corruption issues |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
1005 |
(fixed in mozilla-nspr and mozilla-nss packages) |
2e9f984bca7f
changelogs and desktop file changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
885
diff
changeset
|
1006 |
- requires NSPR >= 4.10.10 and NSS >= 3.19.4 |
885 | 1007 |
- removed obsolete patches |
1008 |
* mozilla-arm-disable-edsp.patch |
|
1009 |
* mozilla-icu-strncat.patch |
|
1010 |
* mozilla-skia-be-le.patch |
|
1011 |
* toolkit-download-folder.patch |
|
1012 |
- fixed build with enable-libproxy (bmo#1220399) |
|
1013 |
* mozilla-libproxy.patch |
|
1014 |
||
1015 |
------------------------------------------------------------------- |
|
884 | 1016 |
Thu Oct 15 08:25:54 UTC 2015 - wr@rosenauer.org |
1017 |
||
1018 |
- update to Firefox 41.0.2 (bnc#950686) |
|
1019 |
* MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669) |
|
1020 |
Cross-origin restriction bypass using Fetch |
|
1021 |
- added explicit appdata provides (bnc#949983) |
|
1022 |
||
1023 |
------------------------------------------------------------------- |
|
1024 |
Sun Oct 4 09:20:56 UTC 2015 - wr@rosenauer.org |
|
1025 |
||
1026 |
- do not build with --enable-stdcxx-compat |
|
1027 |
(this starts to fail build on various toolchain combinations |
|
1028 |
and is not required for openSUSE builds in general |
|
1029 |
||
1030 |
------------------------------------------------------------------- |
|
1031 |
Thu Oct 1 09:49:57 UTC 2015 - wr@rosenauer.org |
|
1032 |
||
1033 |
- update to Firefox 41.0.1 |
|
1034 |
* Fix a startup crash related to Yandex toolbar and Adblock Plus |
|
1035 |
(bmo#1209124) |
|
1036 |
* Fix potential hangs with Flash plugins (bmo#1185639) |
|
1037 |
* Fix a regression in the bookmark creation (bmo#1206376) |
|
1038 |
* Fix a startup crash with some Intel Media Accelerator 3150 |
|
1039 |
graphic cards (bmo#1207665) |
|
1040 |
* Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601) |
|
1041 |
||
1042 |
------------------------------------------------------------------- |
|
883
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1043 |
Sat Sep 19 20:23:29 UTC 2015 - wr@rosenauer.org |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1044 |
|
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1045 |
- update to Firefox 41.0 (bnc#947003) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1046 |
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1047 |
Miscellaneous memory safety hazards |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1048 |
* MFSA 2015-97/CVE-2015-4503 (bmo#994337) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1049 |
Memory leak in mozTCPSocket to servers |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1050 |
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1051 |
Out of bounds read in QCMS library with ICC V4 profile attributes |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1052 |
* MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1053 |
Site attribute spoofing on Android by pasting URL with unknown scheme |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1054 |
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1055 |
Arbitrary file manipulation by local user through Mozilla updater |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1056 |
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1057 |
Buffer overflow in libvpx while parsing vp9 format video |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1058 |
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1059 |
Crash when using debugger with SavedStacks in JavaScript |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1060 |
* MFSA 2015-103/CVE-2015-4508 (bmo#1195976) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1061 |
URL spoofing in reader mode |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1062 |
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1063 |
Use-after-free with shared workers and IndexedDB |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1064 |
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1065 |
Buffer overflow while decoding WebM video |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1066 |
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1067 |
Use-after-free while manipulating HTML media content |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1068 |
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1069 |
Out-of-bounds read during 2D canvas display on Linux 16-bit |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1070 |
color depth systems |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1071 |
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1072 |
Scripted proxies can access inner window |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1073 |
* MFSA 2015-109/CVE-2015-4516 (bmo#904886) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1074 |
JavaScript immutable property enforcement can be bypassed |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1075 |
* MFSA 2015-110/CVE-2015-4519 (bmo#1189814) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1076 |
Dragging and dropping images exposes final URL after redirects |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1077 |
* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1078 |
Errors in the handling of CORS preflight request headers |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1079 |
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1080 |
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1081 |
CVE-2015-7180 |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1082 |
Vulnerabilities found through code inspection |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1083 |
* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1084 |
bmo#1190526) (Windows only) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1085 |
Memory safety errors in libGLES in the ANGLE graphics library |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1086 |
* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) |
7aa7715fdc8f
41.0 release and changelogs
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
882
diff
changeset
|
1087 |
Information disclosure via the High Resolution Time API |
882 | 1088 |
- rebased patches |