Mercurial Mercurial > hg > mozilla / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
xulrunner/xulrunner.changes
changeset 879 3b986c9dbc5f
parent 670 0b1f7ee785d3
equal deleted inserted replaced
867:3af93b7e5e3d 879:3b986c9dbc5f 
       
     1 -------------------------------------------------------------------
 
       
     2 Mon Aug 10 16:40:17 UTC 2015 - wr@rosenauer.org
 
       
     3 
       
     4 - update to xulrunner 38.2.0esr (bnc#940806)
 
       
     5   * MFSA 2015-79/CVE-2015-4473
 
       
     6     Miscellaneous memory safety hazards
 
       
     7   * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
 
       
     8     Out-of-bounds read with malformed MP3 file
 
       
     9   * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
 
       
    10     Redefinition of non-configurable JavaScript object properties
 
       
    11   * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
 
       
    12     Overflow issues in libstagefright
 
       
    13   * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
 
       
    14     Arbitrary file overwriting through Mozilla Maintenance Service
 
       
    15     with hard links (only affected Windows)
 
       
    16   * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
 
       
    17     Out-of-bounds write with Updater and malicious MAR file
 
       
    18     (does not affect openSUSE RPM packages which do not ship the
 
       
    19      updater)
 
       
    20   * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
 
       
    21     Crash when using shared memory in JavaScript
 
       
    22   * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
 
       
    23     Heap overflow in gdk-pixbuf when scaling bitmap images
 
       
    24   * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
 
       
    25     Buffer overflows on Libvpx when decoding WebM video
 
       
    26   * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
 
       
    27     Vulnerabilities found through code inspection
 
       
    28   * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
 
       
    29     Use-after-free in XMLHttpRequest with shared workers
 
       
    30 - rebased all patches
 
       
    31 - dropped obsolete patches:
 
       
    32   * mozilla-sle11.patch
 
       
    33   * mozilla-ppc.patch
 
       
    34   * mozilla-nullptr-gcc45.patch
 
       
    35   * mozilla-libproxy-compat.patch
 
       
    36   * mozilla-fix-compilation-gcc5-bmo-1021171.patch
 
       
    37   * mozilla-fix-compilation-gcc5-bmo-1153109.patch
 
       
    38   * mozilla-aarch64-bmo-810631.patch
 
       
    39 - added platform specific patches from Firefox package:
 
       
    40   * mozilla-skia-be-le.patch
 
       
    41   * mozilla-bmo1005535.patch
 
       
    42   * mozilla-add-glibcxx_use_cxx11_abi.patch
 
       
    43   * mozilla-arm64-libjpeg-turbo.patch
 
       
    44   * mozilla-shared-nss-db.patch
 
       
    45 
       
    46 -------------------------------------------------------------------
 
       
    47 Sat Jun 27 15:26:00 UTC 2015 - wr@rosenauer.org
 
       
    48 
       
    49 - update to 31.8.0 (bnc#935979)
 
       
    50   * MFSA 2015-59/CVE-2015-2724
 
       
    51     Miscellaneous memory safety hazards
 
       
    52   * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
 
       
    53     Type confusion in Indexed Database Manager
 
       
    54   * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
 
       
    55     ECDSA signature validation fails to handle some signatures correctly
 
       
    56     (this fix is shipped by NSS 3.19.1 externally)
 
       
    57   * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
 
       
    58     Use-after-free in workers while using XMLHttpRequest
 
       
    59   * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
 
       
    60     CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
 
       
    61     Vulnerabilities found through code inspection
 
       
    62   * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
 
       
    63     Privilege escalation in PDF.js
 
       
    64   * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
 
       
    65     NSS accepts export-length DHE keys with regular DHE cipher suites
 
       
    66     (this fix is shipped by NSS 3.19.1 externally)
 
       
    67   * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
 
       
    68     NSS incorrectly permits skipping of ServerKeyExchange
 
       
    69     (this fix is shipped by NSS 3.19.1 externally)
 
       
    70 - requires NSS 3.19.2
 
       
    71 
       
    72 --------------------------------------------------------------------
 
       
    73 Sun Jun 21 09:39:51 UTC 2015 - antoine.belvire@laposte.net
 
       
    74 
       
    75 - Fix compilation with GCC5 (bmo#1153109, bmo#1021171)
 
       
    76   * add mozilla-fix-compilation-gcc5-bmo-1153109.patch
 
       
    77   * add mozilla-fix-compilation-gcc5-bmo-1021171.patch
 
       
    78 
       
    79 -------------------------------------------------------------------
 
       
    80 Wed May  6 07:49:53 UTC 2015 - wr@rosenauer.org
 
       
    81 
       
    82 - update to 31.7.0 (bnc#930622)
 
       
    83   * MFSA 2015-46/CVE-2015-2708
 
       
    84     Miscellaneous memory safety hazards
 
       
    85   * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
 
       
    86     Buffer overflow parsing H.264 video with Linux Gstreamer
 
       
    87   * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
 
       
    88     Buffer overflow with SVG content and CSS
 
       
    89   * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
 
       
    90     Use-after-free during text processing with vertical text enabled
 
       
    91   * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
 
       
    92     Buffer overflow when parsing compressed XML
 
       
    93   * MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
 
       
    94     Privilege escalation through IPC channel messages
 
       
    95 - strip baselibs.conf to reflect the current set of packages
 
       
    96 
       
    97 -------------------------------------------------------------------
 
       
    98 Mon Mar 30 07:56:19 UTC 2015 - wr@rosenauer.org
 
       
    99 
       
   100 - update to 31.6.0 (bnc#925368)
 
       
   101   * MFSA 2015-30/CVE-2015-0815
 
       
   102     Miscellaneous memory safety hazards
 
       
   103   * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
 
       
   104     Use-after-free when using the Fluendo MP3 GStreamer plugin
 
       
   105   * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
 
       
   106     resource:// documents can load privileged pages
 
       
   107   * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
 
       
   108     CORS requests should not follow 30x redirections after preflight
 
       
   109   * MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
 
       
   110     Same-origin bypass through anchor navigation
 
       
   111 
       
   112 -------------------------------------------------------------------
 
       
   113 Thu Feb 19 22:56:55 UTC 2015 - wr@rosenauer.org
 
       
   114 
       
   115 - update to 31.5.0 (bnc#917597)
 
       
   116   * MFSA 2015-11/CVE-2015-0836
 
       
   117     Miscellaneous memory safety hazards
 
       
   118   * MFSA 2015-12/CVE-2015-0833 (bmo#945192)
 
       
   119     Invoking Mozilla updater will load locally stored DLL files
 
       
   120     (Windows only)
 
       
   121   * MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
 
       
   122     Use-after-free in IndexedDB
 
       
   123   * MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
 
       
   124     Out-of-bounds read and write while rendering SVG content
 
       
   125   * MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
 
       
   126     Reading of local files through manipulation of form autocomplete
 
       
   127 
       
   128 -------------------------------------------------------------------
 
       
   129 Sat Jan 10 17:33:51 UTC 2015 - wr@rosenauer.org
 
       
   130 
       
   131 - update to 31.4.0 (bnc#910669)
 
       
   132   * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
 
       
   133     Miscellaneous memory safety hazards
 
       
   134   * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
 
       
   135     sendBeacon requests lack an Origin header
 
       
   136   * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
 
       
   137     Cookie injection through Proxy Authenticate responses
 
       
   138   * MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
 
       
   139     Read-after-free in WebRTC
 
       
   140 
       
   141 -------------------------------------------------------------------
 
       
   142 Wed Dec 31 16:01:40 UTC 2014 - dimstar@opensuse.org
 
       
   143 
       
   144 - Do not require mozilla-js-32bit from xulrunner-32bit: since we
 
       
   145   have shared_js currently set to 0, mozilla-js(-32bit) is not
 
       
   146   being built.
 
       
   147 
       
   148 -------------------------------------------------------------------
 
       
   149 Sun Nov 30 12:15:59 UTC 2014 - wr@rosenauer.org
 
       
   150 
       
   151 - update to 31.3.0 (bnc#908009)
 
       
   152   * MFSA 2014-83/CVE-2014-1587
 
       
   153     Miscellaneous memory safety hazards
 
       
   154   * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
 
       
   155     XMLHttpRequest crashes with some input streams
 
       
   156   * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
 
       
   157     Use-after-free during HTML5 parsing
 
       
   158   * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
 
       
   159     Buffer overflow while parsing media content
 
       
   160   * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
 
       
   161     Bad casting from the BasicThebesLayer to BasicContainerLayer
 
       
   162 - readded mozilla-pkgconfig.patch
 
       
   163 
       
   164 -------------------------------------------------------------------
 
       
   165 Thu Nov 13 08:37:50 UTC 2014 - guillaume@opensuse.org
 
       
   166 
       
   167 - Fix %arm build (fix CFLAGS)
 
       
   168 - Disable elf-hack for aarch64
 
       
   169 
       
   170 -------------------------------------------------------------------
 
       
   171 Sat Nov  1 13:08:20 UTC 2014 - wr@rosenauer.org
 
       
   172 
       
   173 - update to 31.2.0
 
       
   174 - synchronize patchset with firefox-esr
 
       
   175 - removed add-plugins.sh in favor of using a pref to use myspell
 
       
   176 
     1 -------------------------------------------------------------------
 
   177 -------------------------------------------------------------------
 
     2 Wed Sep 18 14:39:34 UTC 2013 - wr@rosenauer.org
 
   178 Wed Sep 18 14:39:34 UTC 2013 - wr@rosenauer.org
 
     3 
   179 
     4 - update to 24.0 (bnc#840485)
 
   180 - update to 24.0 (bnc#840485)
 
     5   * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
 
   181   * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
mozilla