author | Stefan Brüns <stefan.bruens@rwth-aachen.de> |
Sun, 01 Oct 2017 23:16:23 +0200 | |
branch | firefox56 |
changeset 997 | ca8a6ac7fbf6 |
parent 996 | 84d25951c2db |
child 998 | 6c6109948e35 |
permissions | -rw-r--r-- |
893
86f72f1e98a4
prepare Gtk3 based builds on a feature branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
892
diff
changeset
|
1 |
------------------------------------------------------------------- |
997
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Brüns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
2 |
Sun Oct 1 18:25:16 UTC 2017 - stefan.bruens@rwth-aachen.de |
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Brüns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
3 |
|
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Brüns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
4 |
- Correct plugin directory for aarch64 (boo#1061207). The wrapper |
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Brüns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
5 |
script was not detecting aarch64 as a 64 bit architecture, thus |
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Brüns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
6 |
used /usr/lib/browser-plugins/. |
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Brüns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
7 |
|
ca8a6ac7fbf6
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Brüns <stefan.bruens@rwth-aachen.de>
parents:
996
diff
changeset
|
8 |
------------------------------------------------------------------- |
996
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
9 |
Sat Sep 30 20:10:50 UTC 2017 - zaitor@opensuse.org |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
10 |
|
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
11 |
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0), |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
12 |
pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0), |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
13 |
pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
14 |
pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
15 |
looks for. |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
16 |
|
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
17 |
------------------------------------------------------------------- |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
18 |
Thu Sep 28 08:28:29 UTC 2017 - wr@rosenauer.org |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
19 |
|
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
20 |
- update to Firefox 56.0 (boo#1060445) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
21 |
* Firefox Screenshots |
994 | 22 |
* Find Options/Preferences more quickly with new search function |
23 |
* Media is no longer auto-played when opened in a background tab |
|
24 |
* Enable CSS Grid Layout View |
|
996
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
25 |
MFSA 2017-21 |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
26 |
* CVE-2017-7793 (bmo#1371889) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
27 |
Use-after-free with Fetch API |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
28 |
* CVE-2017-7817 (bmo#1356596) (Android-only) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
29 |
Firefox for Android address bar spoofing through fullscreen mode |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
30 |
* CVE-2017-7818 (bmo#1363723) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
31 |
Use-after-free during ARIA array manipulation |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
32 |
* CVE-2017-7819 (bmo#1380292) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
33 |
Use-after-free while resizing images in design mode |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
34 |
* CVE-2017-7824 (bmo#1398381) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
35 |
Buffer overflow when drawing and validating elements with ANGLE |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
36 |
* CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
37 |
Use-after-free in TLS 1.2 generating handshake hashes |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
38 |
* CVE-2017-7812 (bmo#1379842) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
39 |
Drag and drop of malicious page content to the tab bar can open locally stored files |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
40 |
* CVE-2017-7814 (bmo#1376036) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
41 |
Blob and data URLs bypass phishing and malware protection warnings |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
42 |
* CVE-2017-7813 (bmo#1383951) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
43 |
Integer truncation in the JavaScript parser |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
44 |
* CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
45 |
OS X fonts render some Tibetan and Arabic unicode characters as spaces |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
46 |
* CVE-2017-7815 (bmo#1368981) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
47 |
Spoofing attack with modal dialogs on non-e10s installations |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
48 |
* CVE-2017-7816 (bmo#1380597) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
49 |
WebExtensions can load about: URLs in extension UI |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
50 |
* CVE-2017-7821 (bmo#1346515) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
51 |
WebExtensions can download and open non-executable files without user interaction |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
52 |
* CVE-2017-7823 (bmo#1396320) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
53 |
CSP sandbox directive did not create a unique origin |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
54 |
* CVE-2017-7822 (bmo#1368859) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
55 |
WebCrypto allows AES-GCM with 0-length IV |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
56 |
* CVE-2017-7820 (bmo#1378207) |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
57 |
Xray wrapper bypass with new tab and web console |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
58 |
* CVE-2017-7811 |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
59 |
Memory safety bugs fixed in Firefox 56 |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
60 |
* CVE-2017-7810 |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
61 |
Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 |
994 | 62 |
- requires NSPR 4.16 and NSS 3.32.1 |
996
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
63 |
- rebased patches |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
64 |
|
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
65 |
------------------------------------------------------------------- |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
66 |
Thu Sep 28 07:53:13 UTC 2017 - dimstar@opensuse.org |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
67 |
|
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
68 |
- Add alsa-devel BuildRequires: we care for ALSA support to be |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
69 |
built and thus need to ensure we get the dependencies in place. |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
70 |
In the past, alsa-devel was pulled in by accident: we |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
71 |
buildrequire libgnome-devel. This required esound-devel and that |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
72 |
in turn pulled in alsa-devel for us. libgnome is being fixed to |
84d25951c2db
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents:
994
diff
changeset
|
73 |
no longer require esound-devel. |
994 | 74 |
|
75 |
------------------------------------------------------------------- |
|
992
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
76 |
Mon Sep 4 18:27:44 UTC 2017 - wr@rosenauer.org |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
77 |
|
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
78 |
- update to Firefox 55.0.3 |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
79 |
* Fix an issue with addons when using a path containing non-ascii |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
80 |
characters (bmo#1389160) |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
81 |
* Fix file uploads to some websites, including YouTube (bmo#1383518) |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
82 |
- fix Google API key build integration |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
83 |
- add mozilla-ucontext.patch to fix Tumbleweed build |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
84 |
- do not enable XINPUT2 for now (boo#1053959) |
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
85 |
|
b2ba34e0dc10
Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
991
diff
changeset
|
86 |
------------------------------------------------------------------- |
991 | 87 |
Fri Aug 11 08:32:30 UTC 2017 - wr@rosenauer.org |
88 |
||
89 |
- update to Firefox 55.0.1 |
|
90 |
* Fix a regression the tab restoration process (bmo#1388160) |
|
91 |
* Fix a problem causing What's new pages not to be displayed (bmo#1386224) |
|
92 |
* Fix a rendering issue with some PKCS#11 libraries (bmo#1388370) |
|
93 |
* Disable the predictor prefetch (bmo#1388160) |
|
94 |
||
95 |
------------------------------------------------------------------- |
|
985 | 96 |
Sat Aug 5 13:22:16 UTC 2017 - wr@rosenauer.org |
97 |
||
991 | 98 |
- update to Firefox 55.0 (boo#1052829) |
985 | 99 |
* Browsing sessions with a high number of tabs are now restored |
100 |
in an instant |
|
101 |
* Sidebar (bookmarks, history, synced tabs) can now be moved to |
|
102 |
the right edge of the window |
|
103 |
* Fine-tune your browser performance from the Preferences/Options page. |
|
104 |
* Make screenshots of webpages, and save them locally or upload |
|
105 |
them to the cloud. This feature will undergo A/B testing and |
|
106 |
will not be visible for some users. |
|
107 |
* Added Belarusian (be) locale |
|
108 |
* Simplify print jobs from within print preview |
|
109 |
* Use virtual reality devices with the web with the introduction |
|
110 |
of WebVR |
|
111 |
* Search suggestions are now enabled by default for users who |
|
112 |
haven't explicitly opted-out |
|
113 |
* Search with any installed search engine directly from the |
|
114 |
location bar |
|
115 |
* IMPORTANT: Breaking profile changes - do not downgrade Firefox |
|
116 |
and use a profile that has been opened with Firefox 55+. |
|
117 |
* The Adobe Flash plugin is now click-to-activate by default and |
|
118 |
only allowed on http:// and https:// URL schemes. This change |
|
119 |
will be rolled out progressively and so will not be visible to |
|
120 |
all users immediately. For more information see the Firefox |
|
121 |
plugin roadmap |
|
122 |
* Modernized application update UI to be less intrusive and more |
|
123 |
aligned with the rest of the browser. Only users who have not |
|
124 |
restarted their browser 8 days after downloading an update or |
|
125 |
users who opted out of automatic updates will see this change. |
|
126 |
* Insecure sites can no longer access the Geolocation APIs to get |
|
127 |
access to your physical location |
|
128 |
* requires NSPR 4.15 and NSS 3.31 |
|
991 | 129 |
MFSA 2017-18 |
130 |
* CVE-2017-7798 (bmo#1371586, bmo#1372112) |
|
131 |
XUL injection in the style editor in devtools |
|
132 |
* CVE-2017-7800 (bmo#1374047) |
|
133 |
Use-after-free in WebSockets during disconnection |
|
134 |
* CVE-2017-7801 (bmo#1371259) |
|
135 |
Use-after-free with marquee during window resizing |
|
136 |
* CVE-2017-7809 (bmo#1380284) |
|
137 |
Use-after-free while deleting attached editor DOM node |
|
138 |
* CVE-2017-7784 (bmo#1376087) |
|
139 |
Use-after-free with image observers |
|
140 |
* CVE-2017-7802 (bmo#1378147) |
|
141 |
Use-after-free resizing image elements |
|
142 |
* CVE-2017-7785 (bmo#1356985) |
|
143 |
Buffer overflow manipulating ARIA attributes in DOM |
|
144 |
* CVE-2017-7786 (bmo#1365189) |
|
145 |
Buffer overflow while painting non-displayable SVG |
|
146 |
* CVE-2017-7806 (bmo#1378113) |
|
147 |
Use-after-free in layer manager with SVG |
|
148 |
* CVE-2017-7753 (bmo#1353312) |
|
149 |
Out-of-bounds read with cached style data and pseudo-elements# |
|
150 |
* CVE-2017-7787 (bmo#1322896) |
|
151 |
Same-origin policy bypass with iframes through page reloads |
|
152 |
* CVE-2017-7807 (bmo#1376459) |
|
153 |
Domain hijacking through AppCache fallback |
|
154 |
* CVE-2017-7792 (bmo#1368652) |
|
155 |
Buffer overflow viewing certificates with an extremely long OID |
|
156 |
* CVE-2017-7804 (bmo#1372849) |
|
157 |
Memory protection bypass through WindowsDllDetourPatcher |
|
158 |
* CVE-2017-7791 (bmo#1365875) |
|
159 |
Spoofing following page navigation with data: protocol and modal alerts |
|
160 |
* CVE-2017-7808 (bmo#1367531) |
|
161 |
CSP information leak with frame-ancestors containing paths |
|
162 |
* CVE-2017-7782 (bmo#1344034) |
|
163 |
WindowsDllDetourPatcher allocates memory without DEP protections |
|
164 |
* CVE-2017-7781 (bmo#1352039) |
|
165 |
Elliptic curve point addition error when using mixed Jacobian-affine coordinates |
|
166 |
* CVE-2017-7794 (bmo#1374281) |
|
167 |
Linux file truncation via sandbox broker |
|
168 |
* CVE-2017-7803 (bmo#1377426) |
|
169 |
CSP containing 'sandbox' improperly applied |
|
170 |
* CVE-2017-7799 (bmo#1372509) |
|
171 |
Self-XSS XUL injection in about:webrtc |
|
172 |
* CVE-2017-7783 (bmo#1360842) |
|
173 |
DOS attack through long username in URL |
|
174 |
* CVE-2017-7788 (bmo#1073952) |
|
175 |
Sandboxed about:srcdoc iframes do not inherit CSP directives |
|
176 |
* CVE-2017-7789 (bmo#1074642) |
|
177 |
Failure to enable HSTS when two STS headers are sent for a connection |
|
178 |
* CVE-2017-7790 (bmo#1350460) (Windows-only) |
|
179 |
Windows crash reporter reads extra memory for some non-null-terminated registry values |
|
180 |
* CVE-2017-7796 (bmo#1234401) (Windows-only) |
|
181 |
Windows updater can delete any file named update.log |
|
182 |
* CVE-2017-7797 (bmo#1334776) |
|
183 |
Response header name interning leaks across origins |
|
184 |
* CVE-2017-7780 |
|
185 |
Memory safety bugs fixed in Firefox 55 |
|
186 |
* CVE-2017-7779 |
|
187 |
Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 |
|
985 | 188 |
- updated mozilla-kde.patch: |
189 |
* removed "downloadfinished" alert as Firefox reimplemented the |
|
190 |
whole thing (TODO: check if there is another function we should |
|
191 |
hook in) |
|
192 |
||
193 |
------------------------------------------------------------------- |
|
983 | 194 |
Tue Jul 4 20:08:47 UTC 2017 - wr@rosenauer.org |
195 |
||
196 |
- update to Firefox 54.0.1 |
|
197 |
* Fix a display issue of tab title (bmo#1357656) |
|
198 |
* Fix a display issue of opening new tab (bmo#1371995) |
|
199 |
* Fix a display issue when opening multiple tabs (bmo#1371962) |
|
200 |
* Fix a tab display issue when downloading files (bmo#1373109) |
|
201 |
* Fix a PDF printing issue (bmo#1366744) |
|
202 |
* Fix a Netflix issue on Linux (bmo#1375708) |
|
203 |
||
204 |
------------------------------------------------------------------- |
|
982 | 205 |
Thu Jun 15 13:56:05 UTC 2017 - wr@rosenauer.org |
206 |
||
207 |
- update to Firefox 54.0 |
|
981 | 208 |
* Clearer and more detailed information for download items in the |
209 |
download panel |
|
210 |
* Added Burmese (my) locale |
|
211 |
* Bookmarks created on mobile devices are now shown in |
|
212 |
"Mobile Bookmarks” folder in the drop down list from the toolbar |
|
213 |
and Bookmarks option in the menu bar in Desktop Firefox |
|
982 | 214 |
* added support for multiple content processes (e10s-multi) |
979 | 215 |
- requires NSPR 4.14 and NSS 3.30.2 |
216 |
- requires rust 1.15.1 |
|
217 |
- removed mozilla-shared-nss-db.patch as it seems to be a rather |
|
218 |
unused feature |
|
219 |
||
220 |
------------------------------------------------------------------- |
|
977
224d8137f02c
remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
967
diff
changeset
|
221 |
Thu Jun 1 04:25:05 UTC 2017 - kah0922@gmail.com |
224d8137f02c
remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
967
diff
changeset
|
222 |
|
224d8137f02c
remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
967
diff
changeset
|
223 |
- remove -fno-inline-small-functions and explicitely optimize with |
224d8137f02c
remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
967
diff
changeset
|
224 |
-O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105) |
224d8137f02c
remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
967
diff
changeset
|
225 |
|
224d8137f02c
remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
967
diff
changeset
|
226 |
------------------------------------------------------------------- |
967 | 227 |
Wed Apr 26 12:37:38 UTC 2017 - wr@rosenauer.org |
964
218a4e337cfe
use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
962
diff
changeset
|
228 |
|
218a4e337cfe
use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
962
diff
changeset
|
229 |
- switch to Mozilla's geolocation service (boo#1026989) |
218a4e337cfe
use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
962
diff
changeset
|
230 |
- removed mozilla-preferences.patch obsoleted by overriding via |
218a4e337cfe
use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
962
diff
changeset
|
231 |
firefox.js |
967 | 232 |
- fixed KDE integration to avoid crash caused by filepicker |
233 |
(boo#1015998) |
|
964
218a4e337cfe
use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
962
diff
changeset
|
234 |
|
218a4e337cfe
use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
962
diff
changeset
|
235 |
------------------------------------------------------------------- |
960
42e50afb9638
Firefox 53.0 (build6)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
959
diff
changeset
|
236 |
Mon Apr 17 12:52:10 UTC 2017 - wr@rosenauer.org |
42e50afb9638
Firefox 53.0 (build6)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
959
diff
changeset
|
237 |
|
42e50afb9638
Firefox 53.0 (build6)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
959
diff
changeset
|
238 |
- update to Firefox 53.0 |
956 | 239 |
* requires NSS 3.29.5 |
951
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
240 |
* Lightweight themes are now applied in private browsing windows |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
241 |
* Reader Mode now displays estimated reading time for the page |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
242 |
* Two new 'compact' themes available in Firefox, dark and light, |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
243 |
based on the Firefox Developer Edition theme |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
244 |
* Ended Firefox Linux support for processors older than Pentium 4 |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
245 |
and AMD Opteron |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
246 |
* Refresh of the media controls user interface |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
247 |
* Shortened titles on tabs are faded out instead of using ellipsis |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
248 |
for improved readability |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
249 |
* Media playback on new tabs is blocked until the tab is visible |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
250 |
* Permission notifications have a cleaner design and cannot be |
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
251 |
easily missed |
962
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
252 |
MFSA 2017-10 |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
253 |
* CVE-2017-5456 (bmo#1344415) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
254 |
Sandbox escape allowing local file system access |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
255 |
* CVE-2017-5442 (bmo#1347979) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
256 |
Use-after-free during style changes |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
257 |
* CVE-2017-5443 (bmo#1342661) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
258 |
Out-of-bounds write during BinHex decoding |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
259 |
* CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
260 |
bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
261 |
Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
262 |
Firefox ESR 52.1 |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
263 |
* CVE-2017-5464 (bmo#1347075) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
264 |
Memory corruption with accessibility and DOM manipulation |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
265 |
* CVE-2017-5465 (bmo#1347617) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
266 |
Out-of-bounds read in ConvolvePixel |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
267 |
* CVE-2017-5466 (bmo#1353975) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
268 |
Origin confusion when reloading isolated data:text/html URL |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
269 |
* CVE-2017-5467 (bmo#1347262) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
270 |
Memory corruption when drawing Skia content |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
271 |
* CVE-2017-5460 (bmo#1343642) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
272 |
Use-after-free in frame selection |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
273 |
* CVE-2017-5461 (bmo#1344380) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
274 |
Out-of-bounds write in Base64 encoding in NSS |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
275 |
* CVE-2017-5448 (bmo#1346648) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
276 |
Out-of-bounds write in ClearKeyDecryptor |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
277 |
* CVE-2017-5449 (bmo#1340127) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
278 |
Crash during bidirectional unicode manipulation with animation |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
279 |
* CVE-2017-5446 (bmo#1343505) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
280 |
Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
281 |
* CVE-2017-5447 (bmo#1343552) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
282 |
Out-of-bounds read during glyph processing |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
283 |
* CVE-2017-5444 (bmo#1344461) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
284 |
Buffer overflow while parsing application/http-index-format content |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
285 |
* CVE-2017-5445 (bmo#1344467) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
286 |
Uninitialized values used while parsing application/http-index-format |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
287 |
content |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
288 |
* CVE-2017-5468 (bmo#1329521) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
289 |
Incorrect ownership model for Private Browsing information |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
290 |
* CVE-2017-5469 (bmo#1292534) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
291 |
Potential Buffer overflow in flex-generated code |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
292 |
* CVE-2017-5440 (bmo#1336832) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
293 |
Use-after-free in txExecutionState destructor during XSLT processing |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
294 |
* CVE-2017-5441 (bmo#1343795) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
295 |
Use-after-free with selection during scroll events |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
296 |
* CVE-2017-5439 (bmo#1336830) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
297 |
Use-after-free in nsTArray Length() during XSLT processing |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
298 |
* CVE-2017-5438 (bmo#1336828) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
299 |
Use-after-free in nsAutoPtr during XSLT processing |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
300 |
* CVE-2017-5437 (bmo#1343453) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
301 |
Vulnerabilities in Libevent library |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
302 |
* CVE-2017-5436 (bmo#1345461) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
303 |
Out-of-bounds write with malicious font in Graphite 2 |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
304 |
* CVE-2017-5435 (bmo#1350683) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
305 |
Use-after-free during transaction processing in the editor |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
306 |
* CVE-2017-5434 (bmo#1349946) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
307 |
Use-after-free during focus handling |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
308 |
* CVE-2017-5433 (bmo#1347168) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
309 |
Use-after-free in SMIL animation functions |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
310 |
* CVE-2017-5432 (bmo#1346654) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
311 |
Use-after-free in text input selection |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
312 |
* CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482, |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
313 |
bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
314 |
bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621, |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
315 |
bmo#1349719, bmo#1353476) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
316 |
Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
317 |
* CVE-2017-5459 (bmo#1333858) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
318 |
Buffer overflow in WebGL |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
319 |
* CVE-2017-5458 (bmo#1229426) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
320 |
Drag and drop of javascript: URLs can allow for self-XSS |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
321 |
* CVE-2017-5455 (bmo#1341191) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
322 |
Sandbox escape through internal feed reader APIs |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
323 |
* CVE-2017-5454 (bmo#1349276) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
324 |
Sandbox escape allowing file system read access through file picker |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
325 |
* CVE-2017-5451 (bmo#1273537) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
326 |
Addressbar spoofing with onblur event |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
327 |
* CVE-2017-5453 (bmo#1321247) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
328 |
HTML injection into RSS Reader feed preview page through |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
329 |
TITLE element |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
330 |
* CVE-2017-5462 (bmo#1345089) |
fbb2f292caaa
add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
960
diff
changeset
|
331 |
DRBG flaw in NSS |
951
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
332 |
- removed browser(npapi) provides as these plugins are deprecated |
953 | 333 |
- switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for |
334 |
Leap 42 |
|
335 |
- Gtk2 is not longer an option; switched to Gtk3 |
|
956 | 336 |
- apply MOZ_USE_XINPUT2=1 for better touchpad and touchscreen support |
337 |
(boo#1032003) |
|
338 |
||
339 |
------------------------------------------------------------------- |
|
340 |
Mon Apr 3 06:16:26 UTC 2017 - wr@rosenauer.org |
|
341 |
||
342 |
- update to Firefox 52.0.2 |
|
343 |
* Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787) |
|
344 |
* Fix loading tab icons on session restore (bmo#1338009) |
|
345 |
* Fix a crash on startup on Linux (bmo#1345413) |
|
346 |
* Fix new installs erroneously not prompting to change the default |
|
347 |
browser setting (bmo#1343938) |
|
953 | 348 |
|
349 |
------------------------------------------------------------------- |
|
350 |
Mon Mar 20 15:35:57 UTC 2017 - wr@rosenauer.org |
|
351 |
||
352 |
- disable rust usage for everything but x86(-64) |
|
956 | 353 |
- explicitely add libffi build requirement |
951
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
354 |
|
f7a8fa97a57e
merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
946
diff
changeset
|
355 |
------------------------------------------------------------------- |
946 | 356 |
Fri Mar 17 15:43:29 UTC 2017 - wr@rosenauer.org |
357 |
||
358 |
- update to Firefox 52.0.1 (boo#1029822) |
|
359 |
MFSA 2017-08 |
|
360 |
CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168) |
|
361 |
||
362 |
------------------------------------------------------------------- |
|
945 | 363 |
Thu Mar 9 12:30:14 UTC 2017 - wr@rosenauer.org |
364 |
||
365 |
- reenable ALSA support which was removed by default upstream |
|
366 |
||
367 |
------------------------------------------------------------------- |
|
944 | 368 |
Sat Mar 4 16:57:45 UTC 2017 - wr@rosenauer.org |
369 |
||
945 | 370 |
- update to Firefox 52.0 (boo#1028391) |
944 | 371 |
* requires NSS >= 3.28.3 |
942
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
372 |
* Pages containing insecure password fields now display a warning |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
373 |
directly within username and password fields. |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
374 |
* Send and open a tab from one device to another with Sync |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
375 |
* Removed NPAPI support for plugins other than Flash. Silverlight, |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
376 |
Java, Acrobat and the like are no longer supported. |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
377 |
* Removed Battery Status API to reduce fingerprinting of users by |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
378 |
trackers |
945 | 379 |
* MFSA 2017-05 |
380 |
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP |
|
381 |
(bmo#1334933) |
|
382 |
CVE-2017-5401: Memory Corruption when handling ErrorResult |
|
383 |
(bmo#1328861) |
|
384 |
CVE-2017-5402: Use-after-free working with events in FontFace |
|
385 |
objects (bmo#1334876) |
|
386 |
CVE-2017-5403: Use-after-free using addRange to add range to an |
|
387 |
incorrect root object (bmo#1340186) |
|
388 |
CVE-2017-5404: Use-after-free working with ranges in selections |
|
389 |
(bmo#1340138) |
|
390 |
CVE-2017-5406: Segmentation fault in Skia with canvas operations |
|
391 |
(bmo#1306890) |
|
392 |
CVE-2017-5407: Pixel and history stealing via floating-point |
|
393 |
timing side channel with SVG filters (bmo#1336622) |
|
394 |
CVE-2017-5410: Memory corruption during JavaScript garbage |
|
395 |
collection incremental sweeping (bmo#1330687) |
|
396 |
CVE-2017-5408: Cross-origin reading of video captions in violation |
|
397 |
of CORS (bmo#1313711) |
|
398 |
CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) |
|
399 |
CVE-2017-5413: Segmentation fault during bidirectional operations |
|
400 |
(bmo#1337504) |
|
401 |
CVE-2017-5414: File picker can choose incorrect default directory |
|
402 |
(bmo#1319370) |
|
403 |
CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) |
|
404 |
CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) |
|
405 |
CVE-2017-5417: Addressbar spoofing by draging and dropping URLs |
|
406 |
(bmo#791597) |
|
407 |
CVE-2017-5426: Gecko Media Plugin sandbox is not started if |
|
408 |
seccomp-bpf filter is running (bmo#1257361) |
|
409 |
CVE-2017-5427: Non-existent chrome.manifest file loaded during |
|
410 |
startup (bmo#1295542) |
|
411 |
CVE-2017-5418: Out of bounds read when parsing HTTP digest |
|
412 |
authorization responses (bmo#1338876) |
|
413 |
CVE-2017-5419: Repeated authentication prompts lead to DOS |
|
414 |
attack (bmo#1312243) |
|
415 |
CVE-2017-5420: Javascript: URLs can obfuscate addressbar |
|
416 |
location (bmo#1284395) |
|
417 |
CVE-2017-5405: FTP response codes can cause use of |
|
418 |
uninitialized values for ports (bmo#1336699) |
|
419 |
CVE-2017-5421: Print preview spoofing (bmo#1301876) |
|
420 |
CVE-2017-5422: DOS attack by using view-source: protocol |
|
421 |
repeatedly in one hyperlink (bmo#1295002) |
|
422 |
CVE-2017-5399: Memory safety bugs fixed in Firefox 52 |
|
423 |
CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and |
|
424 |
Firefox ESR 45.8 |
|
942
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
425 |
- removed obsolete patches |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
426 |
* mozilla-binutils-visibility.patch |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
427 |
* mozilla-check_return.patch |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
428 |
* mozilla-disable-skia-be.patch |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
429 |
* mozilla-skia-overflow.patch |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
430 |
* mozilla-skia-ppc-endianess.patch |
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
431 |
- rebased patches |
943 | 432 |
- enable rust usage for Tumbleweed |
942
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
433 |
|
66115255ad6f
prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
940
diff
changeset
|
434 |
------------------------------------------------------------------- |
940 | 435 |
Fri Jan 27 20:25:59 UTC 2017 - astieger@suse.com |
436 |
||
437 |
- Mozilla Firefox 51.0.1: |
|
438 |
- Multiprocess incompatibility did not correctly register with |
|
439 |
some add-ons (bmo#1333423) |
|
440 |
||
441 |
------------------------------------------------------------------- |
|
935
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
442 |
Fri Jan 20 13:57:56 UTC 2017 - wr@rosenauer.org |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
443 |
|
940 | 444 |
- update to Firefox 51.0 |
935
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
445 |
* requires NSPR >= 4.13.1, NSS >= 3.28.1 |
936 | 446 |
* Added support for FLAC (Free Lossless Audio Codec) playback |
447 |
* Added support for WebGL 2 |
|
448 |
* Added Georgian (ka) and Kabyle (kab) locales |
|
449 |
* Support saving passwords for forms without 'submit' events |
|
450 |
* Improved video performance for users without GPU acceleration |
|
451 |
* Zoom indicator is shown in the URL bar if the zoom level is not |
|
452 |
at default level |
|
453 |
* View passwords from the prompt before saving them |
|
454 |
* Remove Belarusian (be) locale |
|
455 |
* Use Skia for content rendering (Linux) |
|
940 | 456 |
* MFSA 2017-01 |
457 |
CVE-2017-5375: Excessive JIT code allocation allows bypass of |
|
458 |
ASLR and DEP (bmo#1325200, boo#1021814) |
|
459 |
CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) |
|
460 |
CVE-2017-5377: Memory corruption with transforms to create |
|
461 |
gradients in Skia (bmo#1306883, boo#1021826) |
|
462 |
CVE-2017-5378: Pointer and frame data leakage of Javascript objects |
|
463 |
(bmo#1312001, bmo#1330769, boo#1021818) |
|
464 |
CVE-2017-5379: Use-after-free in Web Animations |
|
465 |
(bmo#1309198,boo#1021827) |
|
466 |
CVE-2017-5380: Potential use-after-free during DOM manipulations |
|
467 |
(bmo#1322107, boo#1021819) |
|
468 |
CVE-2017-5390: Insecure communication methods in Developer Tools |
|
469 |
JSON viewer (bmo#1297361, boo#1021820) |
|
470 |
CVE-2017-5389: WebExtensions can install additional add-ons via |
|
471 |
modified host requests (bmo#1308688, boo#1021828) |
|
472 |
CVE-2017-5396: Use-after-free with Media Decoder |
|
473 |
(bmo#1329403, boo#1021821) |
|
474 |
CVE-2017-5381: Certificate Viewer exporting can be used to navigate |
|
475 |
and save to arbitrary filesystem locations |
|
476 |
(bmo#1017616, boo#1021830) |
|
477 |
CVE-2017-5382: Feed preview can expose privileged content errors |
|
478 |
and exceptions (bmo#1295322, boo#1021831) |
|
479 |
CVE-2017-5383: Location bar spoofing with unicode characters |
|
480 |
(bmo#1323338, bmo#1324716, boo#1021822) |
|
481 |
CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) |
|
482 |
(bmo#1255474, boo#1021832) |
|
483 |
CVE-2017-5385: Data sent in multipart channels ignores referrer-policy |
|
484 |
response headers (bmo#1295945, boo#1021833) |
|
485 |
CVE-2017-5386: WebExtensions can use data: protocol to affect other |
|
486 |
extensions (bmo#1319070, boo#1021823) |
|
487 |
CVE-2017-5394: Android location bar spoofing using fullscreen and |
|
488 |
JavaScript events (bmo#1222798) |
|
489 |
CVE-2017-5391: Content about: pages can load privileged about: pages |
|
490 |
(bmo#1309310, boo#1021835) |
|
491 |
CVE-2017-5392: Weak references using multiple threads on weak proxy |
|
492 |
objects lead to unsafe memory usage (bmo#1293709) |
|
493 |
(Android only) |
|
494 |
CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for |
|
495 |
mozAddonManager (bmo#1309282, boo#1021837) |
|
496 |
CVE-2017-5395: Android location bar spoofing during scrolling |
|
497 |
(bmo#1293463) (Android only) |
|
498 |
CVE-2017-5387: Disclosure of local file existence through TRACK |
|
499 |
tag error messages (bmo#1295023, boo#1021839) |
|
500 |
CVE-2017-5388: WebRTC can be used to generate a large amount of |
|
501 |
UDP traffic for DDOS attacks |
|
502 |
(bmo#1281482, boo#1021840) |
|
503 |
CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841) |
|
504 |
CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and |
|
505 |
Firefox ESR 45.7 (boo#1021824) |
|
506 |
- switch Firefox to Gtk3 for Tumbleweed |
|
935
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
507 |
- removed obsolete patches |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
508 |
* mozilla-flex_buffer_overrun.patch |
939
3604ed712e16
51.0 as submitted to official openSUSE
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
938
diff
changeset
|
509 |
- updated RPM locale support tag |
3604ed712e16
51.0 as submitted to official openSUSE
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
938
diff
changeset
|
510 |
- improve recognition of LANGUAGE env variable (boo#1017174) |
940 | 511 |
- add upstream patch to fix PPC64LE (bmo#1319389) |
512 |
(mozilla-skia-ppc-endianess.patch) |
|
513 |
- fix build without skia (big endian archs) (bmo#1319374) |
|
514 |
(mozilla-disable-skia-be.patch) |
|
935
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
515 |
|
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
516 |
------------------------------------------------------------------- |
933 | 517 |
Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org |
518 |
||
935
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
519 |
- update to Firefox 50.1.0 (boo#1015422) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
520 |
* MFSA 2016-94 |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
521 |
CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
522 |
CVE-2016-9899: Use-after-free while manipulating DOM events and |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
523 |
audio elements (bmo#1317409) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
524 |
CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
525 |
CVE-2016-9896: Use-after-free with WebVR (bmo#1315543) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
526 |
CVE-2016-9897: Memory corruption in libGLES (bmo#1301381) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
527 |
CVE-2016-9898: Use-after-free in Editor while manipulating |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
528 |
DOM subtrees (bmo#1314442) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
529 |
CVE-2016-9900: Restricted external resources can be loaded by |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
530 |
SVG images through data URLs (bmo#1319122) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
531 |
CVE-2016-9904: Cross-origin information leak in shared atoms |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
532 |
(bmo#1317936) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
533 |
CVE-2016-9901: Data from Pocket server improperly sanitized |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
534 |
before execution (bmo#1320057) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
535 |
CVE-2016-9902: Pocket extension does not validate the origin |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
536 |
of events (bmo#1320039) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
537 |
CVE-2016-9903: XSS injection vulnerability in add-ons SDK |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
538 |
(bmo#1315435) |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
539 |
CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
540 |
CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and |
9ae2b79d3bb1
prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
933
diff
changeset
|
541 |
Firefox ESR 45.6 |
933 | 542 |
|
543 |
------------------------------------------------------------------- |
|
544 |
Fri Dec 9 17:57:22 UTC 2016 - cgrobertson@novell.com |
|
545 |
||
546 |
- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922) |
|
547 |
||
548 |
------------------------------------------------------------------- |
|
549 |
Thu Dec 1 02:49:45 UTC 2016 - wr@rosenauer.org |
|
550 |
||
551 |
- update to Firefox 50.0.2 |
|
552 |
* Firefox crashes with 3rd party Chinese IME when using IME text |
|
553 |
(50.0.1) |
|
554 |
security fixes (in 50.0.1): (boo#1012807) |
|
555 |
* MFSA 2016-91 |
|
556 |
CVE-2016-9078: data: URL can inherit wrong origin after an |
|
557 |
HTTP redirect (bmo#1317641) |
|
558 |
security fixes (in 50.0.2) (boo#1012964) |
|
559 |
* MFSA 2016-92 |
|
560 |
CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066) |
|
561 |
||
562 |
------------------------------------------------------------------- |
|
932 | 563 |
Mon Nov 14 21:07:03 UTC 2016 - wr@rosenauer.org |
564 |
||
565 |
- update to Firefox 50.0 (boo#1009026) |
|
566 |
* requires NSS 3.26.2 |
|
567 |
new features |
|
568 |
* Updates to keyboard shortcuts |
|
569 |
Set a preference to have Ctrl+Tab cycle through tabs in recently |
|
570 |
used order |
|
571 |
View a page in Reader Mode by using Ctrl+Alt+R |
|
572 |
* Added option to Find in page that allows users to limit search to |
|
573 |
whole words only |
|
574 |
* Added download protection for a large number of executable file |
|
575 |
types on Windows, Mac and Linux |
|
576 |
* Fixed rendering of dashed and dotted borders with rounded corners |
|
577 |
(border-radius) |
|
578 |
* Added a built-in Emoji set for operating systems without native |
|
579 |
Emoji fonts (Windows 8.0 and lower and Linux) |
|
580 |
* Blocked versions of libavcodec older than 54.35.1 |
|
581 |
* additional locale |
|
582 |
security fixes: |
|
583 |
* MFSA 2016-89 |
|
584 |
CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 |
|
585 |
(bmo#1292443) |
|
586 |
CVE-2016-5292: URL parsing causes crash (bmo#1288482) |
|
587 |
CVE-2016-5293: Write to arbitrary file with updater and moz |
|
588 |
maintenance service using updater.log hardlink |
|
589 |
(Windows only) (bmo#1246945) |
|
590 |
CVE-2016-5294: Arbitrary target directory for result files of |
|
591 |
update process (Windows only) (bmo#1246972) |
|
592 |
CVE-2016-5297: Incorrect argument length checking in Javascript |
|
593 |
(bmo#1303678) |
|
594 |
CVE-2016-9064: Addons update must verify IDs match between |
|
595 |
current and new versions (bmo#1303418) |
|
596 |
CVE-2016-9065: Firefox for Android location bar spoofing usingfullscreen |
|
597 |
(Android only) (bmo#1306696) |
|
598 |
CVE-2016-9066: Integer overflow leading to a buffer overflow in |
|
599 |
nsScriptLoadHandler (bmo#1299686) |
|
600 |
CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore |
|
601 |
(bmo#1301777, bmo#1308922 (CVE-2016-9069)) |
|
602 |
CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973) |
|
603 |
CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile |
|
604 |
(bmo#1300083) (Windows only) |
|
605 |
CVE-2016-9075: WebExtensions can access the mozAddonManager API |
|
606 |
and use it to gain elevated privileges (bmo#1295324) |
|
607 |
CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied |
|
608 |
to cross-origin images, allowing timing attacks on them |
|
609 |
(bmo#1298552) |
|
610 |
CVE-2016-5291: Same-origin policy violation using local HTML file |
|
611 |
and saved shortcut file (bmo#1292159) |
|
612 |
CVE-2016-5295: Mozilla Maintenance Service: Ability to read |
|
613 |
arbitrary files as SYSTEM (Windows only) (bmo#1247239) |
|
614 |
CVE-2016-5298: SSL indicator can mislead the user about the real |
|
615 |
URL visited (bmo#1227538) (Android only) |
|
616 |
CVE-2016-5299: Firefox AuthToken in broadcast protected with |
|
617 |
signature-level permission can be accessed by an |
|
618 |
application installed beforehand that defines the |
|
619 |
same permissions (bmo#1245791) (Android only) |
|
620 |
CVE-2016-9061: API Key (glocation) in broadcast protected with |
|
621 |
signature-level permission can be accessed by an |
|
622 |
application installed beforehand that defines the |
|
623 |
same permissions (Android only) (bmo#1245795) |
|
624 |
CVE-2016-9062: Private browsing browser traces (android) in |
|
625 |
browser.db and wal file (Android only) (bmo#1294438) |
|
626 |
CVE-2016-9070: Sidebar bookmark can have reference to chrome window |
|
627 |
(bmo#1281071) |
|
628 |
CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl" |
|
629 |
(bmo#1289273) |
|
630 |
CVE-2016-9074: Insufficient timing side-channel resistance in |
|
631 |
divSpoiler (bmo#1293334) (fixed via NSS 3.26.1) |
|
632 |
CVE-2016-9076: select dropdown menu can be used for URL bar |
|
633 |
spoofing on e10s (bmo#1276976) |
|
634 |
CVE-2016-9063: Possible integer overflow to fix inside XML_Parse |
|
635 |
in expat (bmo#1274777) |
|
636 |
CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP |
|
637 |
(bmo#1285003) |
|
638 |
CVE-2016-5289: Memory safety bugs fixed in Firefox 50 |
|
639 |
CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 |
|
640 |
- make aarch64 build more similar to x86_64 build (remove conditionals |
|
641 |
that don't seem to be necessary anymore) |
|
642 |
||
643 |
------------------------------------------------------------------- |
|
931 | 644 |
Mon Oct 24 09:41:17 UTC 2016 - astieger@suse.com |
645 |
||
646 |
- Mozilla Firefox 49.0.2: |
|
647 |
* CVE-2016-5287: Crash in nsTArray_base (bsc#1006475) |
|
648 |
* CVE-2016-5288: Web content can read cache entries (bsc#1006476) |
|
649 |
* Asynchronous rendering of the Flash plugins is now enabled by |
|
650 |
default |
|
651 |
* Change D3D9 default fallback preference to prevent graphical |
|
652 |
artifacts |
|
653 |
* Network issue prevents some users from seeing the Firefox UI on |
|
654 |
startup |
|
655 |
* Web compatibility issue with file uploads |
|
656 |
* Web compatibility issue with Array.prototype.values |
|
657 |
* Diagnostic information on timing for tab switching |
|
658 |
* Fix a Canvas filters graphics issue affecting HTML5 apps |
|
659 |
||
660 |
------------------------------------------------------------------- |
|
930
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
661 |
Wed Oct 12 20:42:28 UTC 2016 - badshah400@gmail.com |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
662 |
|
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
663 |
- Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0 |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
664 |
and fixes have been incorporated by upstream. |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
665 |
|
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
666 |
------------------------------------------------------------------- |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
667 |
Fri Sep 23 20:36:39 UTC 2016 - astieger@suse.com |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
668 |
|
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
669 |
- Mozilla Firefox 49.0.1: |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
670 |
* Mitigate a startup crash issue caused by Websense - bmo#1304783 |
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
671 |
|
fdfd88b0c2d7
latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
929
diff
changeset
|
672 |
------------------------------------------------------------------- |
929 | 673 |
Tue Sep 20 07:09:52 UTC 2016 - wr@rosenauer.org |
674 |
||
675 |
- update to Firefox 49.0 (boo#999701) |
|
676 |
new features |
|
677 |
* Updated Firefox Login Manager to allow HTTPS pages to use saved |
|
678 |
HTTP logins. |
|
679 |
* Added features to Reader Mode that make it easier on the eyes and |
|
680 |
the ears |
|
681 |
* Improved video performance for users on systems that support |
|
682 |
SSE3 without hardware acceleration |
|
683 |
* Added context menu controls to HTML5 audio and video that let users |
|
684 |
loops files or play files at 1.25x speed |
|
685 |
* Improvements in about:memory reports for tracking font memory usage |
|
686 |
security related |
|
687 |
* MFSA 2016-85 |
|
688 |
CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in |
|
689 |
mozilla::net::IsValidReferrerPolicy |
|
690 |
CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in |
|
691 |
nsCaseTransformTextRunFactory::TransformString |
|
692 |
CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in |
|
693 |
PropertyProvider::GetSpacingInternal |
|
694 |
CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin |
|
695 |
CVE-2016-5273 (bmo#1280387) - crash in |
|
696 |
mozilla::a11y::HyperTextAccessible::GetChildOffset |
|
697 |
CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in |
|
698 |
mozilla::a11y::DocAccessible::ProcessInvalidationList |
|
699 |
CVE-2016-5274 (bmo#1282076) - use-after-free in |
|
700 |
nsFrameManager::CaptureFrameState |
|
701 |
CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick |
|
702 |
CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in |
|
703 |
mozilla::gfx::FilterSupport::ComputeSourceNeededRegions |
|
704 |
CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in |
|
705 |
nsBMPEncoder::AddImageFrame |
|
706 |
CVE-2016-5279 (bmo#1249522) - Full local path of files is available |
|
707 |
to web pages after drag and drop |
|
708 |
CVE-2016-5280 (bmo#1289970) - Use-after-free in |
|
709 |
mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap |
|
710 |
CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength |
|
711 |
CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons |
|
712 |
from non-whitelisted schemes |
|
713 |
CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can |
|
714 |
reveal cross-origin data |
|
715 |
CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration |
|
716 |
CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 |
|
717 |
CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 |
|
718 |
- removed obsolete patches: |
|
719 |
* mozilla-aarch64-48bit-va.patch |
|
720 |
* mozilla-exclude-nametablecpp.patch |
|
721 |
* mozilla-old_configure-bmo1282843.patch |
|
722 |
- added patch mozilla-skia-overflow.patch (bmo#1304114) |
|
723 |
- requires NSS 3.25 |
|
724 |
||
725 |
------------------------------------------------------------------- |
|
928 | 726 |
Tue Aug 30 20:25:38 UTC 2016 - astieger@suse.com |
727 |
||
728 |
- Mozilla Firefox 48.0.2: |
|
729 |
* Mitigate a startup crash issue caused on Windows (bmo#1291738) |
|
730 |
||
731 |
------------------------------------------------------------------- |
|
927 | 732 |
Sat Aug 20 10:58:26 UTC 2016 - astieger@suse.com |
733 |
||
734 |
- Mozilla Firefox 48.0.1: |
|
735 |
* Fix an audio regression impacting some major websites |
|
736 |
(bmo#1295296) |
|
737 |
* Fix a top crash in the JavaScript engine (bmo#1290469) |
|
738 |
* Fix a startup crash issue caused by Websense (bmo#1291738) |
|
739 |
* Fix a different behavior with e10s / non-e10s on <select> and |
|
740 |
mouse events (bmo#1291078) |
|
741 |
* Fix a top crash caused by plugin issues (bmo#1264530) |
|
742 |
* Fix a shutdown issue (bmo#1276920) |
|
743 |
* Fix a crash in WebRTC |
|
744 |
||
745 |
------------------------------------------------------------------- |
|
925
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
746 |
Mon Aug 15 11:24:00 UTC 2016 - wr@rosenauer.org |
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
747 |
|
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
748 |
- added upstream patch so system plugins/extensions are correctly |
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
749 |
loaded again on x86-64 (bmo#1282843) |
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
750 |
(mozilla-old_configure-bmo1282843.patch) |
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
751 |
|
05d175c5957e
added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
924
diff
changeset
|
752 |
------------------------------------------------------------------- |
926
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
753 |
Fri Aug 5 13:47:12 UTC 2016 - pcerny@suse.com |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
754 |
|
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
755 |
- Fix for possible buffer overrun (bsc#990856) |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
756 |
CVE-2016-6354 (bmo#1292534) |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
757 |
[mozilla-flex_buffer_overrun.patch] |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
758 |
|
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
759 |
------------------------------------------------------------------- |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
760 |
Wed Aug 3 03:38:47 UTC 2016 - badshah400@gmail.com |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
761 |
|
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
762 |
- Update mozilla-gtk3_20.patch to latest version from Fedora. |
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
763 |
|
6ab8b16f232c
merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
925
diff
changeset
|
764 |
------------------------------------------------------------------- |
923 | 765 |
Mon Aug 1 12:37:05 UTC 2016 - wr@rosenauer.org |
766 |
||
924 | 767 |
- update to Firefox 48.0 (boo#991809) |
923 | 768 |
* requires NSS 3.24 |
769 |
* Process separation (e10s) is enabled for some of you |
|
770 |
* Add-ons that have not been verified and signed by Mozilla will not load |
|
771 |
* WebRTC embetterments |
|
772 |
* The media parser has been redeveloped using the Rust programming |
|
773 |
language |
|
774 |
* better Canvas performance with speedy Skia support |
|
924 | 775 |
security fixes: |
776 |
* MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 |
|
777 |
Miscellaneous memory safety hazards |
|
778 |
* MFSA 2016-63/CVE-2016-2830 (bmo#1255270) |
|
779 |
Favicon network connection can persist when page is closed |
|
780 |
* MFSA 2016-64/CVE-2016-2838 (bmo#1279814) |
|
781 |
Buffer overflow rendering SVG with bidirectional content |
|
782 |
* MFSA 2016-65/CVE-2016-2839 (bmo#1275339) |
|
783 |
Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 |
|
784 |
* MFSA 2016-66/CVE-2016-5251 (bmo#1255570) |
|
785 |
Location bar spoofing via data URLs with malformed/invalid mediatypes |
|
786 |
* MFSA 2016-67/CVE-2016-5252 (bmo#1268854) |
|
787 |
Stack underflow during 2D graphics rendering |
|
788 |
* MFSA 2016-68/CVE-2016-0718 (bmo#1236923) |
|
789 |
Out-of-bounds read during XML parsing in Expat library |
|
790 |
* MFSA 2016-69/CVE-2016-5253 (bmo#1246944) |
|
791 |
Arbitrary file manipulation by local user through Mozilla updater |
|
792 |
and callback application path parameter (Windows-only) |
|
793 |
* MFSA 2016-70/CVE-2016-5254 (bmo#1266963) |
|
794 |
Use-after-free when using alt key and toplevel menus |
|
795 |
* MFSA 2016-71/CVE-2016-5255 (bmo#1212356) |
|
796 |
Crash in incremental garbage collection in JavaScript |
|
797 |
* MFSA 2016-72/CVE-2016-5258 (bmo#1279146) |
|
798 |
Use-after-free in DTLS during WebRTC session shutdown |
|
799 |
* MFSA 2016-73/CVE-2016-5259 (bmo#1282992) |
|
800 |
Use-after-free in service workers with nested sync events |
|
801 |
* MFSA 2016-74/CVE-2016-5260 (bmo#1280294) |
|
802 |
Form input type change from password to text can store plain |
|
803 |
text password in session restore file |
|
804 |
* MFSA 2016-75/CVE-2016-5261 (bmo#1287266) |
|
805 |
Integer overflow in WebSockets during data buffering |
|
806 |
* MFSA 2016-76/CVE-2016-5262 (bmo#1277475) |
|
807 |
Scripts on marquee tag can execute in sandboxed iframes |
|
808 |
* MFSA 2016-77/CVE-2016-2837 (bmo#1274637) |
|
809 |
Buffer overflow in ClearKey Content Decryption Module (CDM) |
|
810 |
during video playback |
|
811 |
* MFSA 2016-78/CVE-2016-5263 (bmo#1276897) |
|
812 |
Type confusion in display transformation |
|
813 |
* MFSA 2016-79/CVE-2016-5264 (bmo#1286183) |
|
814 |
Use-after-free when applying SVG effects |
|
815 |
* MFSA 2016-80/CVE-2016-5265 (bmo#1278013) |
|
816 |
Same-origin policy violation using local HTML file and saved shortcut file |
|
817 |
* MFSA 2016-81/CVE-2016-5266 (bmo#1226977) |
|
818 |
Information disclosure and local file manipulation through drag and drop |
|
819 |
* MFSA 2016-82/CVE-2016-5267 (bmo#1284372) |
|
820 |
Addressbar spoofing with right-to-left characters on Firefox for Android |
|
821 |
(Android only) |
|
822 |
* MFSA 2016-83/CVE-2016-5268 (bmo#1253673) |
|
823 |
Spoofing attack through text injection into internal error pages |
|
824 |
* MFSA 2016-84/CVE-2016-5250 (bmo#1254688) |
|
825 |
Information disclosure through Resource Timing API during page navigation |
|
923 | 826 |
- removed obsolete mozilla-gcc6.patch |
827 |
||
828 |
------------------------------------------------------------------- |
|
921
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
829 |
Fri Jul 29 01:26:13 UTC 2016 - badshah400@gmail.com |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
830 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
831 |
- Update description and screenshots in appdata.xml file. |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
832 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
833 |
------------------------------------------------------------------- |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
834 |
Sat Jul 23 20:13:08 UTC 2016 - antoine.belvire@laposte.net |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
835 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
836 |
- Fix Firefox crash on startup on i586 (boo#986541): |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
837 |
* Add -fno-delete-null-pointer-checks and |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
838 |
-fno-inline-small-functions to CFLAGS |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
839 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
840 |
------------------------------------------------------------------- |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
841 |
Tue Jul 19 20:12:11 UTC 2016 - mailaender@opensuse.org |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
842 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
843 |
- Update the appdata.xml file (replace Windows XP screenshot) |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
844 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
845 |
------------------------------------------------------------------- |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
846 |
Wed Jun 29 09:25:41 UTC 2016 - astieger@suse.com |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
847 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
848 |
- Mozilla Firefox 47.0.1: |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
849 |
* Selenium WebDriver may cause Firefox to crash at startup |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
850 |
(bmo#1280854) |
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
851 |
|
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
852 |
------------------------------------------------------------------- |
920
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
853 |
Wed Jun 15 07:52:18 UTC 2016 - wr@rosenauer.org |
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
854 |
|
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
855 |
- mozilla-binutils-visibility.patch to fix build issues with |
921
4f801233e935
merge contributions from OBS
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
920
diff
changeset
|
856 |
gcc/binutils combination used in Leap 42.2 (boo#984637) |
920
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
857 |
|
4e5807284ef0
https://bugzilla.opensuse.org/show_bug.cgi?id=984637
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
919
diff
changeset
|
858 |
------------------------------------------------------------------- |
919
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
859 |
Tue Jun 14 08:35:03 UTC 2016 - badshah400@gmail.com |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
860 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
861 |
- Update mozilla-gtk3_20.patch to latest version from Fedora. |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
862 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
863 |
------------------------------------------------------------------- |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
864 |
Mon Jun 13 20:28:01 UTC 2016 - agraf@suse.com |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
865 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
866 |
- Fix running on 48bit va aarch64 (bsc#984126) |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
867 |
* add patch mozilla-aarch64-48bit-va.patch |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
868 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
869 |
------------------------------------------------------------------- |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
870 |
Mon Jun 13 15:27:13 UTC 2016 - wr@rosenauer.org |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
871 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
872 |
- fix XUL dialog button order under KDE session (boo#984403) |
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
873 |
|
6838f0c032f8
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
916
diff
changeset
|
874 |
------------------------------------------------------------------- |
916 | 875 |
Tue Jun 7 19:47:25 UTC 2016 - wr@rosenauer.org |
876 |
||
877 |
- update to Firefox 47.0 (boo#983549) |
|
878 |
* Enable VP9 video codec for users with fast machines |
|
879 |
* Embedded YouTube videos now play with HTML5 video if Flash is |
|
880 |
not installed |
|
881 |
* View and search open tabs from your smartphone or another |
|
882 |
computer in a sidebar |
|
883 |
* Allow no-cache on back/forward navigations for https resources |
|
884 |
security fixes: |
|
885 |
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818 |
|
886 |
(boo#983638) |
|
887 |
(bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743, |
|
888 |
bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493, |
|
889 |
bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752, |
|
890 |
bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130, |
|
891 |
bmo#1269729, bmo#1273202, bmo#1273701) |
|
892 |
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) |
|
893 |
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381) |
|
894 |
Buffer overflow parsing HTML5 fragments |
|
895 |
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460) |
|
896 |
Use-after-free deleting tables from a contenteditable document |
|
897 |
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129) |
|
898 |
Addressbar spoofing though the SELECT element |
|
899 |
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580) |
|
900 |
Out-of-bounds write with WebGL shader |
|
901 |
* MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093) |
|
902 |
Partial same-origin-policy through setting location.host |
|
903 |
through data URI |
|
904 |
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810) |
|
905 |
Use-after-free when textures are used in WebGL operations |
|
906 |
after recycle pool destruction |
|
907 |
* MFSA 2016-57/CVE-2016-2829 (boo#983644) (bmo#1248329) |
|
908 |
Incorrect icon displayed on permissions notifications |
|
909 |
* MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933) |
|
910 |
Entering fullscreen and persistent pointerlock without user |
|
911 |
permission |
|
912 |
* MFSA 2016-59/CVE-2016-2832 (boo#983632) (bmo#1025267) |
|
913 |
Information disclosure of disabled plugins through CSS |
|
914 |
pseudo-classes |
|
915 |
* MFSA 2016-60/CVE-2016-2833 (boo#983640) (bmo#908933) |
|
916 |
Java applets bypass CSP protections |
|
917 |
* MFSA 2016-62/CVE-2016-2834 (boo#983639) (bmo#1206283, |
|
918 |
bmo#1221620, bmo#1241034, bmo#1241037) |
|
919 |
Network Security Services (NSS) vulnerabilities |
|
920 |
fixed by requiring NSS 3.23 |
|
921 |
packaging changes: |
|
922 |
* cleanup configure options (boo#981695): |
|
923 |
- notably remove GStreamer support which is gone from FF |
|
924 |
* remove obsolete patches |
|
925 |
- mozilla-libproxy.patch |
|
926 |
- mozilla-repo.patch |
|
927 |
||
928 |
------------------------------------------------------------------- |
|
929 |
Wed May 25 16:36:23 UTC 2016 - badshah400@gmail.com |
|
930 |
||
931 |
- The conditional testing for gcc was failing for different |
|
932 |
openSUSE versions, drop it and apply patches unconditionally. |
|
933 |
||
934 |
------------------------------------------------------------------- |
|
935 |
Mon May 23 15:30:27 UTC 2016 - badshah400@gmail.com |
|
936 |
||
937 |
- Add patches to fix building with gcc6: |
|
938 |
+ mozilla-gcc6.patch: fix building with gcc >= 6.1; patch |
|
939 |
taken from upstream: |
|
940 |
https://hg.mozilla.org/mozilla-central/rev/55212130f19d. |
|
941 |
+ mozilla-exclude-nametablecpp.patch: Exclude NameTable.cpp |
|
942 |
from unified compilation because #include <cmath> in other |
|
943 |
source files causes gcc6 compilation failure; patch taken from |
|
944 |
upstream: |
|
945 |
https://hg.mozilla.org/mozilla-central/rev/9c57b7cacffc. |
|
946 |
||
947 |
------------------------------------------------------------------- |
|
948 |
Fri May 13 00:00:00 CEST 2016 - dsterba@suse.cz |
|
949 |
||
950 |
- enable build with PIE and full relro on x86_64 (boo#980384) |
|
951 |
||
952 |
------------------------------------------------------------------- |
|
914 | 953 |
Wed May 4 10:27:43 UTC 2016 - wr@rosenauer.org |
954 |
||
955 |
- update to Firefox 46.0.1 |
|
956 |
Fixed: |
|
957 |
* Search plugin issue for various locales |
|
958 |
* Add-on signing certificate expiration |
|
959 |
* Service worker update issue |
|
960 |
* Build issue when jit is disabled |
|
961 |
* Limit Sync registration updates |
|
962 |
- removed now obsolete mozilla-jit_branch64.patch |
|
963 |
||
964 |
------------------------------------------------------------------- |
|
913 | 965 |
Tue May 3 15:47:18 UTC 2016 - normand@linux.vnet.ibm.com |
966 |
||
967 |
- add mozilla-jit_branch64.patch to avoid PowerPC build failure |
|
968 |
(from bmo#1266366) |
|
969 |
||
970 |
------------------------------------------------------------------- |
|
909 | 971 |
Wed Apr 27 08:39:28 UTC 2016 - badshah400@gmail.com |
972 |
||
973 |
- Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest |
|
974 |
version from Fedora). |
|
975 |
||
976 |
------------------------------------------------------------------- |
|
977 |
Wed Apr 27 06:09:30 UTC 2016 - wr@rosenauer.org |
|
978 |
||
979 |
- update to Firefox 46.0 (boo#977333) |
|
980 |
* Improved security of the JavaScript Just In Time (JIT) Compiler |
|
981 |
* WebRTC fixes to improve performance and stability |
|
982 |
* Added support for document.elementsFromPoint |
|
983 |
* Added HKDF support for Web Crypto API |
|
984 |
* requires NSPR 4.12 and NSS 3.22.3 |
|
985 |
* added patch to fix unchecked return value |
|
986 |
mozilla-check_return.patch |
|
987 |
* Gtk3 builds not supported at the moment |
|
988 |
security fixes: |
|
989 |
* MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807 |
|
913 | 990 |
(boo#977373, boo#977375, boo#977376) |
909 | 991 |
Miscellaneous memory safety hazards |
913 | 992 |
* MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377) |
909 | 993 |
Privilege escalation through file deletion by Maintenance Service updater |
994 |
(Windows only) |
|
913 | 995 |
* MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378) |
909 | 996 |
Content provider permission bypass allows malicious application |
997 |
to access data (Android only) |
|
913 | 998 |
* MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 |
999 |
(bmo#1252330, bmo#1261776, boo#977379) |
|
909 | 1000 |
Use-after-free and buffer overflow in Service Workers |
913 | 1001 |
* MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380) |
909 | 1002 |
Disclosure of user actions through JavaScript with motion and |
1003 |
orientation sensors (only affects mobile variants) |
|
913 | 1004 |
* MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381) |
909 | 1005 |
Buffer overflow in libstagefright with CENC offsets |
913 | 1006 |
* MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382) |
909 | 1007 |
CSP not applied to pages sent with multipart/x-mixed-replace |
913 | 1008 |
* MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384) |
909 | 1009 |
Elevation of privilege with chrome.tabs.update API in web extensions |
913 | 1010 |
* MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386) |
909 | 1011 |
Write to invalid HashMap entry through JavaScript.watch() |
913 | 1012 |
* MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388) |
909 | 1013 |
Firefox Health Reports could accept events from untrusted domains |
1014 |
||
1015 |
------------------------------------------------------------------- |
|
908
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
1016 |
Thu Apr 21 12:00:28 UTC 2016 - badshah400@gmail.com |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
1017 |
|
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
1018 |
- Update mozilla-gtk3_20.patch to fix scrollbar appearance under |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
1019 |
gtk >= 3.20 (patch synced to Fedora's version). |
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
1020 |
|
b29b47737173
sync from mozilla:Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents:
907
diff
changeset
|
1021 |
------------------------------------------------------------------- |
907 | 1022 |
Tue Apr 12 19:11:30 UTC 2016 - badshah400@gmail.com |
1023 |
||
1024 |
- Compile against gtk3 depending on whether the macro |
|
1025 |
%firefox_use_gtk3 is defined or not (e.g., at the prjconf |
|
1026 |
level); macro is undefined by default and so gtk2 is used as the |
|
1027 |
default toolkit. |
|
1028 |
- Add BuildRequires for additional packages needed when building |
|
1029 |
against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0), |
|
1030 |
pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0). |
|
1031 |
- Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20; |
|
1032 |
patch taken from Fedora (bmo#1230955). |
|
1033 |
||
1034 |
------------------------------------------------------------------- |
|
906 | 1035 |
Mon Apr 11 22:49:24 UTC 2016 - astieger@suse.com |
1036 |
||
1037 |
- Mozilla Firefox 45.0.2: |
|
1038 |
* Fix an issue impacting the cookie header when third-party |
|
1039 |
cookies are blocked (bmo#1257861) |
|
1040 |
* Fix a web compatibility regression impacting the srcset |
|
1041 |
attribute of the image tag (bmo#1259482) |
|
1042 |
* Fix a crash impacting the video playback with Media Source |
|
1043 |
Extension (bmo#1258562) |
|
1044 |
* Fix a regression impacting some specific uploads (bmo#1255735) |
|
1045 |
* Fix a regression with the copy and paste with some old versions |
|
1046 |
of some Gecko applications like Thunderbird (bmo#1254980) |
|
1047 |
||
1048 |
------------------------------------------------------------------- |
|
1049 |
Fri Mar 18 08:52:58 UTC 2016 - astieger@suse.com |
|
1050 |
||
1051 |
- Mozilla Firefox 45.0.1: |
|
1052 |
* Fix a regression causing search engine settings to be lost in |
|
1053 |
some context (bmo#1254694) |
|
1054 |
* Bring back non-standard jar: URIs to fix a regression in IBM |
|
1055 |
iNotes (bmo#1255139) |
|
1056 |
* XSLTProcessor.importStylesheet was failing when <import> was |
|
1057 |
used (bmo#1249572) |
|
1058 |
* Fix an issue which could cause the list of search provider to |
|
1059 |
be empty (bmo#1255605) |
|
1060 |
* Fix a regression when using the location bar (bmo#1254503) |
|
1061 |
* Fix some loading issues when Accept third-party cookies: was |
|
1062 |
set to Never (bmo#1254856) |
|
1063 |
* Disabled Graphite font shaping library |
|
1064 |
||
1065 |
------------------------------------------------------------------- |
|
904 | 1066 |
Sun Mar 6 19:52:13 UTC 2016 - wr@rosenauer.org |
1067 |
||
906 | 1068 |
- update to Firefox 45.0 (boo#969894) |
904 | 1069 |
* requires NSPR 4.12 / NSS 3.21.1 |
1070 |
* Instant browser tab sharing through Hello |
|
1071 |
* Synced Tabs button in button bar |
|
1072 |
* Tabs synced via Firefox Accounts from other devices are now shown |
|
1073 |
in dropdown area of Awesome Bar when searching |
|
1074 |
* Introduce a new preference (network.dns.blockDotOnion) to allow |
|
1075 |
blocking .onion at the DNS level |
|
1076 |
* Tab Groups (Panorama) feature removed |
|
906 | 1077 |
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 |
1078 |
Miscellaneous memory safety hazards |
|
1079 |
* MFSA 2016-17/CVE-2016-1954 (bmo#1243178) |
|
1080 |
Local file overwriting and potential privilege escalation through |
|
1081 |
CSP reports |
|
1082 |
* MFSA 2016-18/CVE-2016-1955 (bmo#1208946) |
|
1083 |
CSP reports fail to strip location information for embedded iframe pages |
|
1084 |
* MFSA 2016-19/CVE-2016-1956 (bmo#1199923) |
|
1085 |
Linux video memory DOS with Intel drivers |
|
1086 |
* MFSA 2016-20/CVE-2016-1957 (bmo#1227052) |
|
1087 |
Memory leak in libstagefright when deleting an array during MP4 |
|
1088 |
processing |
|
1089 |
* MFSA 2016-21/CVE-2016-1958 (bmo#1228754) |
|
1090 |
Displayed page address can be overridden |
|