author | Wolfgang Rosenauer <wr@rosenauer.org> |
Sat, 19 Sep 2015 22:04:22 +0200 | |
changeset 882 | 82af81b0a6c7 |
parent 875 | 2d6ccc01ea9e |
child 883 | 7aa7715fdc8f |
permissions | -rw-r--r-- |
539
b1134fe91f9a
merge latest changes from firefox16
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
536
diff
changeset
|
1 |
------------------------------------------------------------------- |
882 | 2 |
Sun Sep 13 21:13:35 UTC 2015 - wr@rosenauer.org |
3 |
||
4 |
- update to Firefox 41.0b9 |
|
5 |
- rebased patches |
|
6 |
- removed obsolete patches |
|
7 |
* mozilla-arm64-libjpeg-turbo.patch |
|
8 |
||
9 |
------------------------------------------------------------------- |
|
875 | 10 |
Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org |
11 |
||
12 |
- update to Firefox 40.0 (bnc#940806) |
|
13 |
* Added protection against unwanted software downloads |
|
14 |
* Suggested Tiles show sites of interest, based on categories |
|
15 |
from your recent browsing history |
|
16 |
* Hello allows adding a link to conversations to provide context |
|
17 |
on what the conversation will be about |
|
18 |
* New style for add-on manager based on the in-content |
|
19 |
preferences style |
|
20 |
* Improved scrolling, graphics, and video playback performance |
|
21 |
with off main thread compositing (GNU/Linux only) |
|
22 |
* Graphic blocklist mechanism improved: Firefox version ranges |
|
23 |
can be specified, limiting the number of devices blocked |
|
24 |
security fixes: |
|
25 |
* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 |
|
26 |
Miscellaneous memory safety hazards |
|
27 |
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396) |
|
28 |
Out-of-bounds read with malformed MP3 file |
|
29 |
* MFSA 2015-81/CVE-2015-4477 (bmo#1179484) |
|
30 |
Use-after-free in MediaStream playback |
|
31 |
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914) |
|
32 |
Redefinition of non-configurable JavaScript object properties |
|
33 |
* MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 |
|
34 |
Overflow issues in libstagefright |
|
35 |
* MFSA 2015-84/CVE-2015-4481 (bmo1171518) |
|
36 |
Arbitrary file overwriting through Mozilla Maintenance Service |
|
37 |
with hard links (only affected Windows) |
|
38 |
* MFSA 2015-85/CVE-2015-4482 (bmo#1184500) |
|
39 |
Out-of-bounds write with Updater and malicious MAR file |
|
40 |
(does not affect openSUSE RPM packages which do not ship the |
|
41 |
updater) |
|
42 |
* MFSA 2015-86/CVE-2015-4483 (bmo#1148732) |
|
43 |
Feed protocol with POST bypasses mixed content protections |
|
44 |
* MFSA 2015-87/CVE-2015-4484 (bmo#1171540) |
|
45 |
Crash when using shared memory in JavaScript |
|
46 |
* MFSA 2015-88/CVE-2015-4491 (bmo#1184009) |
|
47 |
Heap overflow in gdk-pixbuf when scaling bitmap images |
|
48 |
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) |
|
49 |
Buffer overflows on Libvpx when decoding WebM video |
|
50 |
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 |
|
51 |
Vulnerabilities found through code inspection |
|
52 |
* MFSA 2015-91/CVE-2015-4490 (bmo#1086999) |
|
53 |
Mozilla Content Security Policy allows for asterisk wildcards |
|
54 |
in violation of CSP specification |
|
55 |
* MFSA 2015-92/CVE-2015-4492 (bmo#1185820) |
|
56 |
Use-after-free in XMLHttpRequest with shared workers |
|
869 | 57 |
- added mozilla-no-stdcxx-check.patch |
58 |
- removed obsolete patches |
|
868 | 59 |
* mozilla-add-glibcxx_use_cxx11_abi.patch |
869 | 60 |
* firefox-multilocale-chrome.patch |
868 | 61 |
- rebased patches |
869 | 62 |
- requires version 40 of the branding package |
871 | 63 |
- removed browser/searchplugins/ location as it's not valid anymore |
867
3af93b7e5e3d
merge from firefox39 and switch to 40beta branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
866
diff
changeset
|
64 |
|
3af93b7e5e3d
merge from firefox39 and switch to 40beta branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
866
diff
changeset
|
65 |
------------------------------------------------------------------- |
870 | 66 |
Fri Aug 7 07:09:39 UTC 2015 - wr@rosenauer.org |
67 |
||
68 |
- security update to Firefox 39.0.3 (bnc#940918) |
|
69 |
* MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) |
|
70 |
Same origin violation and local file stealing via PDF reader |
|
71 |
||
72 |
------------------------------------------------------------------- |
|
866
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
73 |
Wed Jul 1 06:43:02 UTC 2015 - wr@rosenauer.org |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
74 |
|
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
75 |
- update to Firefox 39.0 (bnc#935979) |
863 | 76 |
* Share Hello URLs with social networks |
77 |
* Support for 'switch' role in ARIA 1.1 (web accessibility) |
|
78 |
* SafeBrowsing malware detection lookups enabled for downloads |
|
79 |
(Mac OS X and Linux) |
|
80 |
* Support for new Unicode 8.0 skin tone emoji |
|
81 |
* Removed support for insecure SSLv3 for network communications |
|
82 |
* Disable use of RC4 except for temporarily whitelisted hosts |
|
83 |
* NPAPI Plug-in performance improved via asynchronous initialization |
|
866
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
84 |
security fixes: |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
85 |
* MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726 |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
86 |
Miscellaneous memory safety hazards |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
87 |
* MFSA 2015-60/CVE-2015-2727 (bmo#1163422) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
88 |
Local files or privileged URLs in pages can be opened into new tabs |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
89 |
* MFSA 2015-61/CVE-2015-2728 (bmo#1142210) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
90 |
Type confusion in Indexed Database Manager |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
91 |
* MFSA 2015-62/CVE-2015-2729 (bmo#1122218) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
92 |
Out-of-bound read while computing an oscillator rendering range in Web Audio |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
93 |
* MFSA 2015-63/CVE-2015-2731 (bmo#1149891) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
94 |
Use-after-free in Content Policy due to microtask execution error |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
95 |
* MFSA 2015-64/CVE-2015-2730 (bmo#1125025) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
96 |
ECDSA signature validation fails to handle some signatures correctly |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
97 |
(this fix is shipped by NSS 3.19.1 externally) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
98 |
* MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
99 |
Use-after-free in workers while using XMLHttpRequest |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
100 |
* MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
101 |
CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
102 |
Vulnerabilities found through code inspection |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
103 |
* MFSA 2015-67/CVE-2015-2741 (bmo#1147497) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
104 |
Key pinning is ignored when overridable errors are encountered |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
105 |
* MFSA 2015-68/CVE-2015-2742 (bmo#1138669) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
106 |
OS X crash reports may contain entered key press information |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
107 |
(not relevant under Linux) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
108 |
* MFSA 2015-69/CVE-2015-2743 (bmo#1163109) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
109 |
Privilege escalation in PDF.js |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
110 |
* MFSA 2015-70/CVE-2015-4000 (bmo#1138554) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
111 |
NSS accepts export-length DHE keys with regular DHE cipher suites |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
112 |
(this fix is shipped by NSS 3.19.1 externally) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
113 |
* MFSA 2015-71/CVE-2015-2721 (bmo#1086145) |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
114 |
NSS incorrectly permits skipping of ServerKeyExchange |
28eb9d3ab7e8
39.0 final with changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
863
diff
changeset
|
115 |
(this fix is shipped by NSS 3.19.1 externally) |
857 | 116 |
- dropped mozilla-prefer_plugin_pref.patch as this feature is |
117 |
likely not worth maintaining further |
|
118 |
- rebased patches |
|
863 | 119 |
- require NSS 3.19.2 |
857 | 120 |
|
121 |
------------------------------------------------------------------- |
|
862
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
122 |
Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de |
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
123 |
|
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
124 |
- mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration |
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
125 |
|
390088186660
mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
Andreas Schwab <schwab@suse.de>
parents:
861
diff
changeset
|
126 |
------------------------------------------------------------------- |
854 | 127 |
Sun Jun 7 07:09:12 UTC 2015 - wr@rosenauer.org |
128 |
||
129 |
- update to Firefox 38.0.6 |
|
855 | 130 |
* fixes bmo#1171730 which is not really relevant to oS builds |
131 |
- fix KDE regression from 38.0.5 builds (bsc#933439) |
|
854 | 132 |
|
133 |
------------------------------------------------------------------- |
|
853 | 134 |
Sat May 23 21:13:49 UTC 2015 - wr@rosenauer.org |
135 |
||
136 |
- update to Firefox 38.0.5 |
|
137 |
* Keep track of articles and videos with Pocket |
|
138 |
* Clean formatting for articles and blog posts with Reader View |
|
139 |
* Share the active tab or window in a Hello conversation |
|
140 |
- add changes file as source for SRPM (bsc#932142) |
|
141 |
||
142 |
------------------------------------------------------------------- |
|
852 | 143 |
Fri May 15 10:40:19 UTC 2015 - normand@linux.vnet.ibm.com |
144 |
||
145 |
- add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from |
|
146 |
https://bugzilla.mozilla.org/show_bug.cgi?id=1153109 |
|
147 |
||
148 |
------------------------------------------------------------------- |
|
149 |
Fri May 15 07:37:46 UTC 2015 - wr@rosenauer.org |
|
150 |
||
151 |
- update to Firefox 38.0.1 |
|
152 |
stability and regression fixes |
|
153 |
* Systems with first generation NVidia Optimus graphics cards |
|
154 |
may crash on start-up |
|
155 |
* Users who import cookies from Google Chrome can end up with |
|
156 |
broken websites |
|
157 |
* Large animated images may fail to play and may stop other |
|
158 |
images from loading |
|
159 |
||
160 |
------------------------------------------------------------------- |
|
851 | 161 |
Sun May 10 07:07:49 UTC 2015 - wr@rosenauer.org |
162 |
||
852 | 163 |
- update to Firefox 38.0 (bnc#930622) |
164 |
* New tab-based preferences |
|
165 |
* Ruby annotation support |
|
166 |
* more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/ |
|
167 |
security fixes: |
|
168 |
* MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 |
|
169 |
Miscellaneous memory safety hazards |
|
170 |
* MFSA 2015-47/VE-2015-0797 (bmo#1080995) |
|
171 |
Buffer overflow parsing H.264 video with Linux Gstreamer |
|
172 |
* MFSA 2015-48/CVE-2015-2710 (bmo#1149542) |
|
173 |
Buffer overflow with SVG content and CSS |
|
174 |
* MFSA 2015-49/CVE-2015-2711 (bmo#1113431) |
|
175 |
Referrer policy ignored when links opened by middle-click and |
|
176 |
context menu |
|
177 |
* MFSA 2015-50/CVE-2015-2712 (bmo#1152280) |
|
178 |
Out-of-bounds read and write in asm.js validation |
|
179 |
* MFSA 2015-51/CVE-2015-2713 (bmo#1153478) |
|
180 |
Use-after-free during text processing with vertical text enabled |
|
181 |
* MFSA 2015-53/CVE-2015-2715 (bmo#988698) |
|
182 |
Use-after-free due to Media Decoder Thread creation during shutdown |
|
183 |
* MFSA 2015-54/CVE-2015-2716 (bmo#1140537) |
|
184 |
Buffer overflow when parsing compressed XML |
|
185 |
* MFSA 2015-55/CVE-2015-2717 (bmo#1154683) |
|
186 |
Buffer overflow and out-of-bounds read while parsing MP4 video |
|
187 |
metadata |
|
188 |
* MFSA 2015-56/CVE-2015-2718 (bmo#1146724) |
|
189 |
Untrusted site hosting trusted page can intercept webchannel |
|
190 |
responses |
|
191 |
* MFSA 2015-57/CVE-2011-3079 (bmo#1087565) |
|
192 |
Privilege escalation through IPC channel messages |
|
850 | 193 |
- requires NSS 3.18.1 |
851 | 194 |
- removed obsolete patches: |
195 |
* mozilla-skia-bmo1136958.patch |
|
196 |
- remove gnomevfs build options as it is removed from sources |
|
197 |
- rebased patches |
|
850 | 198 |
|
199 |
------------------------------------------------------------------- |
|
200 |
Fri Apr 17 16:39:20 UTC 2015 - wr@rosenauer.org |
|
201 |
||
202 |
- update to Firefox 37.0.2 (bnc#928116) |
|
203 |
* MFSA 2015-45/CVE-2015-2706 (bmo#1141081) |
|
204 |
Memory corruption during failed plugin initialization |
|
845 | 205 |
|
206 |
------------------------------------------------------------------- |
|
844 | 207 |
Fri Apr 3 08:27:24 UTC 2015 - wr@rosenauer.org |
208 |
||
209 |
- update to Firefox 37.0.1 (bnc#926166) |
|
210 |
* MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only) |
|
211 |
Loading privileged content through Reader mode |
|
212 |
* MFSA 2015-44/CVE-2015-0799 (bmo#1148328) |
|
213 |
Certificate verification bypass through the HTTP/2 Alt-Svc header |
|
214 |
||
215 |
------------------------------------------------------------------- |
|
216 |
Sat Mar 28 09:46:48 UTC 2015 - wr@rosenauer.org |
|
217 |
||
218 |
- update to Firefox 37.0 (bnc#925368) |
|
219 |
* Heartbeat user rating system |
|
220 |
* Yandex set as default search provider for the Turkish locale |
|
221 |
* Bing search now uses HTTPS for secure searching |
|
222 |
* Improved protection against site impersonation via OneCRL |
|
223 |
centralized certificate revocation |
|
224 |
* Opportunistically encrypt HTTP traffic where the server supports |
|
225 |
HTTP/2 AltSvc |
|
226 |
* some more behaviour changes for TLS |
|
227 |
security fixes: |
|
228 |
* MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 |
|
229 |
Miscellaneous memory safety hazards |
|
230 |
* MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) |
|
231 |
Use-after-free when using the Fluendo MP3 GStreamer plugin |
|
232 |
* MFSA 2015-32/CVE-2015-0812 (bmo#1128126) |
|
233 |
Add-on lightweight theme installation approval bypassed through |
|
234 |
MITM attack |
|
235 |
* MFSA 2015-33/CVE-2015-0816 (bmo#1144991) |
|
236 |
resource:// documents can load privileged pages |
|
237 |
* MFSA-2015-34/CVE-2015-0811 (bmo#1132468) |
|
238 |
Out of bounds read in QCMS library |
|
239 |
* MFSA-2015-35/CVE-2015-0810 (bmo#1125013) |
|
240 |
Cursor clickjacking with flash and images (OS X only) |
|
241 |
* MFSA-2015-36/CVE-2015-0808 (bmo#1109552) |
|
242 |
Incorrect memory management for simple-type arrays in WebRTC |
|
243 |
* MFSA-2015-37/CVE-2015-0807 (bmo#1111834) |
|
244 |
CORS requests should not follow 30x redirections after preflight |
|
245 |
* MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437) |
|
246 |
Memory corruption crashes in Off Main Thread Compositing |
|
247 |
* MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560) |
|
248 |
Use-after-free due to type confusion flaws |
|
249 |
* MFSA-2015-40/CVE-2015-0801 (bmo#1146339) |
|
250 |
Same-origin bypass through anchor navigation |
|
251 |
* MFSA-2015-41/CVE-2015-0800/CVE-2012-2808 |
|
252 |
PRNG weakness allows for DNS poisoning on Android (only) |
|
253 |
* MFSA-2015-42/CVE-2015-0802 (bmo#1124898) |
|
254 |
Windows can retain access to privileged content on navigation |
|
255 |
to unprivileged pages |
|
256 |
- removed obsolete patches |
|
837 | 257 |
* mozilla-bmo1088588.patch |
844 | 258 |
* mozilla-bmo1108834.patch |
836
12530a091878
prepare 37 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
831
diff
changeset
|
259 |
- requires NSPR 4.10.8 |
12530a091878
prepare 37 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
831
diff
changeset
|
260 |
|
12530a091878
prepare 37 beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
831
diff
changeset
|
261 |
------------------------------------------------------------------- |
844 | 262 |
Tue Mar 24 15:35:24 UTC 2015 - dvaleev@suse.com |
263 |
||
264 |
- Fix builds with skia on Power |
|
265 |
mozilla-skia-be-le.patch (patch from #bmo1136958) |
|
266 |
mozilla-bmo1108834.patch |
|
267 |
mozilla-bmo1005535.patch |
|
268 |
||
269 |
------------------------------------------------------------------- |
|
839 | 270 |
Sat Mar 21 09:03:12 UTC 2015 - wr@rosenauer.org |
271 |
||
840 | 272 |
- update to Firefox 36.0.4 (bnc#923534) |
839 | 273 |
* MFSA 2015-28/CVE-2015-0818 (bmo#1144988) |
274 |
Privilege escalation through SVG navigation |
|
275 |
* MFSA 2015-29/CVE-2015-0817 (bmo#1145255) |
|
276 |
Code execution through incorrect JavaScript bounds checking |
|
277 |
elimination |
|
278 |
||
279 |
------------------------------------------------------------------- |
|
280 |
Fri Mar 20 15:02:33 UTC 2015 - dimstar@opensuse.org |
|
281 |
||
282 |
- Copy the icons to /usr/share/icons instead of symlinking them: |
|
283 |
in preparation for containerized apps (e.g. xdg-app) as well as |
|
284 |
AppStream metadata extraction, there are a couple locations that |
|
285 |
need to be real files for system integration (.desktop files, |
|
286 |
icons, mime-type info). |
|
287 |
||
288 |
------------------------------------------------------------------- |
|
838 | 289 |
Sat Mar 7 07:40:56 UTC 2015 - wr@rosenauer.org |
290 |
||
291 |
- update to Firefox 36.0.1 |
|
292 |
Bugfixes: |
|
293 |
* Disable the usage of the ANY DNS query type (bmo#1093983) |
|
294 |
* Hello may become inactive until restart (bmo#1137469) |
|
295 |
* Print preferences may not be preserved (bmo#1136855) |
|
296 |
* Hello contact tabs may not be visible (bmo#1137141) |
|
297 |
* Accept hostnames that include an underscore character ("_") |
|
298 |
(bmo#1136616) |
|
299 |
* WebGL may use significant memory with Canvas2d (bmo#1137251) |
|
300 |
* Option -remote has been restored (bmo#1080319) |
|
840 | 301 |
- added mozilla-skia-bmo1136958.patch to fix build issues for |
302 |
ARM and PPC |
|
838 | 303 |
|
304 |
------------------------------------------------------------------- |
|
832 | 305 |
Fri Feb 20 22:53:39 UTC 2015 - wr@rosenauer.org |
306 |
||
307 |
- update to Firefox 36.0 (bnc#917597) |
|
828 | 308 |
* mozilla-xremote-client was removed |
309 |
* added libclearkey.so media plugin |
|
832 | 310 |
* Pinned tiles on the new tab page can be synced |
311 |
* Support for the full HTTP/2 protocol. HTTP/2 enables a faster, |
|
312 |
more scalable, and more responsive web. |
|
313 |
* Locale added: Uzbek (uz) |
|
835 | 314 |
security fixes: |
315 |
* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 |
|
316 |
Miscellaneous memory safety hazards |
|
317 |
* MFSA 2015-12/CVE-2015-0833 (bmo#945192) |
|
318 |
Invoking Mozilla updater will load locally stored DLL files |
|
319 |
(Windows only) |
|
320 |
* MFSA 2015-13/CVE-2015-0832 (bmo#1065909) |
|
321 |
Appended period to hostnames can bypass HPKP and HSTS protections |
|
322 |
* MFSA 2015-14/CVE-2015-0830 (bmo#1110488) |
|
323 |
Malicious WebGL content crash when writing strings |
|
324 |
* MFSA 2015-15/CVE-2015-0834 (bmo#1098314) |
|
325 |
TLS TURN and STUN connections silently fail to simple TCP connections |
|
326 |
* MFSA 2015-16/CVE-2015-0831 (bmo#1130514) |
|
327 |
Use-after-free in IndexedDB |
|
328 |
* MFSA 2015-17/CVE-2015-0829 (bmo#1128939) |
|
329 |
Buffer overflow in libstagefright during MP4 video playback |
|
330 |
* MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) |
|
331 |
Double-free when using non-default memory allocators with a |
|
332 |
zero-length XHR |
|
333 |
* MFSA 2015-19/CVE-2015-0827 (bmo#1117304) |
|
334 |
Out-of-bounds read and write while rendering SVG content |
|
335 |
* MFSA 2015-20/CVE-2015-0826 (bmo#1092363) |
|
336 |
Buffer overflow during CSS restyling |
|
337 |
* MFSA 2015-21/CVE-2015-0825 (bmo#1092370) |
|
338 |
Buffer underflow during MP3 playback |
|
339 |
* MFSA 2015-22/CVE-2015-0824 (bmo#1095925) |
|
340 |
Crash using DrawTarget in Cairo graphics library |
|
341 |
* MFSA 2015-23/CVE-2015-0823 (bmo#1098497) |
|
342 |
Use-after-free in Developer Console date with OpenType Sanitiser |
|
343 |
* MFSA 2015-24/CVE-2015-0822 (bmo#1110557) |
|
344 |
Reading of local files through manipulation of form autocomplete |
|
345 |
* MFSA 2015-25/CVE-2015-0821 (bmo#1111960) |
|
346 |
Local files or privileged URLs in pages can be opened into new tabs |
|
347 |
* MFSA 2015-26/CVE-2015-0819 (bmo#1079554) |
|
348 |
UI Tour whitelisted sites in background tab can spoof foreground |
|
349 |
tabs |
|
350 |
* MFSA 2015-27CVE-2015-0820 (bmo#1125398) |
|
351 |
Caja Compiler JavaScript sandbox bypass |
|
832 | 352 |
- rebased patches |
830 | 353 |
- requires NSS 3.17.4 |
354 |
||
355 |
------------------------------------------------------------------- |
|
356 |
Sat Jan 31 18:37:38 UTC 2015 - wr@rosenauer.org |
|
357 |
||
358 |
- update to Firefox 35.0.1 |
|
359 |
* With the Enhanced Steam extension, Firefox could crash (bmo#1123732) |
|
360 |
* Kerberos authentication did not work with alias (bmo#1108971) |
|
361 |
* SVG / CSS animation had a regression causing rendering issues on |
|
362 |
websites like openstreemap.org (bmo#1083079) |
|
363 |
* On Godaddy webmail, Firefox could crash (bmo#1113121) |
|
364 |
* document.baseURI did not get updated to document.location after |
|
365 |
base tag was removed from DOM for site with a CSP (bmo#1121857) |
|
366 |
* With a Right-to-left (RTL) version of Firefox, the text selection |
|
367 |
could be broken (bmo#1104036) |
|
368 |
* CSP had a change in behavior with regard to case sensitivity |
|
369 |
resources loading (bmo#1122445) |
|
828 | 370 |
|
371 |
------------------------------------------------------------------- |
|
826 | 372 |
Sat Jan 10 18:36:37 UTC 2015 - wr@rosenauer.org |
373 |
||
374 |
- update to Firefox 35.0 (bnc#910669) |
|
827 | 375 |
notable features: |
376 |
* Firefox Hello with new rooms-based conversations model |
|
377 |
* Implemented HTTP Public Key Pinning Extension (for enhanced |
|
378 |
authentication of encrypted connections) |
|
379 |
security fixes: |
|
380 |
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 |
|
381 |
Miscellaneous memory safety hazards |
|
382 |
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536) |
|
383 |
Uninitialized memory use during bitmap rendering |
|
384 |
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987) |
|
385 |
sendBeacon requests lack an Origin header |
|
386 |
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859) |
|
387 |
Cookie injection through Proxy Authenticate responses |
|
388 |
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409) |
|
389 |
Read of uninitialized memory in Web Audio |
|
390 |
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455) |
|
391 |
Read-after-free in WebRTC |
|
392 |
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) |
|
393 |
Gecko Media Plugin sandbox escape |
|
394 |
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658) |
|
395 |
Delegated OCSP responder certificates failure with |
|
396 |
id-pkix-ocsp-nocheck extension |
|
397 |
* MFSA 2015-09/CVE-2014-8636 (bmo#987794) |
|
398 |
XrayWrapper bypass through DOM objects |
|
807
f54c68340963
Aurora 35.0 (20141115) uplift
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
806
diff
changeset
|
399 |
- rebased patches |
809
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
400 |
- dropped explicit support for everything older than 12.3 |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
401 |
(including SLES11) |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
402 |
* merge firefox-kde.patch and firefox-kde-114.patch |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
403 |
* dropped mozilla-sle11.patch |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
404 |
- reworked specfile to build conditionally based on release channel |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
405 |
either Firefox or Firefox Developer Edition |
af47260a332c
morphed Aurora packaging into Firefox Developer Edition
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
807
diff
changeset
|
406 |
- added mozilla-openaes-decl.patch to fix implicit declarations |
819
5a18bd66e46c
[Bug 908892] Updated Firefox (33.0-1.90.1 -> 34.0.5-1.94.3) crashes in tracker-miner-firefox
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
818
diff
changeset
|
407 |
- obsolete tracker-miner-firefox < 0.15 because it leads to startup |
5a18bd66e46c
[Bug 908892] Updated Firefox (33.0-1.90.1 -> 34.0.5-1.94.3) crashes in tracker-miner-firefox
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
818
diff
changeset
|
408 |
crashes (bnc#908892) |
807
f54c68340963
Aurora 35.0 (20141115) uplift
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
806
diff
changeset
|
409 |
|
f54c68340963
Aurora 35.0 (20141115) uplift
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
806
diff
changeset
|
410 |
------------------------------------------------------------------- |
820 | 411 |
Sat Dec 13 22:13:00 UTC 2014 - Led <ledest@gmail.com> |
412 |
||
413 |
- fix bashism in mozilla.sh script |
|
414 |
||
415 |
------------------------------------------------------------------- |
|
813
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
416 |
Sat Nov 29 21:23:03 UTC 2014 - wr@rosenauer.org |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
417 |
|
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
418 |
- update to Firefox 34.0.5 (bnc#908009) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
419 |
* Default search engine changed to Yahoo! for North America |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
420 |
* Default search engine changed to Yandex for Belarusian, Kazakh, |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
421 |
and Russian locales |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
422 |
* Improved search bar (en-US only) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
423 |
* Firefox Hello real-time communication client |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
424 |
* Easily switch themes/personas directly in the Customizing mode |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
425 |
* Implementation of HTTP/2 (draft14) and ALPN |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
426 |
* Disabled SSLv3 |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
427 |
* MFSA 2014-83/CVE-2014-1587/CVE-2014-1588 |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
428 |
Miscellaneous memory safety hazards |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
429 |
* MFSA 2014-84/CVE-2014-1589 (bmo#1043787) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
430 |
XBL bindings accessible via improper CSS declarations |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
431 |
* MFSA 2014-85/CVE-2014-1590 (bmo#1087633) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
432 |
XMLHttpRequest crashes with some input streams |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
433 |
* MFSA 2014-86/CVE-2014-1591 (bmo#1069762) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
434 |
CSP leaks redirect data via violation reports |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
435 |
* MFSA 2014-87/CVE-2014-1592 (bmo#1088635) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
436 |
Use-after-free during HTML5 parsing |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
437 |
* MFSA 2014-88/CVE-2014-1593 (bmo#1085175) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
438 |
Buffer overflow while parsing media content |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
439 |
* MFSA 2014-89/CVE-2014-1594 (bmo#1074280) |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
440 |
Bad casting from the BasicThebesLayer to BasicContainerLayer |
9e3063dcc69e
Firefox 34.0.5 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
811
diff
changeset
|
441 |
- rebased patches |
806 | 442 |
- limit linker memory usage for %ix86 |
807
f54c68340963
Aurora 35.0 (20141115) uplift
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
806
diff
changeset
|
443 |
- rebased patches |
805 | 444 |
|
445 |
------------------------------------------------------------------- |
|
801
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
446 |
Fri Nov 7 20:14:32 UTC 2014 - wr@rosenauer.org |
787 | 447 |
|
448 |
- update to Firefox 33.1 |
|
802 | 449 |
* Adding DuckDuckGo as a search option (upstream) |
450 |
* Forget Button added |
|
451 |
* Enhanced Tiles |
|
452 |
* Privacy tour introduced |
|
797
3b2d52457c91
fix typo on Recommends
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
789
diff
changeset
|
453 |
- fix typo in GStreamer Recommends |
787 | 454 |
|
455 |
------------------------------------------------------------------- |
|
801
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
456 |
Tue Nov 4 18:00:35 UTC 2014 - guillaume@opensuse.org |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
457 |
|
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
458 |
- Disable elf-hack for aarch64 |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
459 |
- Enable EGL for aarch64 |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
460 |
- Limit RAM usage during link for %arm |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
461 |
- Fix _constraints for ARM |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
462 |
|
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
463 |
------------------------------------------------------------------- |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
464 |
Mon Nov 3 11:36:04 UTC 2014 - dmueller@suse.com |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
465 |
|
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
466 |
- use proper macros for ARM |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
467 |
|
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
468 |
------------------------------------------------------------------- |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
469 |
Mon Nov 3 11:26:23 UTC 2014 - josua.mayer97@gmail.com |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
470 |
|
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
471 |
- use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
472 |
to fix compiling. |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
473 |
- pass '-Wl,--no-keep-memory' to linker to reduce required memory during |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
474 |
linking on arm. |
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
475 |
|
f5f6f5547c2b
merge changes from OBS Factory submissions
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
797
diff
changeset
|
476 |
------------------------------------------------------------------- |
788 | 477 |
Thu Oct 30 11:31:05 UTC 2014 - wr@rosenauer.org |
478 |
||
479 |
- update to Firefox 33.0.2 |
|
480 |
* Fix a startup crash with some combination of hardware and drivers |
|
481 |
33.0.1 |
|
482 |
* Firefox displays a black screen at start-up with certain |
|
483 |
graphics drivers |
|
484 |
- adjusted _constraints for ARM |
|
485 |
||
486 |
------------------------------------------------------------------- |
|
786 | 487 |
Tue Oct 28 15:23:09 UTC 2014 - josua.mayer97@gmail.com |
488 |
||
489 |
- added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588) |
|
785 | 490 |
|
491 |
------------------------------------------------------------------- |
|
781
4ee017942f28
use /usr/share/myspell directly and remove add-plugins.sh
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
780
diff
changeset
|
492 |
Sat Oct 25 08:45:43 UTC 2014 - wr@rosenauer.org |
4ee017942f28
use /usr/share/myspell directly and remove add-plugins.sh
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
780
diff
changeset
|
493 |
|
4ee017942f28
use /usr/share/myspell directly and remove add-plugins.sh
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
780
diff
changeset
|
494 |
- define /usr/share/myspell as additional dictionary location |
4ee017942f28
use /usr/share/myspell directly and remove add-plugins.sh
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
780
diff
changeset
|
495 |
and remove add-plugins.sh finally (bnc#900639) |
4ee017942f28
use /usr/share/myspell directly and remove add-plugins.sh
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
780
diff
changeset
|
496 |
|
4ee017942f28
use /usr/share/myspell directly and remove add-plugins.sh
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
780
diff
changeset
|
497 |
------------------------------------------------------------------- |
780
c20a07035a80
use Firefox default optimization flags instead of -Os
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
777
diff
changeset
|
498 |
Sun Oct 19 12:59:28 UTC 2014 - vindex17@outlook.it |
c20a07035a80
use Firefox default optimization flags instead of -Os
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
777
diff
changeset
|
499 |
|
c20a07035a80
use Firefox default optimization flags instead of -Os
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
777
diff
changeset
|
500 |
- use Firefox default optimization flags instead of -Os |
c20a07035a80
use Firefox default optimization flags instead of -Os
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
777
diff
changeset
|
501 |
- specfile cleanup |
c20a07035a80
use Firefox default optimization flags instead of -Os
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
777
diff
changeset
|
502 |
|
c20a07035a80
use Firefox default optimization flags instead of -Os
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
777
diff
changeset
|
503 |
------------------------------------------------------------------- |
777 | 504 |
Wed Oct 15 08:05:33 UTC 2014 - wr@rosenauer.org |
505 |
||
506 |
- fix build for all ppc by not enabling elf-hack |
|
507 |
(bnc#901213) |
|
508 |
||
509 |
------------------------------------------------------------------- |
|
776
fd46c2b70724
prepare 33.0 final release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
774
diff
changeset
|
510 |
Sat Oct 11 08:48:24 UTC 2014 - wr@rosenauer.org |
fd46c2b70724
prepare 33.0 final release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
774
diff
changeset
|
511 |
|
777 | 512 |
- update to Firefox 33.0 (bnc#900941) |
513 |
New features: |
|
514 |
* OpenH264 support (sandboxed) |
|
515 |
* Enhanced Tiles |
|
516 |
* Improved search experience through the location bar |
|
517 |
* Slimmer and faster JavaScript strings |
|
518 |
* New CSP (Content Security Policy) backend |
|
519 |
* Support for connecting to HTTP proxy over HTTPS |
|
520 |
* Improved reliability of the session restoration |
|
521 |
* Proprietary window.crypto properties/functions removed |
|
522 |
Security: |
|
523 |
* MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 |
|
524 |
Miscellaneous memory safety hazards |
|
525 |
* MFSA 2014-75/CVE-2014-1576 (bmo#1041512) |
|
526 |
Buffer overflow during CSS manipulation |
|
527 |
* MFSA 2014-76/CVE-2014-1577 (bmo#1012609) |
|
528 |
Web Audio memory corruption issues with custom waveforms |
|
529 |
* MFSA 2014-77/CVE-2014-1578 (bmo#1063327) |
|
530 |
Out-of-bounds write with WebM video |
|
531 |
* MFSA 2014-78/CVE-2014-1580 (bmo#1063733) |
|
532 |
Further uninitialized memory use during GIF rendering |
|
533 |
* MFSA 2014-79/CVE-2014-1581 (bmo#1068218) |
|
534 |
Use-after-free interacting with text directionality |
|
535 |
* MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) |
|
536 |
Key pinning bypasses |
|
537 |
* MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) |
|
538 |
Inconsistent video sharing within iframe |
|
539 |
* MFSA 2014-82/CVE-2014-1583 (bmo#1015540) |
|
540 |
Accessing cross-origin objects via the Alarms API |
|
541 |
(only relevant for installed web apps) |
|
765 | 542 |
- requires NSPR 4.10.7 |
773 | 543 |
- requires NSS 3.17.1 |
776
fd46c2b70724
prepare 33.0 final release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
774
diff
changeset
|
544 |
- removed obsolete patches: |
773 | 545 |
* mozilla-ppc.patch |
776
fd46c2b70724
prepare 33.0 final release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
774
diff
changeset
|
546 |
* mozilla-libproxy-compat.patch |
774
f61bd1cd52c2
added basic appstream appdata information
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
773
diff
changeset
|
547 |
- added basic appdata information |
769 | 548 |
|
549 |
------------------------------------------------------------------- |
|
550 |
Sat Sep 20 13:33:51 UTC 2014 - wr@rosenauer.org |
|
551 |
||
552 |
- update to Firefox 32.0.2 |
|
553 |
* just a version bump for our builds |
|
554 |
* fixed the in application update process for certain environments |
|
555 |
(in application update is not enabled in openSUSE and Linux |
|
556 |
is unaffected in any case) |
|
557 |
- build with --disable-optimize for 13.1 and above for i586 to |
|
558 |
workaround miscompilations (bnc#896624) |
|
767 | 559 |
- use some more build flags to align with upstream |
765 | 560 |
|
561 |
------------------------------------------------------------------- |
|
761 | 562 |
Sat Sep 13 16:58:16 UTC 2014 - wr@rosenauer.org |
563 |
||
564 |
- update to Firefox 32.0.1 |
|
565 |
* fixed stability issues for computers with multiple graphics cards |
|
566 |
* mixed content icon may be incorrectly displayed instead of lock |
|
567 |
icon for SSL sites in 32.0 ( |
|
568 |
* WebRTC: setRemoteDescription() silently fails if no success |
|
569 |
callback is specified (bmo#1063971) |
|
570 |
||
571 |
------------------------------------------------------------------- |
|
759
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
572 |
Sun Aug 31 07:44:54 UTC 2014 - wr@rosenauer.org |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
573 |
|
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
574 |
- update to Firefox 32.0 (bnc#894370) |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
575 |
* MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562 |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
576 |
Miscellaneous memory safety hazards |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
577 |
* MFSA 2014-68/CVE-2014-1563 (bmo#1018524) |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
578 |
Use-after-free during DOM interactions with SVG |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
579 |
* MFSA 2014-69/CVE-2014-1564 (bmo#1045977) |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
580 |
Uninitialized memory use during GIF rendering |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
581 |
* MFSA 2014-70/CVE-2014-1565 (bmo#1047831) |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
582 |
Out-of-bounds read in Web Audio audio timeline |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
583 |
* MFSA 2014-72/CVE-2014-1567 (bmo#1037641) |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
584 |
Use-after-free setting text directionality |
748
72ba5129e5fd
full rebase to Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
746
diff
changeset
|
585 |
- rebased patches |
756 | 586 |
- requires NSS 3.16.4 |
748
72ba5129e5fd
full rebase to Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
746
diff
changeset
|
587 |
- removed upstreamed patch |
72ba5129e5fd
full rebase to Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
746
diff
changeset
|
588 |
* mozilla-aarch64-bmo-810631.patch |
72ba5129e5fd
full rebase to Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
746
diff
changeset
|
589 |
|
72ba5129e5fd
full rebase to Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
746
diff
changeset
|
590 |
------------------------------------------------------------------- |
759
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
591 |
Wed Aug 20 13:50:58 CEST 2014 - behlert@suse.de |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
592 |
|
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
593 |
- adapted _constraints, used more than 3900MB on s390x during |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
594 |
last build |
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
595 |
|
b2ae89c6dea9
Firefox 32.0 goes production
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
756
diff
changeset
|
596 |
------------------------------------------------------------------- |
753 | 597 |
Sun Jul 20 18:11:44 UTC 2014 - wr@rosenauer.org |
598 |
||
599 |
- update to Firefox 31.0 (bnc#887746) |
|
600 |
* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 |
|
601 |
Miscellaneous memory safety hazards |
|
602 |
* MFSA 2014-57/CVE-2014-1549 (bmo#1020205) |
|
603 |
Buffer overflow during Web Audio buffering for playback |
|
604 |
* MFSA 2014-58/CVE-2014-1550 (bmo#1020411) |
|
605 |
Use-after-free in Web Audio due to incorrect control message ordering |
|
606 |
* MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375) |
|
607 |
Toolbar dialog customization event spoofing |
|
608 |
* MFSA 2014-61/CVE-2014-1555 (bmo#1023121) |
|
609 |
Use-after-free with FireOnStateChange event |
|
610 |
* MFSA 2014-62/CVE-2014-1556 (bmo#1028891) |
|
611 |
Exploitable WebGL crash with Cesium JavaScript library |
|
612 |
* MFSA 2014-63/CVE-2014-1544 (bmo#963150) |
|
613 |
Use-after-free while when manipulating certificates in the trusted cache |
|
614 |
(solved with NSS 3.16.2 requirement) |
|
615 |
* MFSA 2014-64/CVE-2014-1557 (bmo#913805) |
|
616 |
Crash in Skia library when scaling high quality images |
|
617 |
* MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560 |
|
618 |
(bmo#1015973, bmo#1026022, bmo#997795) |
|
619 |
Certificate parsing broken by non-standard character encoding |
|
620 |
* MFSA 2014-66/CVE-2014-1552 (bmo#985135) |
|
621 |
IFRAME sandbox same-origin access through redirect |
|
622 |
- use EGL on ARM |
|
746
b441942b2a3f
update meta data for Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
744
diff
changeset
|
623 |
- rebased patches |
b441942b2a3f
update meta data for Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
744
diff
changeset
|
624 |
- requires NSS 3.16.2 |
753 | 625 |
- requires python-devel (not only python) |
746
b441942b2a3f
update meta data for Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
744
diff
changeset
|
626 |
|
b441942b2a3f
update meta data for Aurora 32
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
744
diff
changeset
|
627 |
------------------------------------------------------------------- |
744
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
628 |
Mon Jun 9 08:28:17 UTC 2014 - wr@rosenauer.org |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
629 |
|
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
630 |
- update to Firefox 30.0 (bnc#881874) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
631 |
* MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
632 |
(bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874, |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
633 |
bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981, |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
634 |
bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817, |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
635 |
bmo#996536, bmo#996715, bmo#999651, bmo#1000598, |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
636 |
bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223, |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
637 |
bmo#1009952, bmo#1011007) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
638 |
Miscellaneous memory safety hazards (rv:30.0) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
639 |
* MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
640 |
(bmo#989994, bmo#999274, bmo#1005584) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
641 |
Use-after-free and out of bounds issues found using Address |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
642 |
Sanitizer |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
643 |
* MFSA 2014-50/CVE-2014-1539 (bmo#995603) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
644 |
Clickjacking through cursor invisability after Flash interaction |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
645 |
* MFSA 2014-51/CVE-2014-1540 (bmo#978862) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
646 |
Use-after-free in Event Listener Manager |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
647 |
* MFSA 2014-52/CVE-2014-1541 (bmo#1000185) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
648 |
Use-after-free with SMIL Animation Controller |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
649 |
* MFSA 2014-53/CVE-2014-1542 (bmo#991533) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
650 |
Buffer overflow in Web Audio Speex resampler |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
651 |
* MFSA 2014-54/CVE-2014-1543 (bmo#1011859) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
652 |
Buffer overflow in Gamepad API |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
653 |
* MFSA 2014-55/CVE-2014-1545 (bmo#1018783) |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
654 |
Out of bounds write in NSPR |
733
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
655 |
- rebased patches |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
656 |
- removed obsolete patches |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
657 |
* firefox-browser-css.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
658 |
* mozilla-aarch64-bmo-962488.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
659 |
* mozilla-aarch64-bmo-963023.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
660 |
* mozilla-aarch64-bmo-963024.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
661 |
* mozilla-aarch64-bmo-963027.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
662 |
* mozilla-ppc64-xpcom.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
663 |
* mozilla-ppc64le-javascript.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
664 |
* mozilla-ppc64le-libffi.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
665 |
* mozilla-ppc64le-mfbt.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
666 |
* mozilla-ppc64le-webrtc.patch |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
667 |
* mozilla-ppc64le-xpcom.patch |
744
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
668 |
* mozilla-ppc64le-build.patch |
e2d94ddb82f0
manual merge from 30.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
738
diff
changeset
|
669 |
- requires NSPR 4.10.6 |
725 | 670 |
- enabled GStreamer 1.0 usage for 13.2 and above |
671 |
||
672 |
------------------------------------------------------------------- |
|
738 | 673 |
Sat May 10 06:09:37 UTC 2014 - wr@rosenauer.org |
674 |
||
675 |
- update to Firefox 29.0.1 |
|
676 |
* Seer disabled by default (bmo#1005958) |
|
677 |
* Session Restore failed with a corrupted sessionstore.js file |
|
678 |
(bmo#1001167) |
|
679 |
* pdf.js printing white page (bmo#1003707, bnc#876833) |
|
733
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
680 |
- general.useragent.locale gets overwritten with en-US while it |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
681 |
should be using the active langpack's setting |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
682 |
|
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
683 |
------------------------------------------------------------------- |
727
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
684 |
Sat Apr 26 12:18:07 UTC 2014 - wr@rosenauer.org |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
685 |
|
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
686 |
- update to Firefox 29.0 (bnc#875378) |
733
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
687 |
* MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
688 |
Miscellaneous memory safety hazards |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
689 |
* MFSA 2014-36/CVE-2014-1522 (bmo#995289) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
690 |
Web Audio memory corruption issues |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
691 |
* MFSA 2014-37/CVE-2014-1523 (bmo#969226) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
692 |
Out of bounds read while decoding JPG images |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
693 |
* MFSA 2014-38/CVE-2014-1524 (bmo#989183) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
694 |
Buffer overflow when using non-XBL object as XBL |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
695 |
* MFSA 2014-39/CVE-2014-1525 (bmo#989210) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
696 |
Use-after-free in the Text Track Manager for HTML video |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
697 |
* MFSA 2014-41/CVE-2014-1528 (bmo#963962) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
698 |
Out-of-bounds write in Cairo |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
699 |
* MFSA 2014-42/CVE-2014-1529 (bmo#987003) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
700 |
Privilege escalation through Web Notification API |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
701 |
* MFSA 2014-43/CVE-2014-1530 (bmo#895557) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
702 |
Cross-site scripting (XSS) using history navigations |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
703 |
* MFSA 2014-44/CVE-2014-1531 (bmo#987140) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
704 |
Use-after-free in imgLoader while resizing images |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
705 |
* MFSA 2014-45/CVE-2014-1492 (bmo#903885) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
706 |
Incorrect IDNA domain name matching for wildcard certificates |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
707 |
(fixed by NSS 3.16) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
708 |
* MFSA 2014-46/CVE-2014-1532 (bmo#966006) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
709 |
Use-after-free in nsHostResolver |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
710 |
* MFSA 2014-47/CVE-2014-1526 (bmo#988106) |
b2202fea7983
manual forward merge from 29 and 30 branches
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
727
diff
changeset
|
711 |
Debugger can bypass XrayWrappers with JavaScript |
727
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
712 |
- rebased patches |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
713 |
- removed obsolete patches |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
714 |
* firefox-browser-css.patch |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
715 |
* mozilla-aarch64-599882cfb998.diff |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
716 |
* mozilla-aarch64-bmo-963028.patch |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
717 |
* mozilla-aarch64-bmo-963029.patch |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
718 |
* mozilla-aarch64-bmo-963030.patch |
727fef76f8d7
manual merge from firefox29
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
725
diff
changeset
|
719 |
* mozilla-aarch64-bmo-963031.patch |
716
cef565f1c325
update to Firefox 29.0b7
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
715
diff
changeset
|
720 |
- requires NSS 3.16 |
cef565f1c325
update to Firefox 29.0b7
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
715
diff
changeset
|
721 |
- added mozilla-icu-strncat.patch to fix post build checks |
cef565f1c325
update to Firefox 29.0b7
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
715
diff
changeset
|
722 |
|
cef565f1c325
update to Firefox 29.0b7
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
715
diff
changeset
|
723 |
------------------------------------------------------------------- |
715 | 724 |
Mon Apr 7 15:34:31 UTC 2014 - dmueller@suse.com |
725 |
||
726 |
- add mozilla-aarch64-599882cfb998.patch, |
|
727 |
mozilla-aarch64-bmo-810631.patch, |
|
728 |
mozilla-aarch64-bmo-962488.patch, |
|
729 |
mozilla-aarch64-bmo-963030.patch, |
|
730 |
mozilla-aarch64-bmo-963027.patch, |
|
731 |
mozilla-aarch64-bmo-963028.patch, |
|
732 |
mozilla-aarch64-bmo-963029.patch, |
|
733 |
mozilla-aarch64-bmo-963023.patch, |
|
734 |
mozilla-aarch64-bmo-963024.patch, |
|
735 |
mozilla-aarch64-bmo-963031.patch: AArch64 porting |
|
736 |
||
737 |
------------------------------------------------------------------- |
|
714
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
738 |
Mon Mar 24 16:18:44 UTC 2014 - dvaleev@suse.com |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
739 |
|
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
740 |
- Add patch for bmo#973977 |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
741 |
* mozilla-ppc64-xpcom.patch |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
742 |
|
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
743 |
------------------------------------------------------------------- |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
744 |
Mon Mar 24 14:29:12 UTC 2014 - dvaleev@suse.com |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
745 |
|
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
746 |
- Refresh mozilla-ppc64le-xpcom.patch patch |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
747 |
|
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
748 |
------------------------------------------------------------------- |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
749 |
Fri Mar 21 19:01:42 UTC 2014 - dvaleev@suse.com |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
750 |
|
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
751 |
- Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system |
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
752 |
|
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
753 |
------------------------------------------------------------------- |
711
012a5adf5c74
moved to mozilla-release (28.0build2)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
710
diff
changeset
|
754 |
Sun Mar 16 13:39:15 UTC 2014 - wr@rosenauer.org |
012a5adf5c74
moved to mozilla-release (28.0build2)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
710
diff
changeset
|
755 |
|
712 | 756 |
- update to Firefox 28.0 (bnc#868603) |
757 |
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 |
|
758 |
Miscellaneous memory safety hazards |
|
759 |
* MFSA 2014-17/CVE-2014-1497 (bmo#966311) |
|
760 |
Out of bounds read during WAV file decoding |
|
761 |
* MFSA 2014-18/CVE-2014-1498 (bmo#935618) |
|
762 |
crypto.generateCRMFRequest does not validate type of key |
|
763 |
* MFSA 2014-19/CVE-2014-1499 (bmo#961512) |
|
764 |
Spoofing attack on WebRTC permission prompt |
|
765 |
* MFSA 2014-20/CVE-2014-1500 (bmo#956524) |
|
766 |
onbeforeunload and Javascript navigation DOS |
|
767 |
* MFSA 2014-22/CVE-2014-1502 (bmo#972622) |
|
768 |
WebGL content injection from one domain to rendering in another |
|
769 |
* MFSA 2014-23/CVE-2014-1504 (bmo#911547) |
|
770 |
Content Security Policy for data: documents not preserved by |
|
771 |
session restore |
|
772 |
* MFSA 2014-26/CVE-2014-1508 (bmo#963198) |
|
773 |
Information disclosure through polygon rendering in MathML |
|
774 |
* MFSA 2014-27/CVE-2014-1509 (bmo#966021) |
|
775 |
Memory corruption in Cairo during PDF font rendering |
|
776 |
* MFSA 2014-28/CVE-2014-1505 (bmo#941887) |
|
777 |
SVG filters information disclosure through feDisplacementMap |
|
778 |
* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) |
|
779 |
Privilege escalation using WebIDL-implemented APIs |
|
780 |
* MFSA 2014-30/CVE-2014-1512 (bmo#982957) |
|
781 |
Use-after-free in TypeObject |
|
782 |
* MFSA 2014-31/CVE-2014-1513 (bmo#982974) |
|
783 |
Out-of-bounds read/write through neutering ArrayBuffer objects |
|
784 |
* MFSA 2014-32/CVE-2014-1514 (bmo#983344) |
|
785 |
Out-of-bounds write through TypedArrayObject after neutering |
|
707 | 786 |
- requires NSPR 4.10.3 and NSS 3.15.5 |
712 | 787 |
- new build dependency (and recommends): |
703 | 788 |
* libpulse |
710
5341dc98d26c
update of PPC64LE patches taken from
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
707
diff
changeset
|
789 |
- update of PowerPC 64 patches (bmo#976648) (pcerny@suse.com) |
711
012a5adf5c74
moved to mozilla-release (28.0build2)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
710
diff
changeset
|
790 |
- rebased patches |
703 | 791 |
|
792 |
------------------------------------------------------------------- |
|
704 | 793 |
Mon Feb 17 11:59:28 UTC 2014 - wr@rosenauer.org |
794 |
||
795 |
- update to Firefox 27.0.1 |
|
796 |
* Fixed stability issues with Greasemonkey and other JS that used |
|
797 |
ClearTimeoutOrInterval |
|
714
b686e856c800
import PPC64(LE) changes from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
712
diff
changeset
|
798 |
* JS math correctness issue (bmo#941381) |
704 | 799 |
- incorporate Google API key for geolocation (bnc#864170) |
800 |
- updated list of "other" locales in RPM requirements |
|
801 |
||
802 |
------------------------------------------------------------------- |
|
699 | 803 |
Tue Jan 28 15:45:41 UTC 2014 - wr@rosenauer.org |
804 |
||
700 | 805 |
- update to Firefox 27.0 (bnc#861847) |
806 |
* MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 |
|
807 |
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) |
|
808 |
* MFSA 2014-02/CVE-2014-1479 (bmo#911864) |
|
809 |
Clone protected content with XBL scopes |
|
810 |
* MFSA 2014-03/CVE-2014-1480 (bmo#916726) |
|
811 |
UI selection timeout missing on download prompts |
|
812 |
* MFSA 2014-04/CVE-2014-1482 (bmo#943803) |
|
813 |
Incorrect use of discarded images by RasterImage |
|
814 |
* MFSA 2014-05/CVE-2014-1483 (bmo#950427) |
|
815 |
Information disclosure with *FromPoint on iframes |
|
816 |
* MFSA 2014-06/CVE-2014-1484 (bmo#953993) |
|
817 |
Profile path leaks to Android system log |
|
818 |
* MFSA 2014-07/CVE-2014-1485 (bmo#910139) |
|
819 |
XSLT stylesheets treated as styles in Content Security Policy |
|
820 |
* MFSA 2014-08/CVE-2014-1486 (bmo#942164) |
|
821 |
Use-after-free with imgRequestProxy and image proccessing |
|
822 |
* MFSA 2014-09/CVE-2014-1487 (bmo#947592) |
|
823 |
Cross-origin information leak through web workers |
|
824 |
* MFSA 2014-10/CVE-2014-1489 (bmo#959531) |
|
825 |
Firefox default start page UI content invokable by script |
|
826 |
* MFSA 2014-11/CVE-2014-1488 (bmo#950604) |
|
827 |
Crash when using web workers with asm.js |
|
828 |
* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 |
|
829 |
(bmo#934545, bmo#930874, bmo#930857) |
|
830 |
NSS ticket handling issues |
|
831 |
* MFSA 2014-13/CVE-2014-1481(bmo#936056) |
|
832 |
Inconsistent JavaScript handling of access to Window objects |
|
691
18c2dc922e51
update to Firefox 27.0b2
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
689
diff
changeset
|
833 |
- requires NSS 3.15.4 or higher |
18c2dc922e51
update to Firefox 27.0b2
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
689
diff
changeset
|
834 |
- rebased/reworked patches |
697 | 835 |
- removed obsolete mozilla-bug929439.patch |
691
18c2dc922e51
update to Firefox 27.0b2
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
689
diff
changeset
|
836 |
|
18c2dc922e51
update to Firefox 27.0b2
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
689
diff
changeset
|
837 |
------------------------------------------------------------------- |
692 | 838 |
Thu Dec 12 21:19:54 UTC 2013 - uweigand@de.ibm.com |
839 |
||
840 |
- Add support for powerpc64le-linux. |
|
841 |
* mozilla-ppc64le.patch: general support |
|
842 |
* mozilla-libffi-ppc64le.patch: libffi backport |
|
843 |
* mozilla-xpcom-ppc64le.patch: port xpcom |
|
697 | 844 |
- Add build fix from mainline. |
845 |
* mozilla-bug929439.patch |
|
692 | 846 |
|
847 |
------------------------------------------------------------------- |
|
688 | 848 |
Sun Dec 8 20:26:23 UTC 2013 - wr@rosenauer.org |
849 |
||
689 | 850 |
- update to Firefox 26.0 (bnc#854367, bnc#854370) |
686
ab25aac2aa83
Firefox 26.0b5 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
682
diff
changeset
|
851 |
* rebased patches |
688 | 852 |
* requires NSPR 4.10.2 and NSS 3.15.3.1 |
689 | 853 |
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 |
854 |
Miscellaneous memory safety hazards |
|
855 |
* MFSA 2013-105/CVE-2013-5611 (bmo#771294) |
|
856 |
Application Installation doorhanger persists on navigation |
|
857 |
* MFSA 2013-106/CVE-2013-5612 (bmo#871161) |
|
858 |
Character encoding cross-origin XSS attack |
|
859 |
* MFSA 2013-107/CVE-2013-5614 (bmo#886262) |
|
860 |
Sandbox restrictions not applied to nested object elements |
|
861 |
* MFSA 2013-108/CVE-2013-5616 (bmo#938341) |
|
862 |
Use-after-free in event listeners |
|
863 |
* MFSA 2013-109/CVE-2013-5618 (bmo#926361) |
|
864 |
Use-after-free during Table Editing |
|
865 |
* MFSA 2013-110/CVE-2013-5619 (bmo#917841) |
|
866 |
Potential overflow in JavaScript binary search algorithms |
|
867 |
* MFSA 2013-111/CVE-2013-6671 (bmo#930281) |
|
868 |
Segmentation violation when replacing ordered list elements |
|
869 |
* MFSA 2013-112/CVE-2013-6672 (bmo#894736) |
|
870 |
Linux clipboard information disclosure though selection paste |
|
871 |
* MFSA 2013-113/CVE-2013-6673 (bmo#970380) |
|
872 |
Trust settings for built-in roots ignored during EV certificate |
|
873 |
validation |
|
874 |
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) |
|
875 |
Use-after-free in synthetic mouse movement |
|
876 |
* MFSA 2013-115/CVE-2013-5615 (bmo#929261) |
|
877 |
GetElementIC typed array stubs can be generated outside observed |
|
878 |
typesets |
|
879 |
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) |
|
880 |
JPEG information leak |
|
881 |
* MFSA 2013-117 (bmo#946351) |
|
882 |
Mis-issued ANSSI/DCSSI certificate |
|
883 |
(fixed via NSS 3.15.3.1) |
|
686
ab25aac2aa83
Firefox 26.0b5 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
682
diff
changeset
|
884 |
- removed gecko.js preference file as GStreamer is enabled by |
ab25aac2aa83
Firefox 26.0b5 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
682
diff
changeset
|
885 |
default now |
ab25aac2aa83
Firefox 26.0b5 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
682
diff
changeset
|
886 |
|
ab25aac2aa83
Firefox 26.0b5 update
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
682
diff
changeset
|
887 |
------------------------------------------------------------------- |
681 | 888 |
Thu Oct 24 18:16:19 UTC 2013 - wr@rosenauer.org |
889 |
||
682 | 890 |
- update to Firefox 25.0 (bnc#847708) |
680 | 891 |
* rebased patches |
681 | 892 |
* requires NSS 3.15.2 or above |
682 | 893 |
* MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 |
894 |
Miscellaneous memory safety hazards |
|
895 |
* MFSA 2013-94/CVE-2013-5593 (bmo#868327) |
|
896 |
Spoofing addressbar through SELECT element |
|
897 |
* MFSA 2013-95/CVE-2013-5604 (bmo#914017) |
|
898 |
Access violation with XSLT and uninitialized data |
|
899 |
* MFSA 2013-96/CVE-2013-5595 (bmo#916580) |
|
900 |
Improperly initialized memory and overflows in some JavaScript |
|
901 |
functions |
|
902 |
* MFSA 2013-97/CVE-2013-5596 (bmo#910881) |
|
903 |
Writing to cycle collected object during image decoding |
|
904 |
* MFSA 2013-98/CVE-2013-5597 (bmo#918864) |
|
905 |
Use-after-free when updating offline cache |
|
906 |
* MFSA 2013-99/CVE-2013-5598 (bmo#920515) |
|
907 |
Security bypass of PDF.js checks using iframes |
|
908 |
* MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 |
|
909 |
(bmo#915210, bmo#915576, bmo#916685) |
|
910 |
Miscellaneous use-after-free issues found through ASAN fuzzing |
|
911 |
* MFSA 2013-101/CVE-2013-5602 (bmo#897678) |
|
912 |
Memory corruption in workers |
|
913 |
* MFSA 2013-102/CVE-2013-5603 (bmo#916404) |
|
914 |
Use-after-free in HTML document templates |
|
676 | 915 |
|
916 |
------------------------------------------------------------------- |
|
672 | 917 |
Tue Sep 24 07:31:30 UTC 2013 - wr@rosenauer.org |
918 |
||
919 |
- as GStreamer is not automatically required anymore but loaded |
|
920 |
dynamically if available, require it explicitely |
|
921 |
- recommend optional GStreamer plugins for comprehensive media |
|
922 |
support |
|
923 |
||
924 |
------------------------------------------------------------------- |
|
666
0d913ca30238
move greek to the translations-common package (bnc#840551)
Ludwig Nussel <lnussel@suse.de>
parents:
664
diff
changeset
|
925 |
Mon Sep 16 11:59:18 UTC 2013 - lnussel@suse.de |
0d913ca30238
move greek to the translations-common package (bnc#840551)
Ludwig Nussel <lnussel@suse.de>
parents:
664
diff
changeset
|
926 |
|
0d913ca30238
move greek to the translations-common package (bnc#840551)
Ludwig Nussel <lnussel@suse.de>
parents:
664
diff
changeset
|
927 |
- move greek to the translations-common package (bnc#840551) |
0d913ca30238
move greek to the translations-common package (bnc#840551)
Ludwig Nussel <lnussel@suse.de>
parents:
664
diff
changeset
|
928 |
|
0d913ca30238
move greek to the translations-common package (bnc#840551)
Ludwig Nussel <lnussel@suse.de>
parents:
664
diff
changeset
|
929 |
------------------------------------------------------------------- |
664 | 930 |
Sat Sep 14 14:39:58 UTC 2013 - wr@rosenauer.org |
931 |
||
666
0d913ca30238
move greek to the translations-common package (bnc#840551)
Ludwig Nussel <lnussel@suse.de>
parents:
664
diff
changeset
|
932 |
- update to Firefox 24.0 (bnc#840485) |
667 | 933 |
* MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 |
934 |
Miscellaneous memory safety hazards |
|
935 |
* MFSA 2013-77/CVE-2013-1720 (bmo#888820) |
|
936 |
Improper state in HTML5 Tree Builder with templates |
|
937 |
* MFSA 2013-78/CVE-2013-1721 (bmo#890277) |
|
938 |
Integer overflow in ANGLE library |
|
939 |
* MFSA 2013-79/CVE-2013-1722 (bmo#893308) |
|
940 |
Use-after-free in Animation Manager during stylesheet cloning |
|
941 |
* MFSA 2013-80/CVE-2013-1723 (bmo#891292) |
|
942 |
NativeKey continues handling key messages after widget is destroyed |
|
943 |
* MFSA 2013-81/CVE-2013-1724 (bmo#894137) |
|
944 |
Use-after-free with select element |
|
945 |
* MFSA 2013-82/CVE-2013-1725 (bmo#876762) |
|
946 |
Calling scope for new Javascript objects can lead to memory corruption |
|
947 |
* MFSA 2013-85/CVE-2013-1728 (bmo#883686) |
|
948 |
Uninitialized data in IonMonkey |
|
949 |
* MFSA 2013-88/CVE-2013-1730 (bmo#851353) |
|
950 |
Compartment mismatch re-attaching XBL-backed nodes |
|
951 |
* MFSA 2013-89/CVE-2013-1732 (bmo#883514) |
|
952 |
Buffer overflow with multi-column, lists, and floats |
|
953 |
* MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) |
|
954 |
Memory corruption involving scrolling |
|
955 |
* MFSA 2013-91/CVE-2013-1737 (bmo#907727) |
|
956 |
User-defined properties on DOM proxies get the wrong "this" object |
|
957 |
* MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) |
|
958 |
GC hazard with default compartments and frame chain restoration |
|
959 |
- enable gstreamer explicitely via pref (gecko.js) |
|
663 | 960 |
- require NSS 3.15.1 |
661 | 961 |
|
962 |
------------------------------------------------------------------- |
|
664 | 963 |
Mon Aug 26 07:35:36 UTC 2013 - wr@rosenauer.org |
964 |
||
965 |
- update to Firefox 23.0.1 |
|
966 |
* Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls |
|
967 |
(bmo#901527) |
|
968 |
||
969 |
------------------------------------------------------------------- |
|
661 | 970 |
Sun Aug 4 18:30:11 UTC 2013 - wr@rosenauer.org |
971 |
||
972 |
- update to Firefox 23.0 (bnc#833389) |
|
973 |
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 |
|
974 |
Miscellaneous memory safety hazards |
|
975 |
* MFSA 2013-64/CVE-2013-1704 (bmo#883313) |
|
976 |
Use after free mutating DOM during SetBody |
|
977 |
* MFSA 2013-65/CVE-2013-1705 (bmo#882865) |
|
978 |
Buffer underflow when generating CRMF requests |
|
979 |
* MFSA 2013-67/CVE-2013-1708 (bmo#879924) |
|
980 |
Crash during WAV audio file decoding |
|
981 |
* MFSA 2013-68/CVE-2013-1709 (bmo#838253) |
|
982 |
Document URI misrepresentation and masquerading |
|
983 |
* MFSA 2013-69/CVE-2013-1710 (bmo#871368) |
|
984 |
CRMF requests allow for code execution and XSS attacks |
|
985 |
* MFSA 2013-70/CVE-2013-1711 (bmo#843829) |
|
986 |
Bypass of XrayWrappers using XBL Scopes |
|
987 |
* MFSA 2013-72/CVE-2013-1713 (bmo#887098) |
|
988 |
Wrong principal used for validating URI for some Javascript |
|
989 |
components |
|
990 |
* MFSA 2013-73/CVE-2013-1714 (bmo#879787) |
|
991 |
Same-origin bypass with web workers and XMLHttpRequest |
|
992 |
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) |
|
993 |
Local Java applets may read contents of local file system |
|
653 | 994 |
- requires NSPR 4.10 and NSS 3.15 |
659 | 995 |
|
996 |
------------------------------------------------------------------- |
|
997 |
Wed Jul 3 17:14:35 UTC 2013 - dmueller@suse.com |
|
998 |
||
999 |
- fix build on ARM (/-g/ matches /-grecord-switches/) |
|
1000 |
||
1001 |
------------------------------------------------------------------- |
|
1002 |
Sat Jun 22 17:48:06 UTC 2013 - wr@rosenauer.org |
|
1003 |
||
1004 |
- update to Firefox 22.0 (bnc#825935) |
|
650 | 1005 |
* removed obsolete patches |
1006 |
+ mozilla-qcms-ppc.patch |
|
1007 |
+ mozilla-gstreamer-760140.patch |
|
659 | 1008 |
* GStreamer support does not build on 12.1 anymore (build only |
1009 |
on 12.2 and later) |
|
1010 |
* MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 |
|
1011 |
Miscellaneous memory safety hazards |
|
1012 |
* MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 |
|
1013 |
Memory corruption found using Address Sanitizer |
|
1014 |
* MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) |
|
1015 |
Privileged content access and execution via XBL |
|
1016 |
* MFSA 2013-52/CVE-2013-1688 (bmo#873966) |
|
1017 |
Arbitrary code execution within Profiler |
|
1018 |
* MFSA 2013-53/CVE-2013-1690 (bmo#857883) |
|
1019 |
Execution of unmapped memory through onreadystatechange event |
|
1020 |
* MFSA 2013-54/CVE-2013-1692 (bmo#866915) |
|
1021 |
Data in the body of XHR HEAD requests leads to CSRF attacks |
|
1022 |
* MFSA 2013-55/CVE-2013-1693 (bmo#711043) |
|
1023 |
SVG filters can lead to information disclosure |
|
1024 |
* MFSA 2013-56/CVE-2013-1694 (bmo#848535) |
|
1025 |
PreserveWrapper has inconsistent behavior |
|
1026 |
* MFSA 2013-57/CVE-2013-1695 (bmo#849791) |
|
1027 |
Sandbox restrictions not applied to nested frame elements |
|
1028 |
* MFSA 2013-58/CVE-2013-1696 (bmo#761667) |
|
1029 |
X-Frame-Options ignored when using server push with multi-part |
|
1030 |
responses |
|
1031 |
* MFSA 2013-59/CVE-2013-1697 (bmo#858101) |
|
1032 |
XrayWrappers can be bypassed to run user defined methods in a |
|
1033 |
privileged context |
|
1034 |
* MFSA 2013-60/CVE-2013-1698 (bmo#876044) |
|
1035 |
getUserMedia permission dialog incorrectly displays location |
|
1036 |
* MFSA 2013-61/CVE-2013-1699 (bmo#840882) |
|
1037 |
Homograph domain spoofing in .com, .net and .name |
|
650 | 1038 |
|
1039 |
------------------------------------------------------------------- |
|
1040 |
Tue Jun 11 21:06:58 UTC 2013 - dvaleev@suse.com |
|
1041 |
||
1042 |
- Fix qcms altivec include (mozilla-qcms-ppc.patch) |
|
1043 |
||
1044 |
------------------------------------------------------------------- |
|
647 | 1045 |
Fri May 10 05:25:39 UTC 2013 - wr@rosenauer.org |
1046 |
||
1047 |
- update to Firefox 21.0 (bnc#819204) |
|
1048 |
* removed upstreamed patch firefox-712763.patch |
|
1049 |
* removed disabled mozilla-disable-neon-option.patch |
|
1050 |
* MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 |
|
1051 |
Miscellaneous memory safety hazards |
|
1052 |
* MFSA 2013-42/CVE-2013-1670 (bmo#853709) |
|
1053 |
Privileged access for content level constructor |
|
1054 |
* MFSA 2013-43/CVE-2013-1671 (bmo#842255) |
|
1055 |
File input control has access to full path |
|
1056 |
* MFSA 2013-46/CVE-2013-1674 (bmo#860971) |
|
1057 |
Use-after-free with video and onresize event |
|
1058 |
* MFSA 2013-47/CVE-2013-1675 (bmo#866825) |
|
1059 |
Uninitialized functions in DOMSVGZoomEvent |
|
1060 |
* MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ |
|
1061 |
CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 |
|
1062 |
Memory corruption found using Address Sanitizer |
|
645 | 1063 |
|
1064 |
------------------------------------------------------------------- |
|
1065 |
Tue Apr 9 06:41:31 UTC 2013 - wr@rosenauer.org |
|
1066 |
||
1067 |
- revert to use GStreamer 0.10 on 12.3 (bnc#814101) |
|
1068 |
(remove mozilla-gstreamer-1.patch) |
|
1069 |
||
1070 |
------------------------------------------------------------------- |
|
640
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
1071 |
Fri Apr 5 17:04:11 UTC 2013 - schwab@linux-m68k.org |
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
1072 |
|
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
1073 |
- Explicitly disable WebRTC support on non-x86, the configure script |
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
1074 |
disables it only half-heartedly |
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
1075 |
|
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
1076 |
------------------------------------------------------------------- |
639 | 1077 |
Fri Mar 29 22:15:21 UTC 2013 - wr@rosenauer.org |
1078 |
||
1079 |
- update to Firefox 20.0 (bnc#813026) |
|
1080 |
* requires NSPR 4.9.5 and NSS 3.14.3 |
|
640
68ead6c93b7d
Explicitly disable WebRTC support on non-x86, the configure script
schwab@linux-m68k.org
parents:
639
diff
changeset
|
1081 |
* mozilla-webrtc-ppc.patch included upstream |
639 | 1082 |
* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 |
1083 |
Miscellaneous memory safety hazards |
|
1084 |
* MFSA 2013-31/CVE-2013-0800 (bmo#825721) |
|
1085 |
Out-of-bounds write in Cairo library |
|
1086 |
* MFSA 2013-35/CVE-2013-0796 (bmo#827106) |
|
1087 |
WebGL crash with Mesa graphics driver on Linux |
|
1088 |
* MFSA 2013-36/CVE-2013-0795 (bmo#825697) |
|