|
1 ------------------------------------------------------------------- |
|
2 Thu Sep 30 10:23:09 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
3 |
|
4 - allow to override wayland detection by defining MOZ_ENABLE_WAYLAND |
|
5 explicitely as 0 or 1 |
|
6 - fix aarch64 build by updating constraints |
|
7 - add mozilla-bmo1725828.patch to fix widevine (bsc#1190842) |
|
8 |
|
9 ------------------------------------------------------------------- |
|
10 Sat Sep 25 10:10:56 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> |
|
11 |
|
12 - Mozilla Firefox 92.0.1 |
|
13 * Fixed: Fixes an issue where audio playback was not working on |
|
14 some Linux systems (bmo#1730499) |
|
15 * Fixed: Fixes issues with the findbar close button on |
|
16 different operating systems (bmo#1728368) |
|
17 |
|
18 ------------------------------------------------------------------- |
|
19 Mon Sep 6 10:16:28 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
20 |
|
21 - Mozilla Firefox 92.0 |
|
22 * More secure connections: Firefox can now automatically upgrade to |
|
23 HTTPS using HTTPS RR as Alt-Svc headers |
|
24 * Full-range color levels are now supported for video playback on |
|
25 many systems |
|
26 MFSA 2021-38 (bsc#1190269) |
|
27 * CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240, |
|
28 bmo#1712242, bmo#1729259) |
|
29 Handling custom intents could lead to crashes and UI spoofs |
|
30 * CVE-2021-38491 (bmo#1551886) |
|
31 Mixed-Content-Blocking was unable to check opaque origins |
|
32 * CVE-2021-38492 (bmo#1721107) |
|
33 Navigating to `mk:` URL scheme could load Internet Explorer |
|
34 * CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107) |
|
35 Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and |
|
36 Firefox ESR 91.1 |
|
37 * CVE-2021-38494 (bmo#1723920, bmo#1725638) |
|
38 Memory safety bugs fixed in Firefox 92 |
|
39 - updated appdata |
|
40 - remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch |
|
41 (does not apply anymore; unclear if obsolete) |
|
42 - bring back mozilla-silence-no-return-type.patch and |
|
43 run post-build-checks everywhere again |
|
44 - requires NSS 3.69.1 |
|
45 |
|
46 ------------------------------------------------------------------- |
|
47 Tue Aug 31 00:33:39 UTC 2021 - Atri Bhattacharya <badshah400@gmail.com> |
|
48 |
|
49 - Add mozilla-bmo1708709.patch: On [wayland] popup can be wrongly |
|
50 repositioned due to rounding errors when font scaling != 1 |
|
51 (bmo#1708709); patch taken from upstream bug report and rebased |
|
52 to apply cleanly against current version. |
|
53 |
|
54 ------------------------------------------------------------------- |
|
55 Sun Aug 29 14:45:29 UTC 2021 - Martin Liška <mliska@suse.cz> |
|
56 |
|
57 - Bump using with GCC (tested locally). |
|
58 |
|
59 ------------------------------------------------------------------- |
|
60 Fri Aug 27 22:47:48 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> |
|
61 |
|
62 - Mozilla Firefox 91.0.2: |
|
63 * Fixed: Firefox no longer clears authentication data when |
|
64 purging trackers, to avoid repeatedly prompting for a |
|
65 password (bmo#1721084) |
|
66 |
|
67 ------------------------------------------------------------------- |
|
68 Wed Aug 18 06:34:01 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
69 |
|
70 - Mozilla Firefox 91.0.1 |
|
71 * Fixed an issue causing buttons on the tab bar to be resized when |
|
72 loading certain websites (bmo#1704404) |
|
73 * Fixed an issue which caused tabs from private windows to be |
|
74 visible in non-private windows when viewing switch-to-tab results |
|
75 in the address bar panel (bmo#1720369) |
|
76 * Various stability fixes |
|
77 MFSA 2021-37 (bsc#1189547) |
|
78 * CVE-2021-29991 (bmo#1724896) |
|
79 Header Splitting possible with HTTP/3 Responses |
|
80 |
|
81 ------------------------------------------------------------------- |
|
82 Mon Aug 9 14:55:22 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
83 |
|
84 - Mozilla Firefox 91.0 |
|
85 MFSA 2021-33 (bsc#1188891) |
|
86 * CVE-2021-29986 (bmo#1696138) |
|
87 Race condition when resolving DNS names could have led to |
|
88 memory corruption |
|
89 * CVE-2021-29981 (bmo#1707774) |
|
90 Live range splitting could have led to conflicting |
|
91 assignments in the JIT |
|
92 * CVE-2021-29988 (bmo#1717922) |
|
93 Memory corruption as a result of incorrect style treatment |
|
94 * CVE-2021-29983 (bmo#1719088) |
|
95 Firefox for Android could get stuck in fullscreen mode |
|
96 * CVE-2021-29984 (bmo#1720031) |
|
97 Incorrect instruction reordering during JIT optimization |
|
98 * CVE-2021-29980 (bmo#1722204) |
|
99 Uninitialized memory in a canvas object could have led to |
|
100 memory corruption |
|
101 * CVE-2021-29987 (bmo#1716129) |
|
102 Users could have been tricked into accepting unwanted |
|
103 permissions on Linux |
|
104 * CVE-2021-29985 (bmo#1722083) |
|
105 Use-after-free media channels |
|
106 * CVE-2021-29982 (bmo#1715318) |
|
107 Single bit data leak due to incorrect JIT optimization and |
|
108 type confusion |
|
109 * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178, |
|
110 bmo#1719998, bmo#1720568) |
|
111 Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13 |
|
112 * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778, |
|
113 bmo#1719319, bmo#1722073) |
|
114 Memory safety bugs fixed in Firefox 91 |
|
115 - requires |
|
116 * rustc/cargo >= 1.51 |
|
117 * NSPR >= 4.32 |
|
118 * NSS >= 3.68 |
|
119 - force-disable webrender on BE platforms |
|
120 |
|
121 ------------------------------------------------------------------- |
|
122 Sat Jul 24 07:15:54 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> |
|
123 |
|
124 - Mozilla Firefox 90.0.2: |
|
125 * Changed: Updates to support DoH Canada rollout (bmo#1713036) |
|
126 * Fixed: Fixed truncated output when printing (bmo#1720621) |
|
127 * Fixed: Fixed menu styling on some Gtk themes (bmo#1720441, |
|
128 bmo#1720874) |
|
129 |
|
130 ------------------------------------------------------------------- |
|
131 Mon Jul 19 20:08:56 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> |
|
132 |
|
133 - Mozilla Firefox 90.0.1 (boo#1188480): |
|
134 * Fixed: Fixed busy looping processing some HTTP3 responses |
|
135 (bmo#1720079) |
|
136 * Fixed: Fixed transient errors authenticating with some smart |
|
137 cards (bmo#1715325) |
|
138 * Fixed: Fixed a rare crash on shutdown (bmo#1707057) |
|
139 * Fixed: Fixed a race on startup that caused about:support to |
|
140 end up empty after upgrade (bmo#1717894, boo#1188330) |
|
141 |
|
142 ------------------------------------------------------------------- |
|
143 Sun Jul 11 08:53:02 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
144 |
|
145 - Mozilla Firefox 90.0 |
|
146 MFSA 2021-28 (bsc#1188275) |
|
147 * CVE-2021-29970 (bmo#1709976) |
|
148 Use-after-free in accessibility features of a document |
|
149 * CVE-2021-29971 (bmo#1713638) |
|
150 Granted permissions only compared host; omitting scheme and |
|
151 port on Android |
|
152 * CVE-2021-30547 (bmo#1715766) |
|
153 Out of bounds write in ANGLE |
|
154 * CVE-2021-29972 (bmo#1696816) |
|
155 Use of out-of-date library included use-after-free |
|
156 vulnerability |
|
157 * CVE-2021-29973 (bmo#1701932) |
|
158 Password autofill on HTTP websites was enabled without user |
|
159 interaction on Android |
|
160 * CVE-2021-29974 (bmo#1704843) |
|
161 HSTS errors could be overridden when network partitioning was |
|
162 enabled |
|
163 * CVE-2021-29975 (bmo#1713259) |
|
164 Text message could be overlaid on top of another website |
|
165 * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910, |
|
166 bmo#1711576, bmo#1714391) |
|
167 Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 |
|
168 * CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316, |
|
169 bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357, |
|
170 bmo#1714066) |
|
171 Memory safety bugs fixed in Firefox 90 |
|
172 - requires |
|
173 NSPR 4.31 |
|
174 NSS 3.66 |
|
175 - Gtk2 support removed (was only for Flash plugin before) |
|
176 |
|
177 ------------------------------------------------------------------- |
|
178 Wed Jun 23 16:54:20 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> |
|
179 |
|
180 - Mozilla Firefox 89.0.2 (boo#1187648): |
|
181 * Fix occasional hangs with Software WebRender on Linux (bmo#1708224) |
|
182 |
|
183 ------------------------------------------------------------------- |
|
184 Sat Jun 19 09:00:20 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> |
|
185 |
|
186 - Mozilla Firefox 89.0.1 (boo#1187475): |
|
187 * Updated translations, including full Spanish (Mexico) |
|
188 localization and other improvements (bmo#1714946) |
|
189 * Fix various font related regressions (bmo#1694174) |
|
190 * Linux: Fix performance and stability regressions with |
|
191 WebRender (bmo#1715895, bmo#1715902) |
|
192 * Enterprise: Fix for the `DisableDeveloperTools` policy not |
|
193 having effect anymore (bmo#1715777) |
|
194 * Linux: Fix broken scrollbars on some GTK themes (bmo#1714103) |
|
195 * Various stability fixes |
|
196 |
|
197 ------------------------------------------------------------------- |
|
198 Sat May 29 20:55:56 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
199 |
|
200 - Mozilla Firefox 89.0 |
|
201 * UI redesign |
|
202 * The Event Timing API is now supported |
|
203 * The CSS forced-colors media query is now supported |
|
204 MFSA 2021-23 (bsc#1186696) |
|
205 * CVE-2021-29965 (bmo#1709257) |
|
206 Password Manager on Firefox for Android susceptible to domain |
|
207 spoofing |
|
208 * CVE-2021-29960 (bmo#1675965) |
|
209 Filenames printed from private browsing mode incorrectly |
|
210 retained in preferences |
|
211 * CVE-2021-29961 (bmo#1700235) |
|
212 Firefox UI spoof using `<select>` elements and CSS scaling |
|
213 * CVE-2021-29963 (bmo#1705068) |
|
214 Shared cookies for search suggestions in private browsing mode |
|
215 * CVE-2021-29964 (bmo#1706501) |
|
216 Out of bounds-read when parsing a `WM_COPYDATA` message |
|
217 * CVE-2021-29959 (bmo#1395819) |
|
218 Devices could be re-enabled without additional permission prompt |
|
219 * CVE-2021-29962 (bmo#1701673) |
|
220 No rate-limiting for popups on Firefox for Android |
|
221 * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760, |
|
222 bmo#1704722, bmo#1706041) |
|
223 Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 |
|
224 * CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124) |
|
225 Memory safety bugs fixed in Firefox 89 |
|
226 - require |
|
227 NSS >= 3.64 |
|
228 rust-cbindgen >= 0.19.0 |
|
229 - do not rely on nodejs10 packagename anymore |
|
230 - updated mozilla.keyring |
|
231 - switched TW/x86_64 to clang as the last platform due to |
|
232 https://bugs.gentoo.org/792705 |
|
233 - but LTO with clang is broken in TW so disable LTO for it |
|
234 https://bugs.llvm.org/show_bug.cgi?id=47872 |
|
235 |
|
236 ------------------------------------------------------------------- |
|
237 Thu May 6 13:40:10 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
238 |
|
239 - Relax RAM and disk constraints for aarch64 |
|
240 |
|
241 ------------------------------------------------------------------- |
|
242 Wed May 5 15:13:20 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> |
|
243 |
|
244 - Mozilla Firefox 88.0.1 |
|
245 * Fixed: Resolved an issue caused by a recent Widevine plugin |
|
246 update which prevented some purchased video content from |
|
247 playing correctly (bmo#1705138) |
|
248 * Fixed: Fixed corruption of videos playing on Twitter or |
|
249 WebRTC calls on some Gen6 Intel graphics chipsets |
|
250 (bmo#1708937) |
|
251 * Fixed: Fixed menulists in Preferences being unreadable for |
|
252 users with High Contrast Mode enabled (bmo#1706496) |
|
253 MFSA 2021-20 (bsc#1185633) |
|
254 * CVE-2021-29952 (bmo#1704227) |
|
255 Race condition in Web Render Components |
|
256 - devel package: move macros to /usr/lib/rpm/macros.d (boo#1185658) |
|
257 |
|
258 ------------------------------------------------------------------- |
|
259 Sun May 2 12:03:26 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
260 |
|
261 - add compatibility for libavcodec58_134 |
|
262 |
|
263 ------------------------------------------------------------------- |
|
264 Sun Apr 18 09:01:32 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
265 |
|
266 - Mozilla Firefox 88.0 |
|
267 * New: PDF forms now support JavaScript embedded in PDF files. |
|
268 Some PDF forms use JavaScript for validation and other |
|
269 interactive features |
|
270 * New: Print updates: Margin units are now localized |
|
271 * New: Smooth pinch-zooming using a touchpad is now supported |
|
272 on Linux |
|
273 * New: To protect against cross-site privacy leaks, Firefox now |
|
274 isolates window.name data to the website that created it. |
|
275 Learn more |
|
276 * Changed: Firefox will not prompt for access to your |
|
277 microphone or camera if you’ve already granted access to the |
|
278 same device on the same site in the same tab within the past |
|
279 50 seconds. This new grace period reduces the number of times |
|
280 you’re prompted to grant device access |
|
281 * Changed: The ‘Take a Screenshot’ feature was removed from the |
|
282 Page Actions menu in the url bar. To take a screenshot, |
|
283 right-click to open the context menu. You can also add a |
|
284 screenshots shortcut directly to your toolbar via the |
|
285 Customize menu. Open the Firefox menu and select Customize… |
|
286 * Changed: FTP support has been disabled, and its full removal |
|
287 is planned for an upcoming release. Addressing this security |
|
288 risk reduces the likelihood of an attack while also removing |
|
289 support for a non-encrypted protocol |
|
290 * Developer: Introduced a new toggle button in the Network |
|
291 panel for switching between JSON formatted HTTP response and |
|
292 raw data (as received over the wire). |
|
293 !enter image description here |
|
294 * Enterprise: Various bug fixes and new policies have been |
|
295 implemented in the latest version of Firefox. You can see |
|
296 more details in the Firefox for Enterprise 88 Release Notes. |
|
297 * Fixed: Screen readers no longer incorrectly read content that |
|
298 websites have visually hidden, as in the case of articles in |
|
299 the Google Help panel |
|
300 MFSA 2021-16 (bsc#1184960) |
|
301 * CVE-2021-23994 (bmo#1699077) |
|
302 Out of bound write due to lazy initialization |
|
303 * CVE-2021-23995 (bmo#1699835) |
|
304 Use-after-free in Responsive Design Mode |
|
305 * CVE-2021-23996 (bmo#1701834) |
|
306 Content rendered outside of webpage viewport |
|
307 * CVE-2021-23997 (bmo#1701942) |
|
308 Use-after-free when freeing fonts from cache |
|
309 * CVE-2021-23998 (bmo#1667456) |
|
310 Secure Lock icon could have been spoofed |
|
311 * CVE-2021-23999 (bmo#1691153) |
|
312 Blob URLs may have been granted additional privileges |
|
313 * CVE-2021-24000 (bmo#1694698) |
|
314 requestPointerLock() could be applied to a tab different from |
|
315 the visible tab |
|
316 * CVE-2021-24001 (bmo#1694727) |
|
317 Testing code could have enabled session history manipulations |
|
318 by a compromised content process |
|
319 * CVE-2021-24002 (bmo#1702374) |
|
320 Arbitrary FTP command execution on FTP servers using an |
|
321 encoded URL |
|
322 * CVE-2021-29945 (bmo#1700690) |
|
323 Incorrect size computation in WebAssembly JIT could lead to |
|
324 null-reads |
|
325 * CVE-2021-29944 (bmo#1697604) |
|
326 HTML injection vulnerability in Firefox for Android's Reader View |
|
327 * CVE-2021-29946 (bmo#1698503) |
|
328 Port blocking could be bypassed |
|
329 * CVE-2021-29947 (bmo#1651449, bmo#1674142, bmo#1693476, |
|
330 bmo#1696886, bmo#1700091) |
|
331 Memory safety bugs fixed in Firefox 88 |
|
332 - requires |
|
333 * NSPR 4.30 |
|
334 * NSS 3.63.1 |
|
335 - align wayland support logic |
|
336 |
|
337 ------------------------------------------------------------------- |
|
338 Sat Mar 27 10:40:46 UTC 2021 - Manfred Hollstein <manfred.h@gmx.net> |
|
339 |
|
340 - Switch to clang_build globally; just on TW/x86_64 it does not work |
|
341 due to unreolved externals `__rust_probestack' - disable clang_build |
|
342 then. |
|
343 - useccache: Add conditionals to enable/disable ccache. |
|
344 |
|
345 ------------------------------------------------------------------- |
|
346 Tue Mar 23 16:42:19 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
347 |
|
348 - Mozilla Firefox 87.0 |
|
349 * requires NSS 3.62 |
|
350 * removed obsolete BigEndian ICU build workaround |
|
351 * rebased patches |
|
352 MFSA 2021-10 (bsc#1183942) |
|
353 * CVE-2021-23981 (bmo#1692832) |
|
354 Texture upload into an unbound backing buffer resulted in an |
|
355 out-of-bound read |
|
356 * CVE-2021-23982 (bmo#1677046) |
|
357 Internal network hosts could have been probed by a malicious |
|
358 webpage |
|
359 * CVE-2021-23983 (bmo#1692684) |
|
360 Transitions for invalid ::marker properties resulted in memory |
|
361 corruption |
|
362 * CVE-2021-23984 (bmo#1693664) |
|
363 Malicious extensions could have spoofed popup information |
|
364 * CVE-2021-23985 (bmo#1659129) |
|
365 Devtools remote debugging feature could have been enabled |
|
366 without indication to the user |
|
367 * CVE-2021-23986 (bmo#1692623) |
|
368 A malicious extension could have performed credential-less |
|
369 same origin policy violations |
|
370 * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, |
|
371 bmo#1690718) |
|
372 Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 |
|
373 * CVE-2021-23988 (bmo#1684994, bmo#1686653) |
|
374 Memory safety bugs fixed in Firefox 87 |
|
375 |
|
376 ------------------------------------------------------------------- |
|
377 Tue Mar 16 14:26:35 UTC 2021 - Martin Liška <mliska@suse.cz> |
|
378 |
|
379 - Set memory limits for DWZ to 4x. |
|
380 |
|
381 ------------------------------------------------------------------- |
|
382 Sat Mar 13 08:23:06 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> |
|
383 |
|
384 - Mozilla Firefox 86.0.1 |
|
385 * Fixed: Fixed an issue on Apple Silicon machines that caused |
|
386 Firefox to be unresponsive after system sleep (bmo#1682713) |
|
387 * Fixed: Fixed an issue causing windows to gain or lose focus |
|
388 unexpectedly (bmo#1694927) |
|
389 * Fixed: Fixed truncation of date and time widgets due to |
|
390 incorrect width calculation (bmo#1695578) |
|
391 * Fixed: Fixed an issue causing unexpected behavior with |
|
392 extensions managing tab groups (bmo#1694699) |
|
393 * Fixed: Fixed a frequent Linux crash on browser launch |
|
394 (bmo#1694670) |
|
395 |
|
396 ------------------------------------------------------------------- |
|
397 Sun Feb 21 18:14:12 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
398 |
|
399 - Mozilla Firefox 86.0 |
|
400 * requires NSS >= 3.61 |
|
401 * requires rust-cbindgen >= 0.16.0 |
|
402 * Firefox now supports simultaneously watching multiple videos in |
|
403 Picture-in-Picture. |
|
404 * Total Cookie Protection to Strict Mode |
|
405 * https://www.mozilla.org/en-US/firefox/86.0/releasenotes |
|
406 MSFA 2021-07 (bsc#1182614) |
|
407 * CVE-2021-23969 (bmo#1542194) |
|
408 Content Security Policy violation report could have contained |
|
409 the destination of a redirect |
|
410 * CVE-2021-23970 (bmo#1681724) |
|
411 Multithreaded WASM triggered assertions validating separation |
|
412 of script domains |
|
413 * CVE-2021-23968 (bmo#1687342) |
|
414 Content Security Policy violation report could have contained |
|
415 the destination of a redirect |
|
416 * CVE-2021-23974 (bmo#1528997, bmo#1683627) |
|
417 noscript elements could have led to an HTML Sanitizer bypass |
|
418 * CVE-2021-23971 (bmo#1678545) |
|
419 A website's Referrer-Policy could have been be overridden, |
|
420 potentially resulting in the full URL being sent as a Referrer |
|
421 * CVE-2021-23976 (bmo#1684627) |
|
422 Local spoofing of web manifests for arbitrary pages in |
|
423 Firefox for Android |
|
424 * CVE-2021-23977 (bmo#1684761) |
|
425 Malicious application could read sensitive data from Firefox |
|
426 for Android's application directories |
|
427 * CVE-2021-23972 (bmo#1683536) |
|
428 HTTP Auth phishing warning was omitted when a redirect is |
|
429 cached |
|
430 * CVE-2021-23975 (bmo#1685145) |
|
431 about:memory Measure function caused an incorrect pointer |
|
432 operation |
|
433 * CVE-2021-23973 (bmo#1690976) |
|
434 MediaError message property could have leaked information |
|
435 about cross-origin resources |
|
436 * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797) |
|
437 Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 |
|
438 * CVE-2021-23979 (bmo#1663222, bmo#1666607, bmo#1672120, bmo#1678463, |
|
439 bmo#1678927, bmo#1679560, bmo#1681297, bmo#1681684, bmo#1683490, |
|
440 bmo#1684377, bmo#1684902) |
|
441 Memory safety bugs fixed in Firefox 86 |
|
442 - updated create-tar.sh (bsc#1182357) |
|
443 - removed obsolete mozilla-bmo1554971.patch |
|
444 - remove buildsymbols subpackage |
|
445 * we haven't done anything with it for years |
|
446 * mozilla is collecting those from our debuginfo packages |
|
447 * would require a local dump_syms tool |
|
448 |
|
449 ------------------------------------------------------------------- |
|
450 Wed Feb 17 18:40:41 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> |
|
451 |
|
452 - Mozilla Firefox 85.0.2 |
|
453 * Fixed: Fixed a deadlock during startup (bmo#1679933) |
|
454 |
|
455 ------------------------------------------------------------------- |
|
456 Wed Feb 17 11:19:01 UTC 2021 - Michel Normand <normand@linux.vnet.ibm.com> |
|
457 |
|
458 - Use %limit_build macros for PowerPC to avoid oom build failure |
|
459 |
|
460 ------------------------------------------------------------------- |
|
461 Tue Feb 9 09:05:26 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> |
|
462 |
|
463 - Mozilla Firefox 85.0.1 |
|
464 MFSA 2021-06 (bsc#1181848) |
|
465 * MOZ-2021-0001 (bmo#1676636) |
|
466 Buffer overflow in depth pitch calculations for compressed |
|
467 textures |
|
468 * Fixed: Avoid printing an extra blank page at the end of some |
|
469 documents (bmo#1689789). |
|
470 * Fixed: Fixed a browser crash in case of unexpected Cache API |
|
471 state (bmo#1684838). |
|
472 |
|
473 ------------------------------------------------------------------- |
|
474 Sun Jan 24 11:53:58 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
475 |
|
476 - Mozilla Firefox 85.0 |
|
477 * Adobe Flash is completely history |
|
478 * supercookie protection |
|
479 * new bookmark handling and features |
|
480 MFSA 2021-03 (bsc#1181414) |
|
481 * CVE-2021-23953 (bmo#1683940) |
|
482 Cross-origin information leakage via redirected PDF requests |
|
483 * CVE-2021-23954 (bmo#1684020) |
|
484 Type confusion when using logical assignment operators in |
|
485 JavaScript switch statements |
|
486 * CVE-2021-23955 (bmo#1684837) |
|
487 Clickjacking across tabs through misusing requestPointerLock |
|
488 * CVE-2021-23956 (bmo#1338637) |
|
489 File picker dialog could have been used to disclose a |
|
490 complete directory |
|
491 * CVE-2021-23957 (bmo#1584582) |
|
492 Iframe sandbox could have been bypassed on Android via the |
|
493 intent URL scheme |
|
494 * CVE-2021-23958 (bmo#1642747) |
|
495 Screen sharing permission leaked across tabs |
|
496 * CVE-2021-23959 (bmo#1659035) |
|
497 Cross-Site Scripting in error pages on Firefox for Android |
|
498 * CVE-2021-23960 (bmo#1675755) |
|
499 Use-after-poison for incorrectly redeclared JavaScript |
|
500 variables during GC |
|
501 * CVE-2021-23961 (bmo#1677940) |
|
502 More internal network hosts could have been probed by a |
|
503 malicious webpage |
|
504 * CVE-2021-23962 (bmo#1677194) |
|
505 Use-after-poison in |
|
506 <code>nsTreeBodyFrame::RowCountChanged</code> |
|
507 * CVE-2021-23963 (bmo#1680793) |
|
508 Permission prompt inaccessible after asking for additional |
|
509 permissions |
|
510 * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526, bmo#1674278, |
|
511 bmo#1674835, bmo#1675097, bmo#1675844, bmo#1675868, bmo#1677590, |
|
512 bmo#1677888, bmo#1680410, bmo#1681268, bmo#1682068, bmo#1682938, |
|
513 bmo#1683736, bmo#1685260, bmo#1685925) |
|
514 Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 |
|
515 * CVE-2021-23965 (bmo#1670378, bmo#1673555, bmo#1676812, bmo#1678582, |
|
516 bmo#1684497) |
|
517 Memory safety bugs fixed in Firefox 85 |
|
518 - requires NSS 3.60.1 |
|
519 - requires rust 1.47 |
|
520 - remove obsolete mozilla-pipewire-0-3.patch |
|
521 |
|
522 ------------------------------------------------------------------- |
|
523 Mon Jan 11 18:02:01 UTC 2021 - Matthias Mailänder <mailaender@opensuse.org> |
|
524 |
|
525 - Fix AppStream screenshot links |
|
526 |
|
527 ------------------------------------------------------------------- |
|
528 Thu Jan 7 17:11:43 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de> |
|
529 |
|
530 - Mozilla Firefox 84.0.2 |
|
531 MFSA 2021-01 (bsc#1180623) |
|
532 * CVE-2020-16044 (bmo#1683964) |
|
533 Use-after-free write when handling a malicious COOKIE-ECHO |
|
534 SCTP chunk |
|
535 |
|
536 ------------------------------------------------------------------- |
|
537 Sun Dec 27 09:52:50 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
538 |
|
539 - Mozilla Firefox 84.0.1 |
|
540 * Fixed problems loading secure websites and crashes for users |
|
541 with certain third-party PKCS11 modules and smartcards installed |
|
542 (bmo#1682881) (fixed in NSS 3.59.1) |
|
543 * Fixed a bug causing some Unity JS games to not load on Apple |
|
544 Silicon devices due to improper detection of the OS version |
|
545 (bmo#1680516) |
|
546 - requires NSS 3.59.1 |
|
547 |
|
548 ------------------------------------------------------------------- |
|
549 Sun Dec 13 18:18:58 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
550 |
|
551 - Mozilla Firefox 84.0 |
|
552 * Firefox 84 is the final release to support Adobe Flash |
|
553 * WebRender is enabled by default when run on GNOME-based X11 |
|
554 Linux desktops |
|
555 MFSA 2020-54 (bsc#1180039)) |
|
556 * CVE-2020-16042 (bmo#1679003) |
|
557 Operations on a BigInt could have caused uninitialized memory |
|
558 to be exposed |
|
559 * CVE-2020-26971 (bmo#1663466) |
|
560 Heap buffer overflow in WebGL |
|
561 * CVE-2020-26972 (bmo#1671382) |
|
562 Use-After-Free in WebGL |
|
563 * CVE-2020-26973 (bmo#1680084) |
|
564 CSS Sanitizer performed incorrect sanitization |
|
565 * CVE-2020-26974 (bmo#1681022) |
|
566 Incorrect cast of StyleGenericFlexBasis resulted in a heap |
|
567 use-after-free |
|
568 * CVE-2020-26975 (bmo#1661071) |
|
569 Malicious applications on Android could have induced Firefox |
|
570 for Android into sending arbitrary attacker-specified headers |
|
571 * CVE-2020-26976 (bmo#1674343) |
|
572 HTTPS pages could have been intercepted by a registered |
|
573 service worker when they should not have been |
|
574 * CVE-2020-26977 (bmo#1676311) |
|
575 URL spoofing via unresponsive port in Firefox for Android |
|
576 * CVE-2020-26978 (bmo#1677047) |
|
577 Internal network hosts could have been probed by a malicious |
|
578 webpage |
|
579 * CVE-2020-26979 (bmo#1641287, bmo#1673299) |
|
580 When entering an address in the address or search bars, a |
|
581 website could have redirected the user before they were |
|
582 navigated to the intended url |
|
583 * CVE-2020-35111 (bmo#1657916) |
|
584 The proxy.onRequest API did not catch view-source URLs |
|
585 * CVE-2020-35112 (bmo#1661365) |
|
586 Opening an extension-less download may have inadvertently |
|
587 launched an executable instead |
|
588 * CVE-2020-35113 (bmo#1664831, bmo#1673589) |
|
589 Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 |
|
590 * CVE-2020-35114 (bmo#1607449, bmo#1640416, bmo#1656459, |
|
591 bmo#1669914, bmo#1673567) |
|
592 Memory safety bugs fixed in Firefox 84 |
|
593 - requires |
|
594 NSS >= 3.59 |
|
595 rust >= 1.44 |
|
596 rust-cbindgen >= 0.15.0 |
|
597 - remove revert-795c8762b16b.patch and replace with mozilla-pgo.patch |
|
598 |
|
599 ------------------------------------------------------------------- |
|
600 Sat Nov 21 08:12:17 UTC 2020 - Kirill Kirillov <kkirill@opensuse.org> |
|
601 |
|
602 - Add/Enable GNOME search provider |
|
603 |
|
604 ------------------------------------------------------------------- |
|
605 Sun Nov 15 12:16:53 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
606 |
|
607 - Mozilla Firefox 83.0 |
|
608 * major update for SpiderMonkey improving performance significantly |
|
609 * optional HTTPS-Only mode |
|
610 * more improvements |
|
611 https://www.mozilla.org/en-US/firefox/83.0/releasenotes/ |
|
612 MFSA 2020-50 (bsc#1178824)) |
|
613 * CVE-2020-26951 (bmo#1667113) |
|
614 Parsing mismatches could confuse and bypass security |
|
615 sanitizer for chrome privileged code |
|
616 * CVE-2020-26952 (bmo#1667685) |
|
617 Out of memory handling of JITed, inlined functions could lead |
|
618 to a memory corruption |
|
619 * CVE-2020-16012 (bmo#1642028) |
|
620 Variable time processing of cross-origin images during |
|
621 drawImage calls |
|
622 * CVE-2020-26953 (bmo#1656741) |
|
623 Fullscreen could be enabled without displaying the security UI |
|
624 * CVE-2020-26954 (bmo#1657026) |
|
625 Local spoofing of web manifests for arbitrary pages in |
|
626 Firefox for Android |
|
627 * CVE-2020-26955 (bmo#1663261) |
|
628 Cookies set during file downloads are shared between normal |
|
629 and Private Browsing Mode in Firefox for Android |
|
630 * CVE-2020-26956 (bmo#1666300) |
|
631 XSS through paste (manual and clipboard API) |
|
632 * CVE-2020-26957 (bmo#1667179) |
|
633 OneCRL was not working in Firefox for Android |
|
634 * CVE-2020-26958 (bmo#1669355) |
|
635 Requests intercepted through ServiceWorkers lacked MIME type |
|
636 restrictions |
|
637 * CVE-2020-26959 (bmo#1669466) |
|
638 Use-after-free in WebRequestService |
|
639 * CVE-2020-26960 (bmo#1670358) |
|
640 Potential use-after-free in uses of nsTArray |
|
641 * CVE-2020-15999 (bmo#1672223) |
|
642 Heap buffer overflow in freetype |
|
643 * CVE-2020-26961 (bmo#1672528) |
|
644 DoH did not filter IPv4 mapped IP Addresses |
|
645 * CVE-2020-26962 (bmo#610997) |
|
646 Cross-origin iframes supported login autofill |
|
647 * CVE-2020-26963 (bmo#1314912) |
|
648 History and Location interfaces could have been used to hang |
|
649 the browser |
|
650 * CVE-2020-26964 (bmo#1658865) |
|
651 Firefox for Android's Remote Debugging via USB could have |
|
652 been abused by untrusted apps on older versions of Android |
|
653 * CVE-2020-26965 (bmo#1661617) |
|
654 Software keyboards may have remembered typed passwords |
|
655 * CVE-2020-26966 (bmo#1663571) |
|
656 Single-word search queries were also broadcast to local |
|
657 network |
|
658 * CVE-2020-26967 (bmo#1665820) |
|
659 Mutation Observers could break or confuse Firefox Screenshots |
|
660 feature |
|
661 * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697, |
|
662 bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479, |
|
663 bmo#1671923) |
|
664 Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 |
|
665 * CVE-2020-26969 (bmo#1623920, bmo#1651705, bmo#1667872, |
|
666 bmo#1668876) |
|
667 Memory safety bugs fixed in Firefox 83 |
|
668 - requires |
|
669 NSS >= 3.58 |
|
670 nodejs >= 10.22.1 |
|
671 - removed obsolete mozilla-ppc-altivec_static_inline.patch |
|
672 - disable LTO on TW because of ICEs in gcc |
|
673 |
|
674 ------------------------------------------------------------------- |
|
675 Mon Nov 9 10:15:52 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
676 |
|
677 - Mozilla Firefox 82.0.3 |
|
678 MSFA 2020-49 |
|
679 * CVE-2020-26950 (bmo#1675905) |
|
680 Write side effects in MCallGetProperty opcode not accounted for |
|
681 |
|
682 ------------------------------------------------------------------- |
|
683 Mon Nov 2 09:00:13 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
684 |
|
685 - Mozilla Firefox 82.0.2 |
|
686 * few bugfixes for introduced regressions |
|
687 |
|
688 ------------------------------------------------------------------- |
|
689 Sun Nov 1 20:15:17 UTC 2020 - Kirill Kirillov <kkirill@opensuse.org> |
|
690 |
|
691 - Enable GNOME search provider |
|
692 |
|
693 ------------------------------------------------------------------- |
|
694 Thu Oct 15 20:44:47 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
695 |
|
696 - Mozilla Firefox 82.0 |
|
697 * https://www.mozilla.org/en-US/firefox/82.0/releasenotes/ |
|
698 MFSA 2020-45 (bsc#1177872) |
|
699 * CVE-2020-15969 (bmo#1666570) |
|
700 Use-after-free in usersctp |
|
701 * CVE-2020-15254 (bmo#1668514) |
|
702 Undefined behavior in bounded channel of crossbeam rust crate |
|
703 * CVE-2020-15680 (bmo#1658881) |
|
704 Presence of external protocol handlers could be determined |
|
705 through image tags |
|
706 * CVE-2020-15681 (bmo#1666568) |
|
707 Multiple WASM threads may have overwritten each others' stub |
|
708 table entries |
|
709 * CVE-2020-15682 (bmo#1636654) |
|
710 The domain associated with the prompt to open an external |
|
711 protocol could be spoofed to display the incorrect origin |
|
712 * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954, |
|
713 bmo#1662760, bmo#1663439, bmo#1666140) |
|
714 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 |
|
715 * CVE-2020-15684 (bmo#1653764, bmo#1661402, bmo#1662259, |
|
716 bmo#1664257) |
|
717 Memory safety bugs fixed in Firefox 82 |
|
718 - requires |
|
719 * NSPR 4.29 |
|
720 * NSS 3.57 |
|
721 |
|
722 ------------------------------------------------------------------- |
|
723 Thu Oct 1 20:00:27 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
724 |
|
725 - Mozilla Firefox 81.0.1 |
|
726 * https://www.mozilla.org/en-US/firefox/81.0.1/releasenotes/ |
|
727 - remove obsolete python2 build requires |
|
728 |
|
729 ------------------------------------------------------------------- |
|
730 Wed Sep 30 18:49:10 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
731 |
|
732 - Increase disk requirements in _constraints to match current needs |
|
733 |
|
734 ------------------------------------------------------------------- |
|
735 Fri Sep 18 06:22:40 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
736 |
|
737 - Mozilla Firefox 81.0 |
|
738 * https://www.mozilla.org/en-US/firefox/81.0/releasenotes |
|
739 MFSA 2020-42 (bsc#1176756) |
|
740 * CVE-2020-15675 (bmo#1654211) |
|
741 Use-After-Free in WebGL |
|
742 * CVE-2020-15677 (bmo#1641487) |
|
743 Download origin spoofing via redirect |
|
744 * CVE-2020-15676 (bmo#1646140) |
|
745 XSS when pasting attacker-controlled data into a |
|
746 contenteditable element |
|
747 * CVE-2020-15678 (bmo#1660211) |
|
748 When recursing through layers while scrolling, an iterator |
|
749 may have become invalid, resulting in a potential use-after- |
|
750 free scenario |
|
751 * CVE-2020-15673 (bmo#1648493, bmo#1660800) |
|
752 Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 |
|
753 * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293) |
|
754 Memory safety bugs fixed in Firefox 81 |
|
755 - requires |
|
756 NSPR 4.28 |
|
757 NSS 3.56 |
|
758 - removed obsolete patches |
|
759 * mozilla-system-nspr.patch |
|
760 * mozilla-bmo1661715.patch |
|
761 * mozilla-silence-no-return-type.patch |
|
762 - skip post-build-checks for 15.0 and 15.1 |
|
763 - add revert-795c8762b16b.patch to fix LTO builds with gcc |
|
764 (related to bmo#1644409) |
|
765 - require python3-curses as workaround to fix i586 build |
|
766 |
|
767 ------------------------------------------------------------------- |
|
768 Thu Sep 17 11:45:31 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
769 |
|
770 - Use %limit_build macro again for aarch64 and armv7, instead of |
|
771 the new memoryperjob _constraints to use more workers |
|
772 |
|
773 ------------------------------------------------------------------- |
|
774 Sat Sep 5 17:43:26 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
775 |
|
776 - add mozilla-bmo1661715.patch to fix Flash plugin |
|
777 |
|
778 ------------------------------------------------------------------- |
|
779 Wed Sep 2 17:11:19 UTC 2020 - Manfred Hollstein <manfred.h@gmx.net> |
|
780 |
|
781 - Mozilla Firefox 80.0.1: Bug fixes: |
|
782 * Fixed a performance regression when encountering new intermediate |
|
783 CA certificates (bmo#1661543) |
|
784 * Fixed crashes possibly related to GPU resets (bmo#1627616) |
|
785 * Fixed rendering on some sites using WebGL (bmo#1659225) |
|
786 * Fixed the zoom-in keyboard shortcut on Japanese language builds |
|
787 (bmo#1661895) |
|
788 * Fixed download issues related to extensions and cookies |
|
789 (bmo#1655190) |
|
790 - added mozilla-silence-no-return-type.patch |
|
791 |
|
792 ------------------------------------------------------------------- |
|
793 Tue Aug 25 19:30:15 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
794 |
|
795 - more whitelisting (/dev/random) for sandbox in relation to FIPS |
|
796 (bsc#1174284) |
|
797 - improve langpack builds to use dedicated objdirs and make it |
|
798 parallel again |
|
799 |
|
800 ------------------------------------------------------------------- |
|
801 Sat Aug 22 06:52:01 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
802 |
|
803 - Mozilla Firefox 80.0 |
|
804 MFSA 2020-36 (bsc#1175686) |
|
805 * CVE-2020-15663 (bmo#1643199) |
|
806 Downgrade attack on the Mozilla Maintenance Service could |
|
807 have resulted in escalation of privilege |
|
808 * CVE-2020-15664 (bmo#1658214) |
|
809 Attacker-induced prompt for extension installation |
|
810 * CVE-2020-12401 (bmo#1631573) |
|
811 Timing-attack on ECDSA signature generation |
|
812 * CVE-2020-6829 (bmo#1631583) |
|
813 P-384 and P-521 vulnerable to an electro-magnetic side |
|
814 channel attack on signature generation |
|
815 * CVE-2020-12400 (bmo#1623116) |
|
816 P-384 and P-521 vulnerable to a side channel attack on |
|
817 modular inversion |
|
818 * CVE-2020-15665 (bmo#1651636) |
|
819 Address bar not reset when choosing to stay on a page after |
|
820 the beforeunload dialog is shown |
|
821 * CVE-2020-15666 (bmo#1450853) |
|
822 MediaError message property leaks cross-origin response |
|
823 status |
|
824 * CVE-2020-15667 (bmo#1653371) |
|
825 Heap overflow when processing an update file |
|
826 * CVE-2020-15668 (bmo#1651520) |
|
827 Data Race when reading certificate information |
|
828 * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, |
|
829 bmo#1656957) |
|
830 Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 |
|
831 - requires |
|
832 * NSPR 4.27 |
|
833 * NSS 3.55 |
|
834 - added mozilla-system-nspr.patch (bmo#1661096) |
|
835 - exclude ga-IE locale as it's failing to build |
|
836 - rollback parallelize locale build because it breaks bookmarks |
|
837 (boo#1167976) |
|
838 - preserve original default bookmark file during langpack build |
|
839 (boo#1167976) |
|
840 - add some ccache output during build |
|
841 |
|
842 ------------------------------------------------------------------- |
|
843 Thu Aug 20 13:07:33 UTC 2020 - Martin Liška <mliska@suse.cz> |
|
844 |
|
845 - Use new memoryperjob _constraints instead of %limit_build macro. |
|
846 |
|
847 ------------------------------------------------------------------- |
|
848 Mon Aug 10 09:19:38 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
849 |
|
850 - use ccache for build |
|
851 - replace versioned RPM deps with requires_ge |
|
852 - parallelize locale build |
|
853 |
|
854 ------------------------------------------------------------------- |
|
855 Thu Aug 6 14:37:16 UTC 2020 - Yunhe Guo <i@guoyunhe.me> |
|
856 |
|
857 - Change *.appdata.xml location to latest AppStream standard |
|
858 |
|
859 ------------------------------------------------------------------- |
|
860 Thu Jul 23 21:00:34 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
861 |
|
862 - Mozilla Firefox 79.0 |
|
863 MFSA 2020-30 (bsc#1174538) |
|
864 * CVE-2020-15652 (bmo#1634872) |
|
865 Potential leak of redirect targets when loading scripts in a worker |
|
866 * CVE-2020-6514 (bmo#1642792) |
|
867 WebRTC data channel leaks internal address to peer |
|
868 * CVE-2020-15655 (bmo#1645204) |
|
869 Extension APIs could be used to bypass Same-Origin Policy |
|
870 * CVE-2020-15653 (bmo#1521542) |
|
871 Bypassing iframe sandbox when allowing popups |
|
872 * CVE-2020-6463 (bmo#1635293) |
|
873 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture |
|
874 * CVE-2020-15656 (bmo#1647293) |
|
875 Type confusion for special arguments in IonMonkey |
|
876 * CVE-2020-15658 (bmo#1637745) |
|
877 Overriding file type when saving to disk |
|
878 * CVE-2020-15657 (bmo#1644954) |
|
879 DLL hijacking due to incorrect loading path |
|
880 * CVE-2020-15654 (bmo#1648333) |
|
881 Custom cursor can overlay user interface |
|
882 * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856, |
|
883 bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220, |
|
884 bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678) |
|
885 Memory safety bugs fixed in Firefox 79 |
|
886 - updated dependency requirements: |
|
887 * mozilla-nspr >= 4.26 |
|
888 * mozilla-nss >= 3.54 |
|
889 * rust >= 1.43 |
|
890 * rust-cbindgen >= 0.14.3 |
|
891 - removed obsolete patch |
|
892 mozilla-bmo1463035.patch |
|
893 |
|
894 ------------------------------------------------------------------- |
|
895 Tue Jul 21 21:31:20 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
896 |
|
897 - fixed syntax issue in desktop file (boo#1174360) |
|
898 |
|
899 ------------------------------------------------------------------- |
|
900 Fri Jul 17 15:07:45 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
901 |
|
902 - Add mozilla-libavcodec58_91.patch to link against updated |
|
903 soversion of libavcodec (58.91) with ffmpeg >= 4.3. |
|
904 (patch provided by Atri Bhattacharya <badshah400@gmail.com> |
|
905 - enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320) |
|
906 (Plasma 5.19.3 is now in TW) |
|
907 |
|
908 ------------------------------------------------------------------- |
|
909 Sat Jul 11 11:08:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
910 |
|
911 - Mozilla Firefox 78.0.2 |
|
912 * Fixed an accessibility regression in reader mode (bmo#1650922) |
|
913 * Made the address bar more resilient to data corruption in the |
|
914 user profile (bmo#1649981) |
|
915 * Fixed a regression opening certain external applications (bmo#1650162) |
|
916 MFSA 2020-28 |
|
917 * CVE pending (bmo#1644076) |
|
918 X-Frame-Options bypass using object or embed tags |
|
919 - added desktop file actions |
|
920 - do not use XINPUT2 for the moment until Plasma 5.19.3 has landed |
|
921 (boo#1173993) |
|
922 - rework langpack integration (boo#1173991) |
|
923 * ship XPIs instead of directories |
|
924 * allow addon sideloading |
|
925 * mark signatures for langpacks non-mandatory |
|
926 * do not autodisable user profile scopes |
|
927 - Google API key is not usable for geolocation service |
|
928 - fix pipewire support for TW (boo#1172903) |
|
929 |
|
930 ------------------------------------------------------------------- |
|
931 Wed Jul 1 07:15:02 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
932 |
|
933 - Mozilla Firefox 78.0.1 |
|
934 * Fixed an issue which could cause installed search engines to not |
|
935 be visible when upgrading from a previous release. |
|
936 - enable MOZ_USE_XINPUT2 for TW (boo#1173320) |
|
937 |
|
938 ------------------------------------------------------------------- |
|
939 Sun Jun 28 07:17:13 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
940 |
|
941 - Mozilla Firefox 78.0 |
|
942 * startup notifications now using Gtk instead of libnotify |
|
943 * PDF downloads now show an option to open the PDF directly in Firefox |
|
944 * Protections Dashboard (about:protections) |
|
945 * WebRTC not interrupted by screensaver anymore |
|
946 * disabled TLS 1.0 and 1.1 by default |
|
947 MFSA 2020-24 (bsc#1173576) |
|
948 * CVE-2020-12415 (bmo#1586630) |
|
949 AppCache manifest poisoning due to url encoded character processing |
|
950 * CVE-2020-12416 (bmo#1639734) |
|
951 Use-after-free in WebRTC VideoBroadcaster |
|
952 * CVE-2020-12417 (bmo#1640737) |
|
953 Memory corruption due to missing sign-extension for ValueTags |
|
954 on ARM64 |
|
955 * CVE-2020-12418 (bmo#1641303) |
|
956 Information disclosure due to manipulated URL object |
|
957 * CVE-2020-12419 (bmo#1643874) |
|
958 Use-after-free in nsGlobalWindowInner |
|
959 * CVE-2020-12420 (bmo#1643437) |
|
960 Use-After-Free when trying to connect to a STUN server |
|
961 * CVE-2020-12402 (bmo#1631597) |
|
962 RSA Key Generation vulnerable to side-channel attack |
|
963 * CVE-2020-12421 (bmo#1308251) |
|
964 Add-On updates did not respect the same certificate trust |
|
965 rules as software updates |
|
966 * CVE-2020-12422 (bmo#1450353) |
|
967 Integer overflow in nsJPEGEncoder::emptyOutputBuffer |
|
968 * CVE-2020-12423 (bmo#1642400) |
|
969 DLL Hijacking due to searching %PATH% for a library |
|
970 * CVE-2020-12424 (bmo#1562600) |
|
971 WebRTC permission prompt could have been bypassed by a |
|
972 compromised content process |
|
973 * CVE-2020-12425 (bmo#1634738) |
|
974 Out of bound read in Date.parse() |
|
975 * CVE-2020-12426 (bmo#1608068, bmo#1609951, bmo#1631187, bmo#1637682) |
|
976 Memory safety bugs fixed in Firefox 78 |
|
977 - requires |
|
978 * NSS >= 3.53.1 |
|
979 * nodejs >= 10.21 |
|
980 * Gtk+3 >= 3.14 |
|
981 - removed obsolete patches |
|
982 * mozilla-s390-bigendian.patch |
|
983 * mozilla-bmo1634646.patch |
|
984 - Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build |
|
985 WebRTC with pipewire support to enable screen sharing under |
|
986 Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3) |
|
987 appropriately (boo#1172903). |
|
988 - adding SLE12 compatibility in spec file |
|
989 - add patches for s390x |
|
990 * mozilla-bmo1602730.patch (bmo#1602730) |
|
991 * mozilla-bmo1626236.patch (bmo#1626236) |
|
992 * mozilla-bmo998749.patch (bmo#998749) |
|
993 * mozilla-s390x-skia-gradient.patch |
|
994 - update create-tar.sh |
|
995 - Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure |
|
996 |
|
997 ------------------------------------------------------------------- |
|
998 Wed Jun 10 07:17:15 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
999 |
|
1000 - Exclude armv6, since it is unbuildable since about 3 years |
|
1001 |
|
1002 ------------------------------------------------------------------- |
|
1003 Wed Jun 3 21:39:11 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de> |
|
1004 |
|
1005 - Mozilla Firefox 77.0.1 |
|
1006 * Disable automatic selection of DNS over HTTPS providers during |
|
1007 a test to enable wider deployment in a more controlled way |
|
1008 (bmo#1642723) |
|
1009 |
|
1010 ------------------------------------------------------------------- |
|
1011 Fri May 29 11:49:36 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1012 |
|
1013 - Mozilla Firefox 77.0 |
|
1014 * view and manage web certificates more easily on the new |
|
1015 about:certificate page |
|
1016 * improvements in accessibility |
|
1017 * significant improvements to JavaScript debugging |
|
1018 MFSA 2020-20 (bsc#1172402) |
|
1019 * CVE-2020-12399 (bmo#1631576) |
|
1020 Timing attack on DSA signatures in NSS library |
|
1021 (fixed with external NSS >= 3.52.1) |
|
1022 * CVE-2020-12405 (bmo#1631618) |
|
1023 Use-after-free in SharedWorkerService |
|
1024 * CVE-2020-12406 (bmo#1639590) |
|
1025 JavaScript type confusion with NativeTypes |
|
1026 * CVE-2020-12407 (bmo#1637112) |
|
1027 WebRender leaking GPU memory when using border-image CSS |
|
1028 directive |
|
1029 * CVE-2020-12408 (bmo#1623888) |
|
1030 URL spoofing when using IP addresses |
|
1031 * CVE-2020-12409 (bmo#1619305, bmo#1632717) |
|
1032 Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 |
|
1033 * CVE-2020-12411 (bmo#1620972, bmo#1625333) |
|
1034 Memory safety bugs fixed in Firefox 77 |
|
1035 - requires |
|
1036 * NSS >= 3.52.1 |
|
1037 * rust-cbindgen >= 1.14.1 |
|
1038 * clang >= 5 |
|
1039 - added mozilla-bmo1634646.patch as part of fixing PGO build |
|
1040 (still not working) |
|
1041 |
|
1042 ------------------------------------------------------------------- |
|
1043 Wed May 13 12:21:13 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com> |
|
1044 |
|
1045 - change again _constraints for ppc64le use <physicalmemory> |
|
1046 and increase limit_build in spec file to reduce max_jobs. |
|
1047 |
|
1048 ------------------------------------------------------------------- |
|
1049 Sat May 9 11:45:39 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1050 |
|
1051 - Mozilla Firefox 76.0.1 |
|
1052 * Fixed a bug causing some add-ons such as Amazon Assistant to see |
|
1053 multiple onConnect events, impairing functionality (bmo#1635637) |
|
1054 |
|
1055 ------------------------------------------------------------------- |
|
1056 Fri May 1 11:59:58 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1057 |
|
1058 - Mozilla Firefox 76.0 |
|
1059 * Lockwise improvements |
|
1060 * Improvements in Picture-in-Picture feature |
|
1061 * Support Audio Worklets |
|
1062 MFSA-2020-16 (bsc#1171186) |
|
1063 * CVE-2020-12387 (bmo#1545345) |
|
1064 Use-after-free during worker shutdown |
|
1065 * CVE-2020-12388 (bmo#1618911) |
|
1066 Sandbox escape with improperly guarded Access Tokens |
|
1067 * CVE-2020-12389 (bmo#1554110) |
|
1068 Sandbox escape with improperly separated process types |
|
1069 * CVE-2020-6831 (bmo#1632241) |
|
1070 Buffer overflow in SCTP chunk input validation |
|
1071 * CVE-2020-12390 (bmo#1141959) |
|
1072 Incorrect serialization of nsIPrincipal.origin for IPv6 addresses |
|
1073 * CVE-2020-12391 (bmo#1457100) |
|
1074 Content-Security-Policy bypass using object elements |
|
1075 * CVE-2020-12392 (bmo#1614468) |
|
1076 Arbitrary local file access with 'Copy as cURL' |
|
1077 * CVE-2020-12393 (bmo#1615471) |
|
1078 Devtools' 'Copy as cURL' feature did not fully escape |
|
1079 website-controlled data, potentially leading to command injection |
|
1080 * CVE-2020-12394 (bmo#1628288) |
|
1081 URL spoofing in location bar when unfocussed |
|
1082 * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098, |
|
1083 bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508) |
|
1084 Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 |
|
1085 * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488, |
|
1086 bmo#1622291, bmo#1627644) |
|
1087 Memory safety bugs fixed in Firefox 76 |
|
1088 - requires |
|
1089 * NSS >= 3.51.1 |
|
1090 * nasm >= 2.14 |
|
1091 - removed obsolete patch mozilla-bmo1622013.patch |
|
1092 - fix URI creation for KDE file selector integration (boo#1160331) |
|
1093 |
|
1094 ------------------------------------------------------------------- |
|
1095 Tue Apr 7 12:18:27 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1096 |
|
1097 - Mozilla Firefox 75.0 |
|
1098 * https://www.mozilla.org/en-US/firefox/75.0/releasenotes |
|
1099 MFSA 2020-12 (bsc#1168874) |
|
1100 * CVE-2020-6821 (bmo#1625404) |
|
1101 Uninitialized memory could be read when using the WebGL |
|
1102 copyTexSubImage method |
|
1103 * CVE-2020-6822 (bmo#1544181) |
|
1104 Out of bounds write in GMPDecodeData when processing large images |
|
1105 * CVE-2020-6823 (bmo#1614919) |
|
1106 Malicious Extension could obtain auth codes from OAuth login flows |
|
1107 * CVE-2020-6824 (bmo#1621853) |
|
1108 Generated passwords may be identical on the same site between |
|
1109 separate private browsing sessions |
|
1110 * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203) |
|
1111 Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 |
|
1112 * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488, |
|
1113 bmo#1619229,bmo#1620719,bmo#1624897) |
|
1114 Memory safety bugs fixed in Firefox 75 |
|
1115 - removed obsolete patch |
|
1116 mozilla-bmo1609538.patch |
|
1117 - requires |
|
1118 * rust >= 1.41 |
|
1119 * rust-cbindgen >= 0.13.1 |
|
1120 * mozilla-nss >= 3.51 |
|
1121 * nodejs10 >= 10.19 |
|
1122 - fix build issue in libvpx for i586 via mozilla-bmo1622013.patch |
|
1123 |
|
1124 ------------------------------------------------------------------- |
|
1125 Mon Apr 6 11:19:24 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com> |
|
1126 |
|
1127 - increase _constraints memory for ppc64le |
|
1128 |
|
1129 ------------------------------------------------------------------- |
|
1130 Fri Apr 3 15:23:28 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1131 |
|
1132 - Mozilla Firefox 74.0.1 |
|
1133 MFSA 2020-11 (boo#1168630) |
|
1134 * CVE-2020-6819 (bmo#1620818) |
|
1135 Use-after-free while running the nsDocShell destructor |
|
1136 * CVE-2020-6820 (bmo#1626728) |
|
1137 Use-after-free when handling a ReadableStream |
|
1138 |
|
1139 ------------------------------------------------------------------- |
|
1140 Wed Mar 25 07:30:39 UTC 2020 - Marcus Meissner <meissner@suse.com> |
|
1141 |
|
1142 - mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled |
|
1143 to be read, as openssl 1.1.1 FIPS aborts if it cannot access it |
|
1144 (bsc#1167132) |
|
1145 |
|
1146 ------------------------------------------------------------------- |
|
1147 Sat Mar 7 08:51:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1148 |
|
1149 - Mozilla Firefox 74.0 |
|
1150 * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/ |
|
1151 MFSA 2020-08 (bsc#1166238) |
|
1152 * CVE-2020-6805 (bmo#1610880) |
|
1153 Use-after-free when removing data about origins |
|
1154 * CVE-2020-6806 (bmo#1612308) |
|
1155 BodyStream::OnInputStreamReady was missing protections against |
|
1156 state confusion |
|
1157 * CVE-2020-6807 (bmo#1614971) |
|
1158 Use-after-free in cubeb during stream destruction |
|
1159 * CVE-2020-6808 (bmo#1247968) |
|
1160 URL Spoofing via javascript: URL |
|
1161 * CVE-2020-6809 (bmo#1420296) |
|
1162 Web Extensions with the all-urls permission could access local |
|
1163 files |
|
1164 * CVE-2020-6810 (bmo#1432856) |
|
1165 Focusing a popup while in fullscreen could have obscured the |
|
1166 fullscreen notification |
|
1167 * CVE-2020-6811 (bmo#1607742) |
|
1168 Devtools' 'Copy as cURL' feature did not fully escape |
|
1169 website-controlled data, potentially leading to command injection |
|
1170 * CVE-2019-20503 (bmo#1613765) |
|
1171 Out of bounds reads in sctp_load_addresses_from_init |
|
1172 * CVE-2020-6812 (bmo#1616661) |
|
1173 The names of AirPods with personally identifiable information |
|
1174 were exposed to websites with camera or microphone permission |
|
1175 * CVE-2020-6813 (bmo#1605814) |
|
1176 @import statements in CSS could bypass the Content Security |
|
1177 Policy nonce feature |
|
1178 * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636, |
|
1179 bmo#1614339) |
|
1180 Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 |
|
1181 * CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457, |
|
1182 bmo#1612431) |
|
1183 Memory and script safety bugs fixed in Firefox 74 |
|
1184 - requires |
|
1185 * NSPR 4.25 |
|
1186 * NSS 3.50 |
|
1187 * rust-cbindgen 0.13.0 |
|
1188 - removed obsolete patches |
|
1189 mozilla-bmo1610814.patch |
|
1190 mozilla-cubeb-noreturn.patch |
|
1191 - add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36 |
|
1192 (bmo#1609538, boo#1166471) |
|
1193 |
|
1194 ------------------------------------------------------------------- |
|
1195 Wed Feb 26 08:12:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1196 |
|
1197 - big endian fixes |
|
1198 |
|
1199 ------------------------------------------------------------------- |
|
1200 Tue Feb 25 14:17:00 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
1201 |
|
1202 - Fix build on aarch64/armv7 with: |
|
1203 * mozilla-bmo1610814.patch (boo#1164845, bmo#1610814) |
|
1204 |
|
1205 ------------------------------------------------------------------- |
|
1206 Thu Feb 20 13:40:59 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1207 |
|
1208 - Mozilla Firefox 73.0.1 |
|
1209 * Resolved problems connecting to the RBC Royal Bank website |
|
1210 (bmo#1613943) |
|
1211 * Fixed Firefox unexpectedly exiting when leaving Print Preview mode |
|
1212 (bmo#1611133) |
|
1213 * Fixed crashes when playing encrypted content on some Linux systems |
|
1214 (bmo#1614535, boo#1164646) |
|
1215 - start in wayland mode when running under wayland session |
|
1216 |
|
1217 ------------------------------------------------------------------- |
|
1218 Sun Feb 9 07:45:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1219 |
|
1220 - Mozilla Firefox 73.0 |
|
1221 * Added support for setting a default zoom level applicable for all |
|
1222 web content |
|
1223 * High-contrast mode has been updated to allow background images |
|
1224 * Improved audio quality when playing back audio at a faster or |
|
1225 slower speed |
|
1226 * Added NextDNS as alternative option for DNS over HTTPS |
|
1227 MFSA 2020-05 (bsc#1163368) |
|
1228 * CVE-2020-6796 (bmo#1610426) |
|
1229 Missing bounds check on shared memory read in the parent process |
|
1230 * CVE-2020-6797 (bmo#1596668) (MacOS X only) |
|
1231 Extensions granted downloads.open permission could open arbitrary |
|
1232 applications on Mac OSX |
|
1233 * CVE-2020-6798 (bmo#1602944) |
|
1234 Incorrect parsing of template tag could result in JavaScript injection |
|
1235 * CVE-2020-6799 (bmo#1606596) (Windows only) |
|
1236 Arbitrary code execution when opening pdf links from other |
|
1237 applications, when Firefox is configured as default pdf reader |
|
1238 * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851, |
|
1239 bmo#1608580,bmo#1608785,bmo#1605777) |
|
1240 Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 |
|
1241 * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492) |
|
1242 Memory safety bugs fixed in Firefox 73 |
|
1243 - updated requirements |
|
1244 * rust >= 1.39 |
|
1245 * NSS >= 3.49.2 |
|
1246 * rust-cbindgen >= 0.12.0 |
|
1247 - rebased patches |
|
1248 - removed obsolete patch |
|
1249 * mozilla-bmo1601707.patch |
|
1250 - switched to cairo-gtk3-wayland build |
|
1251 (to fully enable wayland MOZ_ENABLE_WAYLAND=1 needs to be set) |
|
1252 - disabled elfhack due to failing packager |
|
1253 https://github.com/openSUSE/firefox-maintenance/issues/28 |
|
1254 - disabled PGO due to build failure |
|
1255 https://github.com/openSUSE/firefox-maintenance/issues/29 |
|
1256 |
|
1257 ------------------------------------------------------------------- |
|
1258 Tue Jan 28 07:30:16 UTC 2020 - Stasiek Michalski <stasiek@michalski.cc> |
|
1259 |
|
1260 - Use a symbolic icon from branding internals |
|
1261 - Pixmaps no longer required for the desktops |
|
1262 |
|
1263 ------------------------------------------------------------------- |
|
1264 Wed Jan 22 10:30:21 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1265 |
|
1266 - Mozilla Firefox 72.0.2 |
|
1267 * Various stability fixes |
|
1268 * Fixed issues opening files with spaces in their path (bmo#1601905) |
|
1269 * Fixed a hang opening about:logins when a master password is set |
|
1270 (bmo#1606992) |
|
1271 * Fixed a web compatibility issue with CSS Shadow Parts which |
|
1272 shipped in Firefox 72 (bmo#1604989) |
|
1273 * Fixed inconsistent playback performance for fullscreen 1080p |
|
1274 videos on some systems (bmo#1608485) |
|
1275 |
|
1276 ------------------------------------------------------------------- |
|
1277 Tue Jan 21 12:59:54 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
1278 |
|
1279 - Fix build for aarch64/ppc64le (do not update config.sub file |
|
1280 for libbacktrace) |
|
1281 |
|
1282 ------------------------------------------------------------------- |
|
1283 Wed Jan 8 08:19:12 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1284 |
|
1285 - Mozilla Firefox 72.0.1 |
|
1286 MFSA 2020-03 (bsc#1160498) |
|
1287 * CVE-2019-17026 (bmo#1607443) |
|
1288 IonMonkey type confusion with StoreElementHole and FallibleStoreElement |
|
1289 - Mozilla Firefox 72.0 |
|
1290 * block fingerprinting scripts by default |
|
1291 * new notification pop-ups |
|
1292 * Picture-in-picture video |
|
1293 MFSA 2020-01 (bsc#1160305) |
|
1294 * CVE-2019-17016 (bmo#1599181) |
|
1295 Bypass of @namespace CSS sanitization during pasting |
|
1296 * CVE-2019-17017 (bmo#1603055) |
|
1297 Type Confusion in XPCVariant.cpp |
|
1298 * CVE-2019-17020 (bmo#1597645) |
|
1299 Content Security Policy not applied to XSL stylesheets applied |
|
1300 to XML documents |
|
1301 * CVE-2019-17022 (bmo#1602843) |
|
1302 CSS sanitization does not escape HTML tags |
|
1303 * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME) |
|
1304 NSS may negotiate TLS 1.2 or below after a TLS 1.3 |
|
1305 HelloRetryRequest had been sent |
|
1306 * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826) |
|
1307 Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 |
|
1308 * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965 |
|
1309 bmo#1595692,bmo#1597321,bmo#1597481) |
|
1310 Memory safety bugs fixed in Firefox 72 |
|
1311 - update create-tar.sh to skip compare-locales |
|
1312 - requires NSPR 4.24 and NSS 3.48 |
|
1313 - removed usage of browser-plugins convention for NPAPI plugins |
|
1314 from start wrapper and changed the RPM macro to the |
|
1315 /usr/$LIB/mozilla/plugins location (boo#1160302) |
|
1316 |
|
1317 ------------------------------------------------------------------- |
|
1318 Mon Dec 2 08:24:05 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1319 |
|
1320 - Mozilla Firefox 71.0 |
|
1321 * Improvements to Lockwise, our integrated password manager |
|
1322 * More information about Enhanced Tracking Protection in action |
|
1323 * Native MP3 decoding on Windows, Linux, and macOS |
|
1324 * Configuration page (about:config) reimplemented in HTML |
|
1325 * New kiosk mode functionality, which allows maximum screen space |
|
1326 for customer-facing displays |
|
1327 MFSA 2019-36 |
|
1328 * CVE-2019-11756 (bmo#1508776) |
|
1329 Use-after-free of SFTKSession object |
|
1330 * CVE-2019-17008 (bmo#1546331) |
|
1331 Use-after-free in worker destruction |
|
1332 * CVE-2019-13722 (bmo#1580156) (Windows only) |
|
1333 Stack corruption due to incorrect number of arguments in WebRTC code |
|
1334 * CVE-2019-17014 (bmo#1322864) |
|
1335 Dragging and dropping a cross-origin resource, incorrectly loaded |
|
1336 as an image, could result in information disclosure |
|
1337 * CVE-2019-17010 (bmo#1581084) |
|
1338 Use-after-free when performing device orientation checks |
|
1339 * CVE-2019-17005 (bmo#1584170) |
|
1340 Buffer overflow in plain text serializer |
|
1341 * CVE-2019-17011 (bmo#1591334) |
|
1342 Use-after-free when retrieving a document in antitracking |
|
1343 * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209 |
|
1344 bmo#1580288, bmo#1585760, bmo#1592502) |
|
1345 Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 |
|
1346 * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937 |
|
1347 bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865 |
|
1348 bmo#1594181) |
|
1349 Memory safety bugs fixed in Firefox 71 |
|
1350 - requires |
|
1351 NSPR >= 4.23 |
|
1352 NSS >= 3.47.1 |
|
1353 rust/cargo >= 1.37 |
|
1354 - reactivate webrtc for platforms where it was disabled |
|
1355 - updated create-tar.sh to cover buildid and origin repo information |
|
1356 -> removed obsolete source-stamp.txt |
|
1357 - removed obsolete patches |
|
1358 mozilla-bmo1511604.patch |
|
1359 mozilla-openaes-decl.patch |
|
1360 - changed locale building procedure |
|
1361 * removed obsolete compare-locales.tar.xz |
|
1362 - added mozilla-bmo1601707.patch to fix gcc/LTO builds |
|
1363 (bmo#1601707, boo#1158466) |
|
1364 - added mozilla-bmo849632.patch to fix big endian issues in skia |
|
1365 used for WebGL |
|
1366 |
|
1367 ------------------------------------------------------------------- |
|
1368 Fri Nov 1 14:16:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1369 |
|
1370 - Mozilla Firefox 70.0.1 |
|
1371 * Fix for an issue that caused some websites or page elements using |
|
1372 dynamic JavaScript to fail to load. (bmo#1592136) |
|
1373 * Title bar no longer shows in full screen view (bmo#1588747) |
|
1374 - added mozilla-bmo1504834-part4.patch to fix some visual issues on |
|
1375 big endian platforms |
|
1376 |
|
1377 ------------------------------------------------------------------- |
|
1378 Sun Oct 20 20:19:31 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1379 |
|
1380 - Mozilla Firefox 70.0 |
|
1381 * more privacy protections from Enhanced Tracking Protection |
|
1382 * Firefox Lockwise passwordmanager |
|
1383 * Improvements to core engine components, for better browsing on more sites |
|
1384 * Improved privacy and security indicators |
|
1385 MFSA 2019-34 |
|
1386 * CVE-2018-6156 (bmo#1480088) |
|
1387 Heap buffer overflow in FEC processing in WebRTC |
|
1388 * CVE-2019-15903 (bmo#1584907) |
|
1389 Heap overflow in expat library in XML_GetCurrentLineNumber |
|
1390 * CVE-2019-11757 (bmo#1577107) |
|
1391 Use-after-free when creating index updates in IndexedDB |
|
1392 * CVE-2019-11759 (bmo#1577953) |
|
1393 Stack buffer overflow in HKDF output |
|
1394 * CVE-2019-11760 (bmo#1577719) |
|
1395 Stack buffer overflow in WebRTC networking |
|
1396 * CVE-2019-11761 (bmo#1561502) |
|
1397 Unintended access to a privileged JSONView object |
|
1398 * CVE-2019-11762 (bmo#1582857) |
|
1399 document.domain-based origin isolation has same-origin-property violation |
|
1400 * CVE-2019-11763 (bmo#1584216) |
|
1401 Incorrect HTML parsing results in XSS bypass technique |
|
1402 * CVE-2019-11765 (bmo#1562582) |
|
1403 Incorrect permissions could be granted to a website |
|
1404 * CVE-2019-17000 (bmo#1441468) |
|
1405 CSP bypass using object tag with data: URI |
|
1406 * CVE-2019-17001 (bmo#1587976) |
|
1407 CSP bypass using object tag when script-src 'none' is specified |
|
1408 * CVE-2019-17002 (bmo#1561056) |
|
1409 upgrade-insecure-requests was not being honored for links dragged and dropped |
|
1410 * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223, |
|
1411 bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845, bmo#1581950, |
|
1412 bmo#1583463, bmo#1586599) |
|
1413 Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 |
|
1414 - requires |
|
1415 rust/cargo >= 1.36 |
|
1416 NSPR >= 4.22 |
|
1417 NSS >= 3.46.1 |
|
1418 rust-cbindgen >= 0.9.1 |
|
1419 - removed obsolete patches |
|
1420 mozilla-bmo1573381.patch |
|
1421 mozilla-nestegg-big-endian.patch |
|
1422 |
|
1423 ------------------------------------------------------------------- |
|
1424 Sun Oct 13 08:58:12 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1425 |
|
1426 - Mozilla Firefox 69.0.3 |
|
1427 * Fixed Yahoo mail users being prompted to download files when |
|
1428 clicking on emails (bmo#1582848) |
|
1429 - devel package build can easily be disabled now |
|
1430 |
|
1431 ------------------------------------------------------------------- |
|
1432 Thu Oct 3 08:40:05 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1433 |
|
1434 - Mozilla Firefox 69.0.2 |
|
1435 * Fixed a crash when editing files on Office 365 websites (bmo#1579858) |
|
1436 * Fixed a Linux-only crash when changing the playback speed while |
|
1437 watching YouTube videos (bmo#1582222) |
|
1438 - updated supported locale list |
|
1439 - Allow to build without profile guided optimizations (boo#1040589) |
|
1440 (contributed by Bernhard Wiedemann) |
|
1441 - Make build verbose (contributed by Martin Liška) |
|
1442 - remove obsolete kde.js setting (boo#1151186) and related patch |
|
1443 firefox-add-kde.js-in-order-to-survive-PGO-build.patch |
|
1444 - update create-tar.sh to latest revision and adjusted tar_stamps |
|
1445 - add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO) |
|
1446 - extension preferences moved from branding package to core package |
|
1447 (packaging but not branding specific) |
|
1448 |
|
1449 ------------------------------------------------------------------- |
|
1450 Thu Sep 19 13:31:16 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1451 |
|
1452 - Mozilla Firefox 69.0.1 |
|
1453 * Fixed external programs launching in the background when clicking |
|
1454 a link from inside Firefox to launch them (bmo#1570845) |
|
1455 * Usability improvements to the Add-ons Manager for users with |
|
1456 screen readers (bmo#1567600) |
|
1457 * Fixed the Captive Portal notification bar not being dismissable |
|
1458 in some situations after login is complete (bmo#1578633) |
|
1459 * Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454) |
|
1460 * Fixed missing stacks in the Developer Tools Performance section |
|
1461 (bmo#1578354) |
|
1462 MFSA 2019-31 |
|
1463 * CVE-2019-11754 (bmo#1580506) |
|
1464 Pointer Lock is enabled with no user notification |
|
1465 - disable DOH by default |
|
1466 |
|
1467 ------------------------------------------------------------------- |
|
1468 Thu Sep 5 13:02:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1469 |
|
1470 - Mozilla Firefox 69.0 |
|
1471 * Enhanced Tracking Protection (ETP) for stronger privacy protections |
|
1472 * Block Autoplay feature is enhanced to give users the option to block |
|
1473 any video |
|
1474 * Users in the US or using the en-US browser, can get a new “New Tab” |
|
1475 page experience connecting to the best of Pocket's content. |
|
1476 * Support for the Web Authentication HmacSecret extension via |
|
1477 Windows Hello introduced. |
|
1478 * Support for receiving multiple video codecs with this release makes |
|
1479 it easier for WebRTC conferencing services to mix video from |
|
1480 different clients. |
|
1481 MFSA 2019-25 (boo#1149324) |
|
1482 * CVE-2019-11741 (bmo#1539595) |
|
1483 Isolate addons.mozilla.org and accounts.firefox.com |
|
1484 * CVE-2019-5849 (bmo#1555838) |
|
1485 Out-of-bounds read in Skia |
|
1486 * CVE-2019-11737 (bmo#1388015) |
|
1487 Content security policy directives ignore port and path if host is a wildcard |
|
1488 * CVE-2019-11734 (bmo#1352875,bmo#1536227,bmo#1557208,bmo#1560641) |
|
1489 Memory safety bugs fixed in Firefox 69 |
|
1490 * CVE-2019-11735 (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912, |
|
1491 bmo#1565744,bmo#1568858,bmo#1570358) |
|
1492 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 |
|
1493 * CVE-2019-11740 (bmo#1563133,bmo#1573160) |
|
1494 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 |
|
1495 - requires |
|
1496 * rust/cargo >= 1.35 |
|
1497 * rust-cbindgen >= 0.9.0 |
|
1498 * mozilla-nss >= 3.45 |
|
1499 - rebased patches |
|
1500 |
|
1501 ------------------------------------------------------------------- |
|
1502 Wed Sep 4 15:38:40 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1503 |
|
1504 - added a bunch of patches mainly for big endian platforms |
|
1505 * mozilla-bmo1504834-part1.patch |
|
1506 * mozilla-bmo1504834-part2.patch |
|
1507 * mozilla-bmo1504834-part3.patch |
|
1508 * mozilla-bmo1511604.patch |
|
1509 * mozilla-bmo1554971.patch |
|
1510 * mozilla-bmo1573381.patch |
|
1511 * mozilla-nestegg-big-endian.patch |
|
1512 * mozilla-bmo1512162.patch |
|
1513 |
|
1514 ------------------------------------------------------------------- |
|
1515 Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1516 |
|
1517 - Mozilla Firefox 68.1.0 |
|
1518 MFSA 2019-26 |
|
1519 * CVE-2019-11751 (bmo#1572838; Windows only) |
|
1520 Malicious code execution through command line parameters |
|
1521 * CVE-2019-11746 (bmo#1564449) |
|
1522 Use-after-free while manipulating video |
|
1523 * CVE-2019-11744 (bmo#1562033) |
|
1524 XSS by breaking out of title and textarea elements using innerHTML |
|
1525 * CVE-2019-11742 (bmo#1559715) |
|
1526 Same-origin policy violation with SVG filters and canvas to steal |
|
1527 cross-origin images |
|
1528 * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only)) |
|
1529 File manipulation and privilege escalation in Mozilla Maintenance Service |
|
1530 * CVE-2019-11753 (bmo#1574980; Windows only) |
|
1531 Privilege escalation with Mozilla Maintenance Service in custom |
|
1532 Firefox installation location |
|
1533 * CVE-2019-11752 (bmo#1501152) |
|
1534 Use-after-free while extracting a key value in IndexedDB |
|
1535 * CVE-2019-9812 (bmo#1538008, bmo#1538015) |
|
1536 Sandbox escape through Firefox Sync |
|
1537 * CVE-2019-11743 (bmo#1560495) |
|
1538 Cross-origin access to unload event attributes |
|
1539 * CVE-2019-11748 (bmo#1564588) |
|
1540 Persistence of WebRTC permissions in a third party context |
|
1541 * CVE-2019-11749 (bmo#1565374) |
|
1542 Camera information available without prompting using getUserMedia |
|
1543 * CVE-2019-11750 (bmo#1568397) |
|
1544 Type confusion in Spidermonkey |
|
1545 * CVE-2019-11738 (bmo#1452037) |
|
1546 Content security policy bypass through hash-based sources in directives |
|
1547 * CVE-2019-11747 (bmo#1564481) |
|
1548 'Forget about this site' removes sites from pre-loaded HSTS list |
|
1549 * CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912, |
|
1550 bmo#1565744,bmo#1568858,bmo#1570358) |
|
1551 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 |
|
1552 * CVE-2019-11740 (bmo#1563133,bmo#1573160) |
|
1553 Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 |
|
1554 - switched package to ESR branch |
|
1555 - added mozilla-bmo1568145.patch to make builds reproducible |
|
1556 - removed upstreamed patch mozilla-gcc-internal-compiler-error.patch |
|
1557 |
|
1558 ------------------------------------------------------------------- |
|
1559 Sun Aug 18 17:29:25 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> |
|
1560 |
|
1561 - Mozilla Firefox 68.0.2: |
|
1562 * Fixed a bug causing some special characters to be cut off from |
|
1563 the end of the search terms when searching from the URL bar |
|
1564 (bmo#1560228) |
|
1565 * Allow fonts to be loaded via file:// URLs when opening a page |
|
1566 locally (bmo#1565942) |
|
1567 * Printing emails from the Outlook web app no longer prints only |
|
1568 the header and footer (bmo#1567105) |
|
1569 * Fixed a bug causing some images not to be displayed on reload, |
|
1570 including on Google Maps (bmo# 1565542) |
|
1571 * Fixed an error when starting external applications configured |
|
1572 as URI handlers (bmo#1567614) |
|
1573 MFSA 2019-24 (boo#1145665) |
|
1574 * CVE-2019-11733: Stored passwords in 'Saved Logins' can be |
|
1575 copied without master password entry (bmo#1565780) |
|
1576 - drop fix-build-after-y2038-changes-in-glibc.patch, upstream |
|
1577 |
|
1578 ------------------------------------------------------------------- |
|
1579 Fri Aug 16 16:49:24 UTC 2019 - Jonathan Brielmaier <jbrielmaier@suse.de> |
|
1580 |
|
1581 - Fix crash when typing in the URL bar on ppc64le (bmo#1512162). |
|
1582 The upstream patch doesn't resolve the issue on TW, but compiling |
|
1583 with -O1 does. Do this until we have a proper fix. |
|
1584 |
|
1585 ------------------------------------------------------------------- |
|
1586 Thu Aug 1 14:25:02 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
1587 |
|
1588 - Update build constraints to fix arm builds |
|
1589 |
|
1590 ------------------------------------------------------------------- |
|
1591 Fri Jul 19 08:11:27 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1592 |
|
1593 - Mozilla Firefox 68.0.1 |
|
1594 * Fixed missing Full Screen button when watching videos in full |
|
1595 screen mode on HBO GO (bmo#1562837) |
|
1596 * Fixed a bug causing incorrect messages to appear for some |
|
1597 locales when sites try to request the use of the Storage |
|
1598 Access API (bmo#1558503) |
|
1599 * Users in Russian regions may have their default search engine |
|
1600 changed (bmo#1565315) |
|
1601 * Built-in search engines in some locales do not function |
|
1602 correctly (bmo#1565779) |
|
1603 * SupportMenu policy doesn't always work (bmo#1553290) |
|
1604 * Allow the privacy.file_unique_origin pref to be controlled by |
|
1605 policy (bmo#1563759) |
|
1606 |
|
1607 ------------------------------------------------------------------- |
|
1608 Thu Jul 11 10:51:39 UTC 2019 - Jiri Slaby <jslaby@suse.com> |
|
1609 |
|
1610 - add fix-build-after-y2038-changes-in-glibc.patch |
|
1611 |
|
1612 ------------------------------------------------------------------- |
|
1613 Wed Jul 10 13:47:41 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com> |
|
1614 |
|
1615 - Generate langpacks sequentially to avoid file corruption |
|
1616 from racy file writes (boo#1137970) |
|
1617 |
|
1618 ------------------------------------------------------------------- |
|
1619 Mon Jul 8 13:30:35 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1620 |
|
1621 - Mozilla Firefox 68.0 |
|
1622 * Dark mode in reader view |
|
1623 * Improved extension security and discovery |
|
1624 * Cryptomining and fingerprinting protections are added to strict |
|
1625 content blocking settings in Privacy & Security preferences |
|
1626 * Camera and microphone access now require an HTTPS connection |
|
1627 MFSA 2019-21 (bsc#1140868) |
|
1628 * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327) |
|
1629 Sandbox escape via installation of malicious languagepack |
|
1630 * CVE-2019-11711 (bmo#1552541) |
|
1631 Script injection within domain through inner window reuse |
|
1632 * CVE-2019-11712 (bmo#1543804) |
|
1633 Cross-origin POST requests can be made with NPAPI plugins by |
|
1634 following 308 redirects |
|
1635 * CVE-2019-11713 (bmo#1528481) |
|
1636 Use-after-free with HTTP/2 cached stream |
|
1637 * CVE-2019-11714 (bmo#1542593) |
|
1638 NeckoChild can trigger crash when accessed off of main thread |
|
1639 * CVE-2019-11729 (bmo#1515342) |
|
1640 Empty or malformed p256-ECDH public keys may trigger a segmentation fault |
|
1641 * CVE-2019-11715 (bmo#1555523) |
|
1642 HTML parsing error can contribute to content XSS |
|
1643 * CVE-2019-11716 (bmo#1552632) |
|
1644 globalThis not enumerable until accessed |
|
1645 * CVE-2019-11717 (bmo#1548306) |
|
1646 Caret character improperly escaped in origins |
|
1647 * CVE-2019-11718 (bmo#1408349) |
|
1648 Activity Stream writes unsanitized content to innerHTML |
|
1649 * CVE-2019-11719 (bmo#1540541) |
|
1650 Out-of-bounds read when importing curve25519 private key |
|
1651 * CVE-2019-11720 (bmo#1556230) |
|
1652 Character encoding XSS vulnerability |
|
1653 * CVE-2019-11721 (bmo#1256009) |
|
1654 Domain spoofing through unicode latin 'kra' character |
|
1655 * CVE-2019-11730 (bmo#1558299) |
|
1656 Same-origin policy treats all files in a directory as having the |
|
1657 same-origin |
|
1658 * CVE-2019-11723 (bmo#1528335) |
|
1659 Cookie leakage during add-on fetching across private browsing boundaries |
|
1660 * CVE-2019-11724 (bmo#1512511) |
|
1661 Retired site input.mozilla.org has remote troubleshooting permissions |
|
1662 * CVE-2019-11725 (bmo#1483510) |
|
1663 Websocket resources bypass safebrowsing protections |
|
1664 * CVE-2019-11727 (bmo#1552208) |
|
1665 PKCS#1 v1.5 signatures can be used for TLS 1.3 |
|
1666 * CVE-2019-11728 (bmo#1552993) |
|
1667 Port scanning through Alt-Svc header |
|
1668 * CVE-2019-11710 (bmo#1549768, bmo#1548611, bmo#1533842, bmo#1537692, |
|
1669 bmo#1540590, bmo#1551907, bmo#1510345, bmo#1535482, bmo#1535848, |
|
1670 bmo#1547472, bmo#1547760, bmo#1507696, bmo#1544180) |
|
1671 Memory safety bugs fixed in Firefox 68 |
|
1672 * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498 |
|
1673 bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522) |
|
1674 Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 |
|
1675 - requires |
|
1676 * NSS 3.44.1 |
|
1677 * rust/cargo 1.34 |
|
1678 * rust-cbindgen 0.8.7 |
|
1679 - rebased patches |
|
1680 * mozilla-aarch64-startup-crash.patch |
|
1681 * mozilla-kde.patch |
|
1682 * mozilla-nongnome-proxies.patch |
|
1683 * firefox-kde.patch |
|
1684 - use new create-tar.sh and add tar_stamps for package definitions |
|
1685 - added patches imported from SLE flavour |
|
1686 * mozilla-gcc-internal-compiler-error.patch |
|
1687 * mozilla-bmo1005535.patch |
|
1688 * mozilla-ppc-altivec_static_inline.patch |
|
1689 * mozilla-reduce-rust-debuginfo.patch |
|
1690 * mozilla-s390-bigendian.patch |
|
1691 * mozilla-s390-context.patch |
|
1692 |
|
1693 ------------------------------------------------------------------- |
|
1694 Mon Jul 2 14:15:17 UTC 2019 - Martin Liška <mliska@suse.cz> |
|
1695 |
|
1696 - Enable PGO for x86_64. |
|
1697 * added firefox-add-kde.js-in-order-to-survive-PGO-build.patch |
|
1698 |
|
1699 ------------------------------------------------------------------- |
|
1700 Thu Jun 20 06:20:59 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1701 |
|
1702 - Mozilla Firefox 67.0.4 |
|
1703 MFSA 2019-19 (boo#1138872) |
|
1704 * CVE-2019-11708 (bmo#1559858) |
|
1705 sandbox escape using Prompt:Open |
|
1706 |
|
1707 ------------------------------------------------------------------- |
|
1708 Tue Jun 18 18:36:15 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1709 |
|
1710 - Mozilla Firefox 67.0.3 |
|
1711 MFSA 2019-18 (boo#1138614) |
|
1712 * CVE-2019-11707 (bmo#1544386) |
|
1713 Type confusion in Array.pop |
|
1714 |
|
1715 ------------------------------------------------------------------- |
|
1716 Thu Jun 12 14:56:32 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net> |
|
1717 |
|
1718 - Mozilla Firefox 67.0.2 |
|
1719 * Fixed: Fix JavaScript error ("TypeError: data is null in |
|
1720 PrivacyFilter.jsm") in console which may significantly degrade |
|
1721 sessionstore reliability and performance (bmo#1553413) |
|
1722 * Fixed: Proxy authentication dialog box repeatedly pops up |
|
1723 asking to authenticate after upgrading to Firefox 67 (bmo#1548804) |
|
1724 * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's |
|
1725 implementation (bmo#1551282) |
|
1726 * Fixed: Starting in safe mode on Linux or macOS causes Firefox |
|
1727 to think on the subsequent launch that the profile is too |
|
1728 recent to be used with this version of Firefox (bmo#1556612) |
|
1729 * Fixed: Linux distribution users can't easily install/use |
|
1730 additional/different languages using the built-in preferences |
|
1731 UI (bmo#1554744) |
|
1732 * Fixed: Developer tools users can't copy the href/src content |
|
1733 from various HTML tags via the context menu in the Inspector |
|
1734 markup view (bmo#1552275) |
|
1735 * Fixed: Custom home page is broken with clearing data on shutdown |
|
1736 settings applied (bmo#1554167) |
|
1737 * Fixed: Performance-regression for eclipse RAP based applications |
|
1738 (bmo#1555962) |
|
1739 * Fixed: macOS 10.15 crash fix (bmo#1556076) |
|
1740 * Fixed: Can't start two downloads in parallel via <a download> |
|
1741 anymore (bmo#1542912) |
|
1742 |
|
1743 ------------------------------------------------------------------- |
|
1744 Thu Jun 6 06:49:51 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net> |
|
1745 |
|
1746 - Mozilla Firefox 67.0.1 |
|
1747 * enable enhanced tracking protection by default for new users |
|
1748 * upgrade of Facebook container to version 2.0 |
|
1749 * new version of Firefox Lockwise (password management) |
|
1750 * new version of Firefox Monitor |
|
1751 * Firefox Send improvements |
|
1752 |
|
1753 ------------------------------------------------------------------- |
|
1754 Sun May 19 20:40:30 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1755 |
|
1756 - Mozilla Firefox 67.0 |
|
1757 * Firefox 67 will be able to run different Firefox installs side by side |
|
1758 https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/ |
|
1759 * Tabs can now be pinned from the Page Actions menu in the address bar |
|
1760 * Users can block known cryptominers and fingerprinters in the |
|
1761 Custom settings or their Content Blocking preferences |
|
1762 * The Import Data from Another Browser feature is now also available |
|
1763 from the File menu |
|
1764 * Firefox will now protect you against running older versions which |
|
1765 can lead to data corruption and stability issues |
|
1766 * Easier access to your list of saved logins from the main menu and |
|
1767 login autocomplete |
|
1768 * We’ve added a toolbar menu for your Firefox Account to provide more |
|
1769 transparency for when you are synced, sharing data across devices |
|
1770 and with Firefox. Personalize the appearance of the menu with your |
|
1771 own avatar |
|
1772 * Enable FIDO U2F API, and permit registrations for Google Accounts |
|
1773 * Enabled AV1 support on Linux |
|
1774 MFSA 2019-13 (boo#1135824) |
|
1775 * CVE-2019-9815 (bmo#1546544) |
|
1776 Disable hyperthreading on content JavaScript threads on macOS |
|
1777 * CVE-2019-9816 (bmo#1536768) |
|
1778 Type confusion with object groups and UnboxedObjects |
|
1779 * CVE-2019-9817 (bmo#1540221) |
|
1780 Stealing of cross-domain images using canvas |
|
1781 * CVE-2019-9818 (bmo#1542581) (Windows only) |
|
1782 Use-after-free in crash generation server |
|
1783 * CVE-2019-9819 (bmo#1532553) |
|
1784 Compartment mismatch with fetch API |
|
1785 * CVE-2019-9820 (bmo#1536405) |
|
1786 Use-after-free of ChromeEventHandler by DocShell |
|
1787 * CVE-2019-9821 (bmo#1539125) |
|
1788 Use-after-free in AssertWorkerThread |
|
1789 * CVE-2019-11691 (bmo#1542465) |
|
1790 Use-after-free in XMLHttpRequest |
|
1791 * CVE-2019-11692 (bmo#1544670) |
|
1792 Use-after-free removing listeners in the event listener manager |
|
1793 * CVE-2019-11693 (bmo#1532525) |
|
1794 Buffer overflow in WebGL bufferdata on Linux |
|
1795 * CVE-2019-7317 (bmo#1542829) |
|
1796 Use-after-free in png_image_free of libpng library |
|
1797 * CVE-2019-11694 (bmo#1534196) (Windows only) |
|
1798 Uninitialized memory memory leakage in Windows sandbox |
|
1799 * CVE-2019-11695 (bmo#1445844) |
|
1800 Custom cursor can render over user interface outside of web content |
|
1801 * CVE-2019-11696 (bmo#1392955) |
|
1802 Java web start .JNLP files are not recognized as executable files |
|
1803 for download prompts |
|
1804 * CVE-2019-11697 (bmo#1440079) |
|
1805 Pressing key combinations can bypass installation prompt delays and |
|
1806 install extensions |
|
1807 * CVE-2019-11698 (bmo#1543191) |
|
1808 Theft of user history data through drag and drop of hyperlinks |
|
1809 to and from bookmarks |
|
1810 * CVE-2019-11700 (bmo#1549833) (Windows only) |
|
1811 res: protocol can be used to open known local files |
|
1812 * CVE-2019-11699 (bmo#1528939) |
|
1813 Incorrect domain name highlighting during page navigation |
|
1814 * CVE-2019-11701 (bmo#1518627) |
|
1815 webcal: protocol default handler loads vulnerable web page |
|
1816 * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159, |
|
1817 bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425) |
|
1818 Memory safety bugs fixed in Firefox 67 |
|
1819 * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136, |
|
1820 bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108, |
|
1821 bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097, |
|
1822 bmo#1532465, bmo#1533554, bmo#1541580) |
|
1823 Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 |
|
1824 - requires |
|
1825 * rust/cargo >= 1.32 |
|
1826 * mozilla-nspr >= 4.21 |
|
1827 * mozilla-nss >= 3.43 |
|
1828 * rust-cbindgen >= 0.8.2 |
|
1829 - rebased patches |
|
1830 - KDE integration for default browser detection is broken in this revision |
|
1831 |
|
1832 ------------------------------------------------------------------- |
|
1833 Fri May 17 12:04:49 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
1834 |
|
1835 - Fix armv7 build with: |
|
1836 * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch |
|
1837 |
|
1838 ------------------------------------------------------------------- |
|
1839 Fri May 10 10:30:05 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net> |
|
1840 |
|
1841 - Mozilla Firefox 66.0.5 |
|
1842 * Fixed: Further improvements to re-enable web extensions which |
|
1843 had been disabled for users with a master password set (bmo#1549249) |
|
1844 |
|
1845 ------------------------------------------------------------------- |
|
1846 Sun May 5 20:21:02 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1847 |
|
1848 - Mozilla Firefox 66.0.4 (boo#1134126) |
|
1849 * fix extension certificate chain |
|
1850 https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/ |
|
1851 |
|
1852 ------------------------------------------------------------------- |
|
1853 Thu Apr 11 09:16:17 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net> |
|
1854 |
|
1855 - Mozilla Firefox 66.0.3 |
|
1856 * Fixed: Address bar on tablets running Windows 10 now behaves |
|
1857 correctly (bmo#1498973) |
|
1858 * Fixed: Performance issues with some HTML5 games (bmo#1537609) |
|
1859 * Fixed a bug with keypress events in IBM cloud applications |
|
1860 (bmo#1538970) |
|
1861 * Fix for keypress events in some Microsoft cloud applications |
|
1862 (bmo#1539618) |
|
1863 * Changed: Updated Baidu search plugin |
|
1864 |
|
1865 ------------------------------------------------------------------- |
|
1866 Thu Mar 28 19:01:41 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net> |
|
1867 |
|
1868 - Mozilla Firefox 66.0.2 |
|
1869 * Fixed Web compatibility issues with Office 365, iCloud and |
|
1870 IBM WebMail caused by recent changes to the handling of |
|
1871 keyboard events (bmo#1538966) |
|
1872 * Crash fixes (bmo#1521370, bmo#1539118) |
|
1873 |
|
1874 ------------------------------------------------------------------- |
|
1875 Thu Mar 28 09:58:36 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
1876 |
|
1877 - Add patch to fix aarch64 build: |
|
1878 * mozilla-fix-aarch64-libopus.patch (bmo#1539737) |
|
1879 |
|
1880 ------------------------------------------------------------------- |
|
1881 Fri Mar 22 22:22:08 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1882 |
|
1883 - Mozilla Firefox 66.0.1 |
|
1884 MFSA 2019-09 (bsc#1130262) |
|
1885 * CVE-2019-9810 (bmo#1537924) |
|
1886 IonMonkey MArraySlice has incorrect alias information |
|
1887 * CVE-2019-9813 (bmo#1538006) |
|
1888 Ionmonkey type confusion with __proto__ mutations |
|
1889 |
|
1890 ------------------------------------------------------------------- |
|
1891 Sun Mar 17 10:08:51 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1892 |
|
1893 - Mozilla Firefox 66.0 |
|
1894 * Increased content processes to 8 |
|
1895 * Added capability to search through open tabs from the tab overflow menu |
|
1896 * New backend for the storage.local WebExtensions API, providing |
|
1897 I/O performance improvements when the extension updates a small |
|
1898 subset of the stored data |
|
1899 * WebExtension keyboard shortcuts can now be managed or overridden |
|
1900 from about:addons |
|
1901 * Improved scrolling behavior: Firefox will now attempt to keep content |
|
1902 from jumping around while a page is loading by supporting scroll |
|
1903 anchoring |
|
1904 * New about:privatebrowsing with search |
|
1905 * A certificate error page now notifies the user of the name of the |
|
1906 certificate issuer that breaks HTTPs connections on intercepted |
|
1907 connections to help troubleshooting possible anti-virus software |
|
1908 issues. |
|
1909 * Fixed an performance issue some Linux users experienced with the |
|
1910 Downloads panel (bmo#1517101) |
|
1911 * Firefox now blocks all autoplay media with sound by default. Users |
|
1912 can add individual sites to an exceptions list or turn the blocking |
|
1913 off. |
|
1914 * System title bar is hidden by default to match Gnome guideline |
|
1915 MFSA 2019-07 (bsc#1129821) |
|
1916 * CVE-2019-9790 (bmo#1525145) |
|
1917 Use-after-free when removing in-use DOM elements |
|
1918 * CVE-2019-9791 (bmo#1530958) |
|
1919 Type inference is incorrect for constructors entered through on-stack |
|
1920 replacement with IonMonkey |
|
1921 * CVE-2019-9792 (bmo#1532599) |
|
1922 IonMonkey leaks JS_OPTIMIZED_OUT magic value to script |
|
1923 * CVE-2019-9793 (bmo#1528829) |
|
1924 Improper bounds checks when Spectre mitigations are disabled |
|
1925 * CVE-2019-9794 (bmo#1530103) (Windows only) |
|
1926 Command line arguments not discarded during execution |
|
1927 * CVE-2019-9795 (bmo#1514682) |
|
1928 Type-confusion in IonMonkey JIT compiler |
|
1929 * CVE-2019-9796 (bmo#1531277) |
|
1930 Use-after-free with SMIL animation controller |
|
1931 * CVE-2019-9797 (bmo#1528909) |
|
1932 Cross-origin theft of images with createImageBitmap |
|
1933 * CVE-2019-9798 (bmo#1527534) (Android only) |
|
1934 Library is loaded from world writable APITRACE_LIB location |
|
1935 * CVE-2019-9799 (bmo#1505678) |
|
1936 Information disclosure via IPC channel messages |
|
1937 * CVE-2019-9801 (bmo#1527717) (Windows only) |
|
1938 Windows programs that are not 'URL Handlers' are exposed to web content |
|
1939 * CVE-2019-9802 (bmo#1415508) |
|
1940 Chrome process information leak |
|
1941 * CVE-2019-9803 (bmo#1515863, bmo#1437009) |
|
1942 Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation |
|
1943 * CVE-2019-9804 (bmo#1518026) (MacOS only) |
|
1944 Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS |
|
1945 * CVE-2019-9805 (bmo#1521360) |
|
1946 Potential use of uninitialized memory in Prio |
|
1947 * CVE-2019-9806 (bmo#1525267) |
|
1948 Denial of service through successive FTP authorization prompts |
|
1949 * CVE-2019-9807 (bmo#1362050) |
|
1950 Text sent through FTP connection can be incorporated into alert messages |
|
1951 * CVE-2019-9809 (bmo#1282430, bmo#1523249) |
|
1952 Denial of service through FTP modal alert error messages |
|
1953 * CVE-2019-9808 (bmo#1434634) |
|
1954 WebRTC permissions can display incorrect origin with data: and blob: URLs |
|
1955 * CVE-2019-9789 bmo#1520483, bmo#1522987, bmo#1528199, bmo#1519337, |
|
1956 bmo#1525549, bmo#1516179, bmo#1518524, bmo#1518331, bmo#1526579, |
|
1957 bmo#1512567, bmo#1524335, bmo#1448505, bmo#1518821 |
|
1958 Memory safety bugs fixed in Firefox 66 |
|
1959 * CVE-2019-9788 bmo#1518001, bmo#1521304, bmo#1521214, bmo#1506665, |
|
1960 bmo#1516834, bmo#1518774, bmo#1524755, bmo#1523362, bmo#1524214, bmo#1529203 |
|
1961 Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 |
|
1962 - updated build/runtime requirements |
|
1963 * mozilla-nss >= 3.42.1 |
|
1964 * cargo/rust >= 1.31 |
|
1965 * rust-cbindgen >= 0.6.8 |
|
1966 * nasm >= 2.13 (new) |
|
1967 - removed obsolete patch |
|
1968 * mozilla-bmo256180.patch |
|
1969 |
|
1970 ------------------------------------------------------------------- |
|
1971 Tue Mar 5 10:17:01 UTC 2019 - Stephan Kulow <coolo@suse.com> |
|
1972 |
|
1973 - Do not hardcode nodejs8 but leave the prefer to the distribution |
|
1974 (Tumbleweed staging wants to switch to nodejs10) |
|
1975 |
|
1976 ------------------------------------------------------------------- |
|
1977 Fri Feb 15 13:45:57 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
1978 |
|
1979 - Update _constraints to avoid 'no space left' error seen on aarch64 |
|
1980 |
|
1981 ------------------------------------------------------------------- |
|
1982 Wed Feb 13 07:17:28 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
1983 |
|
1984 - Mozilla Firefox 65.0.1 |
|
1985 * Fixed accidental requests to addons.mozilla.org when an addon |
|
1986 recommendation doorhanger is shown (bmo#1526387) |
|
1987 * Improved playback of interactive Netflix videos (bmo#1524500) |
|
1988 * Fixed incorrect sizing of the "Clear Recent History" window in |
|
1989 some situations (bmo#1523696) |
|
1990 * Fixed audio & video delays while making WebRTC calls |
|
1991 (bmo#1521577, bmo#1523817) |
|
1992 * Fixed video sizing problems during some WebRTC calls (bmo#1520200) |
|
1993 * Fixed looping CONNECT requests when using WebSockets over HTTP/2 |
|
1994 from behind a proxy server (bmo#1523427) |
|
1995 * Fixed the "Enter" key not working on password entry fields for |
|
1996 certain Linux distributions (bmo#1523635) |
|
1997 MFSA 2019-04 (bsc#1125330) |
|
1998 * CVE-2018-18356 bmo#1525817 |
|
1999 Use-after-free in Skia |
|
2000 * CVE-2019-5785 bmo#1525433 |
|
2001 Integer overflow in Skia |
|
2002 * CVE-2018-18511 bmo#1526218 |
|
2003 Cross-origin theft of images with ImageBitmapRenderingContext |
|
2004 |
|
2005 ------------------------------------------------------------------- |
|
2006 Wed Feb 13 06:12:43 UTC 2019 - Martin Liška <mliska@suse.cz> |
|
2007 |
|
2008 - Enable LTO only for latest new toolchain (boo#1125038) for x86_64 |
|
2009 (with increased memory constraints) |
|
2010 |
|
2011 ------------------------------------------------------------------- |
|
2012 Sat Jan 26 22:37:01 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
2013 |
|
2014 - Mozilla Firefox 65.0 |
|
2015 * Enhanced tracking protection |
|
2016 * allow switching of UI locales within preferences |
|
2017 * support for the WebP image format |
|
2018 * "top"-like about:performance |
|
2019 MFSA 2019-01 (bsc#1122983) |
|
2020 * CVE-2018-18500 bmo#1510114 |
|
2021 Use-after-free parsing HTML5 stream |
|
2022 * CVE-2018-18503 bmo#1509442 |
|
2023 Memory corruption with Audio Buffer |
|
2024 * CVE-2018-18504 bmo#1496413 |
|
2025 Memory corruption and out-of-bounds read of texture client |
|
2026 * CVE-2018-18505 bmo#1497749 |
|
2027 Privilege escalation through IPC channel messages |
|
2028 * CVE-2018-18506 bmo#1503393 |
|
2029 Proxy Auto-Configuration file can define localhost access to be proxied |
|
2030 * CVE-2018-18502 bmo#1499426 bmo#1480090 bmo#1472990 bmo#1514762 |
|
2031 bmo#1501482 bmo#1505887 bmo#1508102 bmo#1508618 bmo#1511580 |
|
2032 bmo#1493497 bmo#1510145 bmo#1516289 bmo#1506798 bmo#1512758 |
|
2033 Memory safety bugs fixed in Firefox 65 |
|
2034 * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619 |
|
2035 bmo#1502871 bmo#1516738 bmo#1516514 |
|
2036 Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 |
|
2037 - requires |
|
2038 NSS 3.41 |
|
2039 rust/carge 1.30 |
|
2040 rust-cbindgen 0.6.7 |
|
2041 - rebased patches |
|
2042 - remove workaround for build memory consumption on i586; other |
|
2043 mitigations meanwhile introduced (mainly parallelity) will be |
|
2044 sufficient |
|
2045 mozilla-reduce-files-per-UnifiedBindings.patch |
|
2046 |
|
2047 ------------------------------------------------------------------- |
|
2048 Tue Jan 15 14:32:03 UTC 2019 - Martin Liška <mliska@suse.cz> |
|
2049 |
|
2050 - Increase disk constraint. |
|
2051 |
|
2052 ------------------------------------------------------------------- |
|
2053 Mon Jan 14 12:12:12 UTC 2019 - Martin Liška <mliska@suse.cz> |
|
2054 |
|
2055 - Remove -v from mach build in order to work-around bmo#1500436. |
|
2056 |
|
2057 ------------------------------------------------------------------- |
|
2058 Fri Jan 11 15:07:14 UTC 2019 - Martin Liška <mliska@suse.cz> |
|
2059 |
|
2060 - Set %clang_build to false on all architectures |
|
2061 - Do not use -fno-delete-null-pointer-checks and -fno-strict-aliasing: |
|
2062 it should not be needed anymore |
|
2063 - Do not overwrite enable-optimize and when possible |
|
2064 enable --enable-debug-symbols. |
|
2065 - Add -v to mach in order to make build verbose. |
|
2066 |
|
2067 ------------------------------------------------------------------- |
|
2068 Wed Jan 9 22:40:14 UTC 2019 - astieger@suse.com |
|
2069 |
|
2070 - Mozilla Firefox 64.0.2: |
|
2071 * Update the Japanese translation for missing strings (bmo#1513259) |
|
2072 * Properly restore column sizes in developer tools inspector (bmo#1503175) |
|
2073 * Fixed video stuttering on Youtube (bmo#1513511) |
|
2074 * Fix updates for some lightweight themes (bmo#1508777) |
|
2075 |
|
2076 ------------------------------------------------------------------- |
|
2077 Tue Dec 18 14:46:41 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
2078 |
|
2079 - Enable build_hardened for all architectures |
|
2080 - Switch back aarch64 to clang as '-fPIC' fixes bmo#1513605 |
|
2081 - Remove obolete '--enable-pie' as -pie is always enabled for |
|
2082 gcc and clang |
|
2083 |
|
2084 ------------------------------------------------------------------- |
|
2085 Wed Dec 12 17:33:29 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
2086 |
|
2087 - Switch aarch64 builds back to gcc, not clang (bmo#1513605) |
|
2088 - Switch %arm builds back to gcc, not clang to avoid OOM |
|
2089 - Fix build flags when clang is not used |
|
2090 - Fix flags for clang ppc64 builds |
|
2091 |
|
2092 ------------------------------------------------------------------- |
|
2093 Tue Dec 11 08:45:56 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
2094 |
|
2095 - update to Firefox 64.0 |
|
2096 * Better recommendations: You may see suggestions in regular browsing |
|
2097 mode for new and relevant Firefox features, services, and extensions |
|
2098 based on how you use the web (for US users only) |
|
2099 * Enhanced tab management: You can now select multiple tabs from the |
|
2100 tab bar and close, move, bookmark, or pin them quickly and easily |
|
2101 * Easier performance management: The new Task Manager page found at |
|
2102 about:performance lets you see how much energy each open tab consumes |
|
2103 and provides access to close tabs to conserve power |
|
2104 * Improved performance for Mac and Linux users, by enabling link time |
|
2105 optimization (Clang LTO). |
|
2106 * Added option to remove add-ons using the context menu on their |
|
2107 toolbar buttons |
|
2108 * RSS feed preview and live bookmarks are available only via add-ons |
|
2109 * TLS certificates issued by Symantec are no longer trusted by Firefox. |
|
2110 Website operators are strongly encouraged to replace any remaining |
|
2111 Symantec TLS certificates as soon as possible |
|
2112 MFSA 2018-29 (bsc#1119105) |
|
2113 * CVE-2018-12407 bmo#1505973 |
|
2114 Buffer overflow with ANGLE library when using VertexBuffer11 module |
|
2115 * CVE-2018-17466 bmo#1488295 |
|
2116 Buffer overflow and out-of-bounds read in ANGLE library with |
|
2117 TextureStorage11 |
|
2118 * CVE-2018-18492 bmo#1499861 |
|
2119 Use-after-free with select element |
|
2120 * CVE-2018-18493 bmo#1504452 |
|
2121 Buffer overflow in accelerated 2D canvas with Skia |
|
2122 * CVE-2018-18494 bmo#1487964 |
|
2123 Same-origin policy violation using location attribute and |
|
2124 performance.getEntries to steal cross-origin URLs |
|
2125 * CVE-2018-18495 bmo#1427585 |
|
2126 WebExtension content scripts can be loaded in about: pages |
|
2127 * CVE-2018-18496 bmo#1422231 (Windows only) |
|
2128 Embedded feed preview page can be abused for clickjacking |
|
2129 * CVE-2018-18497 bmo#1488180 |
|
2130 WebExtensions can load arbitrary URLs through pipe separators |
|
2131 * CVE-2018-18498 bmo#1500011 |
|
2132 Integer overflow when calculating buffer sizes for images |
|
2133 * CVE-2018-12406 bmo#1456947 bmo#1475669 bmo#1504816 bmo#1502886 |
|
2134 bmo#1500064 bmo#1500310 bmo#1500696 bmo#1498765 bmo#1499198 bmo#1434490 |
|
2135 bmo#1481745 bmo#1458129 |
|
2136 Memory safety bugs fixed in Firefox 64 |
|
2137 * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759 |
|
2138 bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471 |
|
2139 Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 |
|
2140 - requires |
|
2141 * rust/cargo >= 1.29 |
|
2142 * mozilla-nss >= 3.40.1 |
|
2143 * rust-cbindgen >= 0.6.4 |
|
2144 - rebased patches |
|
2145 - removed obsolete patch |
|
2146 * mozilla-bmo1491289.patch |
|
2147 - now uses clang primarily for compilation |
|
2148 |
|
2149 ------------------------------------------------------------------- |
|
2150 Wed Nov 28 11:07:18 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
2151 |
|
2152 - Remove --disable-elf-hack when not available: on aarch64 and ppc64* |
|
2153 |
|
2154 ------------------------------------------------------------------- |
|
2155 Mon Nov 26 09:46:02 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
2156 |
|
2157 - Clean-up %arm build |
|
2158 |
|
2159 ------------------------------------------------------------------- |
|
2160 Sun Nov 18 11:01:21 UTC 2018 - manfred.h@gmx.net |
|
2161 |
|
2162 - update to Firefox 63.0.3 |
|
2163 * Games using WebGL (created in Unity) get stuck after very short |
|
2164 time of gameplay (bmo#1502748) |
|
2165 * Slow page loading for some users with specific proxy configurations |
|
2166 (bmo#1495024) |
|
2167 * Disable HTTP response throttling by default for causing bugs with |
|
2168 videos in background tabs (bmo#1503354) |
|
2169 * Opening magnet links no longer works (bmo#1498934) |
|
2170 * Crash fixes (bmo#1498510, bmo#1503424) |
|
2171 - removed mozilla-newer-cbindgen.patch; no longer needed |
|
2172 |
|
2173 ------------------------------------------------------------------- |
|
2174 Thu Nov 8 14:59:13 UTC 2018 - wr@rosenauer.org |
|
2175 |
|
2176 - update to Firefox 63.0.1 |
|
2177 * Snippets are not loaded due to missing element (bmo#1503047) |
|
2178 * Print preview always shows 30& scale when it is actually |
|
2179 Shrink To Fit (bmo#1501952) |
|
2180 * Dialog displayed when closing multiple windows shows unreplaced |
|
2181 %1$S placeholder in Japanese and potentially other locales |
|
2182 (bmo#1500823) |
|
2183 |
|
2184 ------------------------------------------------------------------- |
|
2185 Mon Oct 29 14:07:51 UTC 2018 - wr@rosenauer.org |
|
2186 |
|
2187 - update to Firefox 63.0 |
|
2188 * WebExtensions now run in their own process on Linux |
|
2189 * The Ctrl+Tab shortcut now displays thumbnail previews of your |
|
2190 tabs and cycles through tabs in recently used order. This new |
|
2191 default behavior is activated only in new profiles and can be |
|
2192 changed in preferences. |
|
2193 * Added support for Web Components custom elements and shadow DOM |
|
2194 MFSA 2018-26 (bsc#1112852) |
|
2195 * CVE-2018-12391 (bmo#1478843) (Android-only) |
|
2196 HTTP Live Stream audio data is accessible cross-origin |
|
2197 * CVE-2018-12392 (bmo#1492823) |
|
2198 Crash with nested event loops |
|
2199 * CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs) |
|
2200 Integer overflow during Unicode conversion while loading JavaScript |
|
2201 * CVE-2018-12395 (bmo#1467523) |
|
2202 WebExtension bypass of domain restrictions through header rewriting |
|
2203 * CVE-2018-12396 (bmo#1483602) |
|
2204 WebExtension content scripts can execute in disallowed contexts |
|
2205 * CVE-2018-12397 (bmo#1487478) |
|
2206 Missing warning prompt when WebExtension requests local file access |
|
2207 * CVE-2018-12398 (bmo#1460538, bmo#1488061) |
|
2208 CSP bypass through stylesheet injection in resource URIs |
|
2209 * CVE-2018-12399 (bmo#1490276) |
|
2210 Spoofing of protocol registration notification bar |
|
2211 * CVE-2018-12400 (bmo#1448305) (Android only) |
|
2212 Favicons are cached in private browsing mode on Firefox for Android |
|
2213 * CVE-2018-12401 (bmo#1422456) |
|
2214 DOS attack through special resource URI parsing |
|
2215 * CVE-2018-12402 (bmo#1469916) |
|
2216 SameSite cookies leak when pages are explicitly saved |
|
2217 * CVE-2018-12403 (bmo#1484753) |
|
2218 Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP |
|
2219 * CVE-2018-12388 (bmo#1472639, bmo#1485698, bmo#1301547, bmo#1471427, |
|
2220 bmo#1379411, bmo#1482122, bmo#1486314, bmo#1487167) |
|
2221 Memory safety bugs fixed in Firefox 63 |
|
2222 * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159, |
|
2223 bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803, |
|
2224 bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699, |
|
2225 bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844) |
|
2226 Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 |
|
2227 - requires NSPR 4.20, NSS 3.39 and Rust 1.28 |
|
2228 - latest rust does not provide rust-std so stop requiring it |
|
2229 - requires rust-cbindgen >= 0.6.2 to build |
|
2230 - requires nodejs >= 8.11 to build |
|
2231 - added mozilla-bmo1491289.patch to fix system NSS build (bmo#1491289) |
|
2232 - added mozilla-cubeb-noreturn.patch to fix non-return function |
|
2233 - added mozilla-newer-cbindgen.patch to fix build with cbindgen 0.6.7 |
|
2234 - disable elfhack for TW and newer due to build errors |
|
2235 - removed obsolete patches |
|
2236 * mozilla-no-return.patch |
|
2237 * mozilla-no-stdcxx-check.patch |
|
2238 |
|
2239 ------------------------------------------------------------------- |
|
2240 Thu Oct 25 14:39:04 UTC 2018 - guillaume.gardet@opensuse.org |
|
2241 |
|
2242 - Update _constraints for armv6/7 |
|
2243 |
|
2244 ------------------------------------------------------------------- |
|
2245 Thu Oct 25 08:50:24 UTC 2018 - guillaume.gardet@opensuse.org |
|
2246 |
|
2247 - Add patch to fix build on armv7: |
|
2248 * mozilla-bmo1463035.patch |
|
2249 |
|
2250 ------------------------------------------------------------------- |
|
2251 Tue Oct 2 21:28:31 UTC 2018 - astieger@suse.com |
|
2252 |
|
2253 - Mozilla Firefox 62.0.3: |
|
2254 MFSA 2018-24 |
|
2255 * CVE-2018-12386 (bsc#1110506, bmo#1493900) |
|
2256 Type confusion in JavaScript allowed remote code execution |
|
2257 * CVE-2018-12387 (bsc#1110507, bmo#1493903) |
|
2258 Array.prototype.push stack pointer vulnerability may enable |
|
2259 exploits in the sandboxed content process |
|
2260 |
|
2261 ------------------------------------------------------------------- |
|
2262 Sat Sep 22 09:03:53 UTC 2018 - astieger@suse.com |
|
2263 |
|
2264 - Mozilla Firefox 62.0.2: |
|
2265 MFSA 2018-22 |
|
2266 * CVE-2018-12385 (boo#1109363, bmo#1490585) |
|
2267 Crash in TransportSecurityInfo due to cached data |
|
2268 * Unvisited bookmarks can once again be autofilled in the address |
|
2269 bar |
|
2270 * Fix WebGL rendering issues |
|
2271 * Fix fallback on startup when a language pack is missing |
|
2272 * Avoid crash when sharing a profile with newer (as yet |
|
2273 unreleased) versions of Firefox |
|
2274 * Do not undo removal of search engines when using a language |
|
2275 pack |
|
2276 * Fixed rendering of some web sites |
|
2277 * Restored compatibility with some sites using deprecated TLS |
|
2278 settings |
|
2279 - disable rust debug symbols to fix build on %ix86 |
|
2280 |
|
2281 ------------------------------------------------------------------- |
|
2282 Mon Sep 3 10:47:43 UTC 2018 - wr@rosenauer.org |
|
2283 |
|
2284 - update to Firefox 62.0 |
|
2285 * Firefox Home (the default New Tab) now allows users to display |
|
2286 up to 4 rows of top sites, Pocket stories, and highlights |
|
2287 * "Reopen in Container" tab menu option appears for users with |
|
2288 Containers that lets them choose to reopen a tab in a different |
|
2289 container |
|
2290 * In advance of removing all trust for Symantec-issued certificates |
|
2291 in Firefox 63, a preference was added that allows users to distrust |
|
2292 certificates issued by Symantec. To use this preference, go to |
|
2293 about:config in the address bar and set the preference |
|
2294 "security.pki.distrust_ca_policy" to 2. |
|
2295 * Support for CSS Shapes, allowing for richer web page layouts. |
|
2296 This goes hand in hand with a brand new Shape Path Editor in the |
|
2297 CSS inspector. |
|
2298 * CSS Variable Fonts (OpenType Font Variations) support, which makes |
|
2299 it possible to create beautiful typography with a single font file |
|
2300 * Added Canadian English (en-CA) locale |
|
2301 MFSA 2018-20 (bsc#1107343) |
|
2302 * CVE-2018-12377 (bmo#1470260) |
|
2303 Use-after-free in refresh driver timers |
|
2304 * CVE-2018-12378 (bmo#1459383) |
|
2305 Use-after-free in IndexedDB |
|
2306 * CVE-2018-12379 (bmo#1473113) (updater is disabled for us) |
|
2307 Out-of-bounds write with malicious MAR file |
|
2308 * CVE-2017-16541 (bmo#1412081) |
|
2309 Proxy bypass using automount and autofs |
|
2310 * CVE-2018-12381 (bmo#1435319) |
|
2311 Dragging and dropping Outlook email message results in page navigation |
|
2312 * CVE-2018-12382 (bmo#1479311) (Android only) |
|
2313 Addressbar spoofing with javascript URI on Firefox for Android |
|
2314 * CVE-2018-12383 (bmo#1475775) |
|
2315 Setting a master password post-Firefox 58 does not delete |
|
2316 unencrypted previously stored passwords |
|
2317 * CVE-2018-12375 |
|
2318 Memory safety bugs fixed in Firefox 62 |
|
2319 * CVE-2018-12376 |
|
2320 Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 |
|
2321 - requires NSS >= 3.38 |
|
2322 - removed obsolete patch |
|
2323 mozilla-bmo1464766.patch |
|
2324 |
|
2325 ------------------------------------------------------------------- |
|
2326 Thu Aug 9 14:22:00 UTC 2018 - wr@rosenauer.org |
|
2327 |
|
2328 - update to Firefox 61.0.2 |
|
2329 * Improved website rendering with the Retained Display List feature |
|
2330 enabled (bmo#1474402) |
|
2331 * Fixed broken DevTools panels with certain extensions installed |
|
2332 (bmo#1474379) |
|
2333 * Fixed a crash for users with some accessibility tools enabled |
|
2334 (bmo#1474007) |
|
2335 |
|
2336 ------------------------------------------------------------------- |
|
2337 Mon Jul 9 07:22:09 UTC 2018 - astieger@suse.com |
|
2338 |
|
2339 - Mozilla Firefox 61.0.1: |
|
2340 * Fix missing content on the New Tab Page and the Home section of |
|
2341 the Preferences page (bmo#1471375) |
|
2342 * Fixed loss of bookmarks under rare circumstances when upgrading |
|
2343 from Firefox 60 (bmo#1472127) |
|
2344 * Improved playback of Twitch 1080p video streams (bmo#1469257) |
|
2345 * Web pages no longer lose focus when a browser popup window is |
|
2346 opened (bmo#1471415) |
|
2347 * Re-allowed downloading files from FTP sites via the "Save Link |
|
2348 As" option when linked from HTTP pages (bmo#1470295) |
|
2349 * Fixed extensions being unable to override the default homepage |
|
2350 in certain situations (bmo#1466846) |
|
2351 |
|
2352 ------------------------------------------------------------------- |
|
2353 Sat Jun 23 07:25:51 UTC 2018 - wr@rosenauer.org |
|
2354 |
|
2355 - update to Firefox 61.0 |
|
2356 * Performance enhancements |
|
2357 * Various improvements for dark theme support will provide a more |
|
2358 consistent experience across the entire Firefox UI |
|
2359 * OpenSearch plugins offered by web pages can now be added from the |
|
2360 page action menu for easier installation |
|
2361 * Improved support for allowing WebExtensions to manage and hide tabs |
|
2362 MFSA 2018-15 (bsc#1098998) |
|
2363 * CVE-2018-12359 (bmo#1459162) |
|
2364 Buffer overflow using computed size of canvas element |
|
2365 * CVE-2018-12360 (bmo#1459693) |
|
2366 Use-after-free when using focus() |
|
2367 * CVE-2018-12361 (bmo#1463244) |
|
2368 Integer overflow in SwizzleData |
|
2369 * CVE-2018-12358 (bmo#1467852) |
|
2370 Same-origin bypass using service worker and redirection |
|
2371 * CVE-2018-12362 (bmo#1452375) |
|
2372 Integer overflow in SSSE3 scaler |
|
2373 * CVE-2018-5156 (bmo#1453127) |
|
2374 Media recorder segmentation fault when track type is changed during capture |
|
2375 * CVE-2018-12363 (bmo#1464784) |
|
2376 Use-after-free when appending DOM nodes |
|
2377 * CVE-2018-12364 (bmo#1436241) |
|
2378 CSRF attacks through 307 redirects and NPAPI plugins |
|
2379 * CVE-2018-12365 (bmo#1459206) |
|
2380 Compromised IPC child process can list local filenames |
|
2381 * CVE-2018-12371 (bmo#1465686) |
|
2382 Integer overflow in Skia library during edge builder allocation |
|
2383 * CVE-2018-12366 (bmo#1464039) |
|
2384 Invalid data handling during QCMS transformations |
|
2385 * CVE-2018-12367 (bmo#1462891) |
|
2386 Timing attack mitigation of PerformanceNavigationTiming |
|
2387 * CVE-2018-12369 (bmo#1454909) |
|
2388 WebExtension security permission checks bypassed by embedded experiments |
|
2389 * CVE-2018-12370 (bmo#1456652) |
|
2390 SameSite cookie protections bypassed when exiting Reader View |
|
2391 * CVE-2018-5186 (bmo#1464872,bmo#1463329,bmo#1419373,bmo#1412882, |
|
2392 bmo#1413033,bmo#1444673,bmo#1454448,bmo#1453505,bmo#1438671) |
|
2393 Memory safety bugs fixed in Firefox 61 |
|
2394 * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938, |
|
2395 bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568, |
|
2396 bmo#1463884) |
|
2397 Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1 |
|
2398 * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739, |
|
2399 bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576, |
|
2400 bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829, |
|
2401 bmo#1464079,bmo#1463494,bmo#1458048) |
|
2402 Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9 |
|
2403 - requires NSS 3.37.3 |
|
2404 - requires python >= 3.5 to build |
|
2405 - removed obsolete patches |
|
2406 mozilla-i586-DecoderDoctorLogger.patch |
|
2407 mozilla-i586-domPrefs.patch |
|
2408 mozilla-fix-skia-aarch64.patch |
|
2409 mozilla-bmo1375074.patch |
|
2410 mozilla-enable-csd.patch |
|
2411 - patch for new no-return warnings (mozilla-no-return.patch) |
|
2412 - do not disable system installed locales (mozilla-bmo1464766.patch) |
|
2413 |
|
2414 ------------------------------------------------------------------- |
|
2415 Fri Jun 8 10:52:13 UTC 2018 - bjorn.lie@gmail.com |
|
2416 |
|
2417 - Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass |
|
2418 conditional --disable-gconf to configure: no longer pull in |
|
2419 obsolete gconf2 for Tumbleweed. |
|
2420 |
|
2421 ------------------------------------------------------------------- |
|
2422 Thu Jun 7 12:11:06 UTC 2018 - wr@rosenauer.org |
|
2423 |
|
2424 - update to Firefox 60.0.2 |
|
2425 * requires NSS 3.36.4 |
|
2426 MFSA 2018-14 (bsc#1096449) |
|
2427 * CVE-2018-6126 (bmo#1462682) |
|
2428 Heap buffer overflow rasterizing paths in SVG with Skia |
|
2429 |
|
2430 ------------------------------------------------------------------- |
|
2431 Wed Jun 6 18:57:52 UTC 2018 - guillaume.gardet@opensuse.org |
|
2432 |
|
2433 - Add upstream patch to fix boo#1093059 instead of '-ffixed-x28' |
|
2434 workaround: |
|
2435 * mozilla-bmo1375074.patch |
|
2436 |
|
2437 ------------------------------------------------------------------- |
|
2438 Sat May 26 15:53:25 UTC 2018 - wr@rosenauer.org |
|
2439 |
|
2440 - fixed "open with" option under KDE (boo#1094747) |
|
2441 - workaround crash on startup on aarch64 (boo#1093059) |
|
2442 (contributed by guillaume.gardet@arm.com) |
|
2443 |
|
2444 ------------------------------------------------------------------- |
|
2445 Wed May 23 08:49:09 UTC 2018 - guillaume.gardet@opensuse.org |
|
2446 |
|
2447 - Disable webrtc for aarch64 due to bmo#1434589 |
|
2448 - Add patch to fix skia build on AArch64: |
|
2449 * mozilla-fix-skia-aarch64.patch |
|
2450 |
|
2451 ------------------------------------------------------------------- |
|
2452 Thu May 17 14:01:18 UTC 2018 - wr@rosenauer.org |
|
2453 |
|
2454 - update to Firefox 60.0.1 |
|
2455 * Avoid overly long cycle collector pauses with some add-ons installed |
|
2456 (bmo#1449033) |
|
2457 * After unckecking the "Sponsored Stories" option, the New Tab page |
|
2458 now immediately stops displaying "Sponsored content" cards (bmo#1458906) |
|
2459 * On touchscreen devices, fixed momentum scrolling on non-zoomable pages |
|
2460 (bmo#1457743) |
|
2461 * Use the right default background when opening tabs or windows in |
|
2462 high contrast mode (bmo#1458956) |
|
2463 * Restored translations of the Preferences panels when using a |
|
2464 language pack (bmo#1461590) |
|
2465 |
|
2466 ------------------------------------------------------------------- |
|
2467 Mon May 14 13:37:38 UTC 2018 - pcerny@suse.com |
|
2468 |
|
2469 - parellelise locales building |
|
2470 |
|
2471 ------------------------------------------------------------------- |
|
2472 Mon May 7 08:32:28 UTC 2018 - wr@rosenauer.org |
|
2473 |
|
2474 - update to Firefox 60.0 |
|
2475 * Added a policy engine that allows customized Firefox deployments |
|
2476 in enterprise environments, using Windows Group Policy or a |
|
2477 cross-platform JSON file |
|
2478 * Applied Quantum CSS to render browser UI |
|
2479 * Added support for Web Authentication, allowing the use of USB |
|
2480 tokens for authentication to web sites |
|
2481 * Locale added: Occitan (oc) |
|
2482 MFSA 2018-11 (bsc#1092548) |
|
2483 * CVE-2018-5154 (bmo#1443092) |
|
2484 Use-after-free with SVG animations and clip paths |
|
2485 * CVE-2018-5155 (bmo#1448774) |
|
2486 Use-after-free with SVG animations and text paths |
|
2487 * CVE-2018-5157 (bmo#1449898) |
|
2488 Same-origin bypass of PDF Viewer to view protected PDF files |
|
2489 * CVE-2018-5158 (bmo#1452075) |
|
2490 Malicious PDF can inject JavaScript into PDF Viewer |
|
2491 * CVE-2018-5159 (bmo#1441941) |
|
2492 Integer overflow and out-of-bounds write in Skia |
|
2493 * CVE-2018-5160 (bmo#1436117) |
|
2494 Uninitialized memory use by WebRTC encoder |
|
2495 * CVE-2018-5152 (bmo#1415644, bmo#1427289) |
|
2496 WebExtensions information leak through webRequest API |
|
2497 * CVE-2018-5153 (bmo#1436809) |
|
2498 Out-of-bounds read in mixed content websocket messages |
|
2499 * CVE-2018-5163 (bmo#1426353) |
|
2500 Replacing cached data in JavaScript Start-up Bytecode Cache |
|
2501 * CVE-2018-5164 (bmo#1416045) |
|
2502 CSP not applied to all multipart content sent with |
|
2503 multipart/x-mixed-replace |
|
2504 * CVE-2018-5166 (bmo#1437325) |
|
2505 WebExtension host permission bypass through filterReponseData |
|
2506 * CVE-2018-5167 (bmo#1447969) |
|
2507 Improper linkification of chrome: and javascript: content in |
|
2508 web console and JavaScript debugger |
|
2509 * CVE-2018-5168 (bmo#1449548) |
|
2510 Lightweight themes can be installed without user interaction |
|
2511 * CVE-2018-5169 (bmo#1319157) |
|
2512 Dragging and dropping link text onto home button can set home page |
|
2513 to include chrome pages |
|
2514 * CVE-2018-5172 (bmo#1436482) |
|
2515 Pasted script from clipboard can run in the Live Bookmarks page |
|
2516 or PDF viewer |
|
2517 * CVE-2018-5173 (bmo#1438025) |
|
2518 File name spoofing of Downloads panel with Unicode characters |
|
2519 * CVE-2018-5174 (bmo#1447080) (Windows-only) |
|
2520 Windows Defender SmartScreen UI runs with less secure behavior |
|
2521 for downloaded files in Windows 10 April 2018 Update |
|
2522 * CVE-2018-5175 (bmo#1432358) |
|
2523 Universal CSP bypass on sites using strict-dynamic in their policies |
|
2524 * CVE-2018-5176 (bmo#1442840) |
|
2525 JSON Viewer script injection |
|
2526 * CVE-2018-5177 (bmo#1451908) |
|
2527 Buffer overflow in XSLT during number formatting |
|
2528 * CVE-2018-5165 (bmo#1451452) |
|
2529 Checkbox for enabling Flash protected mode is inverted in 32-bit |
|
2530 Firefox |
|
2531 * CVE-2018-5180 (bmo#1444086) |
|
2532 heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced |
|
2533 * CVE-2018-5181 (bmo#1424107) |
|
2534 Local file can be displayed in noopener tab through drag and |
|
2535 drop of hyperlink |
|
2536 * CVE-2018-5182 (bmo#1435908) |
|
2537 Local file can be displayed from hyperlink dragged and dropped |
|
2538 on addressbar |
|
2539 * CVE-2018-5151 |
|
2540 Memory safety bugs fixed in Firefox 60 |
|
2541 * CVE-2018-5150 |
|
2542 Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 |
|
2543 - removed obsolete patches |
|
2544 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch |
|
2545 mozilla-bmo1005535.patch |
|
2546 - requires NSPR 4.19 and NSS 3.36.1 |
|
2547 - requires rust 1.24 or higher |
|
2548 - use upstream source archive and detached signature for |
|
2549 source verification |
|
2550 |
|
2551 ------------------------------------------------------------------- |
|
2552 Thu May 3 14:33:37 UTC 2018 - guillaume.gardet@opensuse.org |
|
2553 |
|
2554 - Fix armv7 build by: |
|
2555 * adding RUSTFLAGS="-Cdebuginfo=0" |
|
2556 * updating _constraints for %arm |
|
2557 |
|
2558 ------------------------------------------------------------------- |
|
2559 Wed May 2 20:46:37 UTC 2018 - wr@rosenauer.org |
|
2560 |
|
2561 - do not try CSD on kwin (boo#1091592) |
|
2562 - fix build in openSUSE:Leap:42.3:Update, use gcc7 |
|
2563 |
|
2564 ------------------------------------------------------------------- |
|
2565 Tue May 1 14:26:24 UTC 2018 - astieger@suse.com |
|
2566 |
|
2567 - Mozilla Firefox 59.0.3: |
|
2568 * fixes for platforms other than GNU/Linux |
|
2569 |
|
2570 ------------------------------------------------------------------- |
|
2571 Fri Apr 20 12:31:52 UTC 2018 - mliska@suse.cz |
|
2572 |
|
2573 - Add 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch |
|
2574 in order to fix boo#1090362. |
|
2575 |
|
2576 ------------------------------------------------------------------- |
|
2577 Mon Apr 2 00:55:45 UTC 2018 - badshah400@gmail.com |
|
2578 |
|
2579 - Add back mozilla-enable-csd.patch: New rebased version from |
|
2580 Fedora for version 59.0.x. |
|
2581 |
|
2582 ------------------------------------------------------------------- |
|
2583 Tue Mar 27 14:07:11 UTC 2018 - schwab@suse.de |
|
2584 |
|
2585 - Reduce constraints on aarch64 |
|
2586 |
|
2587 ------------------------------------------------------------------- |
|
2588 Tue Mar 27 06:40:25 UTC 2018 - wr@rosenauer.org |
|
2589 |
|
2590 - update to Firefox 59.0.2 |
|
2591 * Invalid page rendering with hardware acceleration enabled (bmo#1435472) |
|
2592 * Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites |
|
2593 that use those keys with resistFingerprinting enabled (bmo#1433592) |
|
2594 * High CPU / memory churn caused by third-party software on some |
|
2595 computers (bmo#1446280) |
|
2596 * Users who have configured an "automatic proxy configuration URL" |
|
2597 and want to reload their proxy settings from the URL will find |
|
2598 the Reload button disabled in the Connection Settings dialog when |
|
2599 they select Preferences/Options>Network Proxy>Settings... (bmo#1445991) |
|
2600 * URL Fragment Identifiers Break Service Worker Responses (bmo#1443850) |
|
2601 * User's trying to cancel a print around the time it completes will |
|
2602 continue to get intermittent crashes (bmo#1441598) |
|
2603 MFSA 2018-10 (bsc#1087059) |
|
2604 * CVE-2018-5148 (bmo#1440717) |
|
2605 Use-after-free in compositor |
|
2606 - removed obsolete patch mozilla-bmo1446062.patch |
|
2607 |
|
2608 ------------------------------------------------------------------- |
|
2609 Wed Mar 21 17:14:24 UTC 2018 - cgrobertson@suse.com |
|
2610 |
|
2611 - Added patches: |
|
2612 * mozilla-i586-DecoderDoctorLogger.patch - bmo#1447070 |
|
2613 fixes non-unified build error |
|
2614 * mozilla-i586-domPrefs.patch - DOMPrefs.h |
|
2615 fixes 32bit build error |
|
2616 |
|
2617 ------------------------------------------------------------------- |
|
2618 Fri Mar 16 06:40:11 UTC 2018 - wr@rosenauer.org |
|
2619 |
|
2620 - update to Firefox 59.0.1 (bsc#1085671) |
|
2621 MFSA 2018-08 |
|
2622 * CVE-2018-5146 (bmo#1446062) |
|
2623 Vorbis audio processing out of bounds write |
|
2624 * CVE-2018-5147 (bmo#1446365) |
|
2625 Out of bounds memory write in libtremor |
|
2626 (mozilla-bmo1446062.patch) |
|
2627 |
|
2628 ------------------------------------------------------------------- |
|
2629 Wed Mar 14 19:27:07 UTC 2018 - cgrobertson@suse.com |
|
2630 |
|
2631 - Added patch: |
|
2632 * mozilla-bmo1005535.patch: |
|
2633 Enable skia_gpu on big endian platforms. |
|
2634 |
|
2635 ------------------------------------------------------------------- |
|
2636 Sun Mar 11 22:12:12 UTC 2018 - wr@rosenauer.org |
|
2637 |
|
2638 - update to Firefox 59.0 |
|
2639 * Performance enhancements |
|
2640 * Drag-and-drop to rearrange Top Sites on the Firefox Home page |
|
2641 * added features for Firefox Screenshots |
|
2642 * Enhanced WebExtensions API |
|
2643 * Improved RTC capabilities |
|
2644 MFSA 2018-06 (bsc#1085130) |
|
2645 * CVE-2018-5127 (bmo#1430557) |
|
2646 Buffer overflow manipulating SVG animatedPathSegList |
|
2647 * CVE-2018-5128 (bmo#1431336) |
|
2648 Use-after-free manipulating editor selection ranges |
|
2649 * CVE-2018-5129 (bmo#1428947) |
|
2650 Out-of-bounds write with malformed IPC messages |
|
2651 * CVE-2018-5130 (bmo#1433005) |
|
2652 Mismatched RTP payload type can trigger memory corruption |
|
2653 * CVE-2018-5131 (bmo#1440775) |
|
2654 Fetch API improperly returns cached copies of no-store/no-cache resources |
|
2655 * CVE-2018-5132 (bmo#1408194) |
|
2656 WebExtension Find API can search privileged pages |
|
2657 * CVE-2018-5133 (bmo#1430511, bmo#1430974) |
|
2658 Value of the app.support.baseURL preference is not properly sanitized |
|
2659 * CVE-2018-5134 (bmo#1429379) |
|
2660 WebExtensions may use view-source: URLs to bypass content restrictions |
|
2661 * CVE-2018-5135 (bmo#1431371) |
|
2662 WebExtension browserAction can inject scripts into unintended contexts |
|
2663 * CVE-2018-5136 (bmo#1419166) |
|
2664 Same-origin policy violation with data: URL shared workers |
|
2665 * CVE-2018-5137 (bmo#1432870) |
|
2666 Script content can access legacy extension non-contentaccessible resources |
|
2667 * CVE-2018-5138 (bmo#1432624) (Android only) |
|
2668 Android Custom Tab address spoofing through long domain names |
|
2669 * CVE-2018-5140 (bmo#1424261) |
|
2670 Moz-icon images accessible to web content through moz-icon: protocol |
|
2671 * CVE-2018-5141 (bmo#1429093) |
|
2672 DOS attack through notifications Push API |
|
2673 * CVE-2018-5142 (bmo#1366357) |
|
2674 Media Capture and Streams API permissions display incorrect origin |
|
2675 with data: and blob: URLs |
|
2676 * CVE-2018-5143 (bmo#1422643) |
|
2677 Self-XSS pasting javascript: URL with embedded tab into addressbar |
|
2678 * CVE-2018-5126 |
|
2679 Memory safety bugs fixed in Firefox 59 |
|
2680 * CVE-2018-5125 |
|
2681 Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 |
|
2682 - requires NSPR 4.18 and NSS 3.35 |
|
2683 - requires rust >= 1.22.1 |
|
2684 - removed obsolete patches: |
|
2685 mozilla-alsa-sandbox.patch |
|
2686 mozilla-enable-csd.patch |
|
2687 firefox-no-default-ualocale.patch |
|
2688 - removed l10n_changesets.txt since same information is now in |
|
2689 Firefox source tree (updated create-tar.sh now requires jq) |
|
2690 |
|
2691 ------------------------------------------------------------------- |
|
2692 Fri Feb 9 13:37:46 UTC 2018 - astieger@suse.com |
|
2693 |
|
2694 - Mozilla Firefox 58.0.2: |
|
2695 * Blocklisted graphics drivers related to off main thread painting |
|
2696 crashes |
|
2697 * Fix tab crash during printing |
|
2698 * Fix clicking links and scrolling emails on Microsoft Hotmail |
|
2699 and Outlook (OWA) webmail |
|
2700 |
|
2701 ------------------------------------------------------------------- |
|
2702 Fri Feb 9 12:06:31 UTC 2018 - wr@rosenauer.org |
|
2703 |
|
2704 - correct requires and provides handling (boo#1076907) |
|
2705 |
|
2706 ------------------------------------------------------------------- |
|
2707 Tue Feb 6 07:03:42 UTC 2018 - fstrba@suse.com |
|
2708 |
|
2709 - Added patch: |
|
2710 * mozilla-alsa-sandbox.patch: Fix bmo#1430274, ALSA sound (still |
|
2711 or again?) not working in Firefox 58 due to sandboxing. |
|
2712 |
|
2713 ------------------------------------------------------------------- |
|
2714 Mon Jan 29 22:32:21 UTC 2018 - wr@rosenauer.org |
|
2715 |
|
2716 - update to Firefox 58.0.1 |
|
2717 MFSA 2018-05 |
|
2718 * Arbitrary code execution through unsanitized browser UI (bmo#1432966) |
|
2719 - use correct language packs |
|
2720 - readd mozilla-enable-csd.patch as it only lands for FF59 upstream |
|
2721 - allow larger number of nested elements (mozilla-bmo256180.patch) |
|
2722 |
|
2723 ------------------------------------------------------------------- |
|
2724 Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org |
|
2725 |
|
2726 - update to Firefox 58.0 (bsc#1077291) |
|
2727 * Added Nepali (ne-NP) locale |
|
2728 * Added support for form autofill for credit card |
|
2729 * Optimize page load by caching JavaScript internal representation |
|
2730 MFSA 2018-02 |
|
2731 * CVE-2018-5091 (bmo#1423086) |
|
2732 Use-after-free with DTMF timers |
|
2733 * CVE-2018-5092 (bmo#1418074) |
|
2734 Use-after-free in Web Workers |
|
2735 * CVE-2018-5093 (bmo#1415291) |
|
2736 Buffer overflow in WebAssembly during Memory/Table resizing |
|
2737 * CVE-2018-5094 (bmo#1415883) |
|
2738 Buffer overflow in WebAssembly with garbage collection on |
|
2739 uninitialized memory |
|
2740 * CVE-2018-5095 (bmo#1418447) |
|
2741 Integer overflow in Skia library during edge builder allocation |
|
2742 * CVE-2018-5097 (bmo#1387427) |
|
2743 Use-after-free when source document is manipulated during XSLT |
|
2744 * CVE-2018-5098 (bmo#1399400) |
|
2745 Use-after-free while manipulating form input elements |
|
2746 * CVE-2018-5099 (bmo#1416878) |
|
2747 Use-after-free with widget listener |
|
2748 * CVE-2018-5100 (bmo#1417405) |
|
2749 Use-after-free when IsPotentiallyScrollable arguments are freed |
|
2750 from memory |
|
2751 * CVE-2018-5101 (bmo#1417661) |
|
2752 Use-after-free with floating first-letter style elements |
|
2753 * CVE-2018-5102 (bmo#1419363) |
|
2754 Use-after-free in HTML media elements |
|
2755 * CVE-2018-5103 (bmo#1423159) |
|
2756 Use-after-free during mouse event handling |
|
2757 * CVE-2018-5104 (bmo#1425000) |
|
2758 Use-after-free during font face manipulation |
|
2759 * CVE-2018-5105 (bmo#1390882) |
|
2760 WebExtensions can save and execute files on local file system |
|
2761 without user prompts |
|
2762 * CVE-2018-5106 (bmo#1408708) |
|
2763 Developer Tools can expose style editor information cross-origin |
|
2764 through service worker |
|
2765 * CVE-2018-5107 (bmo#1379276) |
|
2766 Printing process will follow symlinks for local file access |
|
2767 * CVE-2018-5108 (bmo#1421099) |
|
2768 Manually entered blob URL can be accessed by subsequent private browsing tabs |
|
2769 * CVE-2018-5109 (bmo#1405599) |
|
2770 Audio capture prompts and starts with incorrect origin attribution |
|
2771 * CVE-2018-5110 (bmo#1423275) (affects only OS X) |
|
2772 Cursor can be made invisible on OS X |
|
2773 * CVE-2018-5111 (bmo#1321619) |
|
2774 URL spoofing in addressbar through drag and drop |
|
2775 * CVE-2018-5112 (bmo#1425224) |
|
2776 Extension development tools panel can open a non-relative URL in the panel |
|
2777 * CVE-2018-5113 (bmo#1425267) |
|
2778 WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow |
|
2779 * CVE-2018-5114 (bmo#1421324) |
|
2780 The old value of a cookie changed to HttpOnly remains accessible to scripts |
|
2781 * CVE-2018-5115 (bmo#1409449) |
|
2782 Background network requests can open HTTP authentication in unrelated foreground tabs |
|
2783 * CVE-2018-5116 (bmo#1396399) |
|
2784 WebExtension ActiveTab permission allows cross-origin frame content access |
|
2785 * CVE-2018-5117 (bmo#1395508) |
|
2786 URL spoofing with right-to-left text aligned left-to-right |
|
2787 * CVE-2018-5118 (bmo#1420049) |
|
2788 Activity Stream images can attempt to load local content through file: |
|
2789 * CVE-2018-5119 (bmo#1420507) |
|
2790 Reader view will load cross-origin content in violation of CORS headers |
|
2791 * CVE-2018-5121 (bmo#1402368) (affects only OS X) |
|
2792 OS X Tibetan characters render incompletely in the addressbar |
|
2793 * CVE-2018-5122 (bmo#1413841) |
|
2794 Potential integer overflow in DoCrypt |
|
2795 * CVE-2018-5090 |
|
2796 Memory safety bugs fixed in Firefox 58 |
|
2797 * CVE-2018-5089 |
|
2798 Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 |
|
2799 - requires NSS 3.34.1 |
|
2800 - requires rust 1.21 |
|
2801 - removed obsolete patches: |
|
2802 mozilla-bindgen-systemlibs.patch |
|
2803 mozilla-bmo1360278.patch |
|
2804 mozilla-bmo1399611-csd.patch |
|
2805 mozilla-rust-1.23.patch |
|
2806 - rebased patches |
|
2807 - updated man-page |
|
2808 |
|
2809 ------------------------------------------------------------------- |
|
2810 Tue Jan 9 18:48:02 UTC 2018 - wr@rosenauer.org |
|
2811 |
|
2812 - fixed build with latest rust (mozilla-rust-1.23.patch) |
|
2813 |
|
2814 ------------------------------------------------------------------- |
|
2815 Thu Jan 4 12:23:41 UTC 2018 - wr@rosenauer.org |
|
2816 |
|
2817 - update to Firefox 57.0.4 |
|
2818 MFSA 2018-1: Speculative execution side-channel attack ("Spectre") |
|
2819 (boo#1074723) |
|
2820 |
|
2821 ------------------------------------------------------------------- |
|
2822 Wed Jan 3 08:29:38 UTC 2018 - wr@rosenauer.org |
|
2823 |
|
2824 - fixed regression introduced Oct 10th which made Firefox crash |
|
2825 when cancelling the KDE file dialog (boo#1069962) |
|
2826 |
|
2827 ------------------------------------------------------------------- |
|
2828 Fri Dec 29 19:52:34 UTC 2017 - astieger@suse.com |
|
2829 |
|
2830 - Mozilla Firefox 57.0.3: |
|
2831 * Fix a crash reporting issue that inadvertently sends background |
|
2832 tab crash reports to Mozilla without user opt-in (bmo#1427111, |
|
2833 bsc#1074235) |
|
2834 - Includes changes from 57.0.2: |
|
2835 * fixes for platforms other than GNU/Linux |
|
2836 |
|
2837 ------------------------------------------------------------------- |
|
2838 Fri Dec 8 15:52:17 UTC 2017 - dimstar@opensuse.org |
|
2839 |
|
2840 - Explicitly buildrequires python2-xml: The build system relies on |
|
2841 it. We wrongly relied on other packages pulling it in for us. |
|
2842 |
|
2843 ------------------------------------------------------------------- |
|
2844 Thu Dec 7 11:12:31 UTC 2017 - dimstar@opensuse.org |
|
2845 |
|
2846 - Escape the usage of %{VERSION} when calling out to rpm. |
|
2847 RPM 4.14 has %{VERSION} defined as 'the main packages version'. |
|
2848 |
|
2849 ------------------------------------------------------------------- |
|
2850 Wed Nov 29 23:45:03 UTC 2017 - wr@rosenauer.org |
|
2851 |
|
2852 - update to Firefox 57.0.1 |
|
2853 * CVE-2017-7843: Web worker in Private Browsing mode can write |
|
2854 IndexedDB data (bsc#1072034, bmo#1410106) |
|
2855 * CVE-2017-7844: Visited history information leak through SVG |
|
2856 image (bsc#1072036, bmo#1420001) |
|
2857 * Fix a video color distortion issue on YouTube and other video |
|
2858 sites with some AMD devices (bmo#1417442) |
|
2859 * Fix an issue with prefs.js when the profile path has non-ascii |
|
2860 characters (bmo#1420427) |
|
2861 |
|
2862 ------------------------------------------------------------------- |
|
2863 Tue Nov 21 09:00:48 UTC 2017 - christophe@krop.fr |
|
2864 |
|
2865 - Add mozilla-bmo1360278.patch |
|
2866 Starting with Firefox 57, the context menu appears on key press. |
|
2867 This patch creates a config entry to restore the |
|
2868 old behaviour. Without the patch, the mouse gesture extensions |
|
2869 require 2 clicks to work (bmo#1360278). |
|
2870 The new config entry is named ui.context_menus.after_mouseup |
|
2871 (default : false). |
|
2872 |
|
2873 ------------------------------------------------------------------- |
|
2874 Sat Nov 18 08:35:21 UTC 2017 - wr@rosenauer.org |
|
2875 |
|
2876 - Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled |
|
2877 widget.allow-client-side-decoration=true |
|
2878 (mozilla-bmo1399611-csd.patch) |
|
2879 |
|
2880 ------------------------------------------------------------------- |
|
2881 Wed Nov 15 06:46:06 UTC 2017 - wr@rosenauer.org |
|
2882 |
|
2883 - update to Firefox 57.0 (boo#1068101) |
|
2884 * Firefox Quantum |
|
2885 * Photon UI |
|
2886 * Unified address and search bar |
|
2887 * AMD VP9 hardware video decoder support |
|
2888 * Added support for Date/Time input |
|
2889 * stricter security sandbox blocking filesystem reading and |
|
2890 writing on Linux systems |
|
2891 * middle mouse paste in the content area no longer navigates to |
|
2892 URLs by default on Unix systems |
|
2893 MFSA 2017-24 |
|
2894 * CVE-2017-7828 (bmo#1406750. bmo#1412252) |
|
2895 Use-after-free of PressShell while restyling layout |
|
2896 * CVE-2017-7830 (bmo#1408990) |
|
2897 Cross-origin URL information leak through Resource Timing API |
|
2898 * CVE-2017-7831 (bmo#1392026) |
|
2899 Information disclosure of exposed properties on JavaScript proxy |
|
2900 objects |
|
2901 * CVE-2017-7832 (bmo#1408782) |
|
2902 Domain spoofing through use of dotless 'i' character followed |
|
2903 by accent markers |
|
2904 * CVE-2017-7833 (bmo#1370497) |
|
2905 Domain spoofing with Arabic and Indic vowel marker characters |
|
2906 * CVE-2017-7834 (bmo#1358009) |
|
2907 data: URLs opened in new tabs bypass CSP protections |
|
2908 * CVE-2017-7835 (bmo#1402363) |
|
2909 Mixed content blocking incorrectly applies with redirects |
|
2910 * CVE-2017-7836 (bmo#1401339) |
|
2911 Pingsender dynamically loads libcurl on Linux and OS X |
|
2912 * CVE-2017-7837 (bmo#1325923) |
|
2913 SVG loaded as <img> can use meta tags to set cookies |
|
2914 * CVE-2017-7838 (bmo#1399540) |
|
2915 Failure of individual decoding of labels in international domain |
|
2916 names triggers punycode display of entire IDN |
|
2917 * CVE-2017-7839 (bmo#1402896) |
|
2918 Control characters before javascript: URLs defeats self-XSS |
|
2919 prevention mechanism |
|
2920 * CVE-2017-7840 (bmo#1366420) |
|
2921 Exported bookmarks do not strip script elements from user-supplied |
|
2922 tags |
|
2923 * CVE-2017-7842 (bmo#1397064) |
|
2924 Referrer Policy is not always respected for <link> elements |
|
2925 * CVE-2017-7827 |
|
2926 Memory safety bugs fixed in Firefox 57 |
|
2927 * CVE-2017-7826 |
|
2928 Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 |
|
2929 - requires NSPR 4.17, NSS 3.33 and rustc 1.19 |
|
2930 - rebased patches |
|
2931 - added mozilla-bindgen-systemlibs.patch to allow stylo build |
|
2932 with system libs (bmo#1341234) |
|
2933 - removed mozilla-language.patch since the whole locale code |
|
2934 changed in Firefox and is relying on ICU now |
|
2935 - removed obsolete mozilla-ucontext.patch |
|
2936 |
|
2937 ------------------------------------------------------------------- |
|
2938 Sat Oct 28 06:30:37 UTC 2017 - wr@rosenauer.org |
|
2939 |
|
2940 - update to Firefox 56.0.2 |
|
2941 * Disable Form Autofill completely on user request (bmo#1404531) |
|
2942 * Fix for video-related crashes on Windows 7 (bmo#1409141) |
|
2943 * Correct detection for 64-bit GSSAPI authentication (bmo#1409275) |
|
2944 * Fix for shutdown crash (bmo#1404105) |
|
2945 |
|
2946 ------------------------------------------------------------------- |
|
2947 Tue Oct 10 11:47:49 UTC 2017 - wr@rosenauer.org |
|
2948 |
|
2949 - update to Firefox 56.0.1 |
|
2950 * Block D3D11 when using Intel drivers on Windows 7 systems with |
|
2951 partial AVX support (bmo#1403353) |
|
2952 -> just to sync the version number |
|
2953 - enable stylo for TW (requires LLVM >= 3.9) |
|
2954 - queue KDE filepicker requests to avoid non-opening file dialogs |
|
2955 happening in certain situations (contributed by Ignaz Forster) |
|
2956 - the placeholder dot in KDE file dialog in case of empty filenames |
|
2957 was removed, apparently not required (anymore) |
|
2958 (contributed by Ignaz Forster) |
|
2959 |
|
2960 ------------------------------------------------------------------- |
|
2961 Sun Oct 1 18:25:16 UTC 2017 - stefan.bruens@rwth-aachen.de |
|
2962 |
|
2963 - Correct plugin directory for aarch64 (boo#1061207). The wrapper |
|
2964 script was not detecting aarch64 as a 64 bit architecture, thus |
|
2965 used /usr/lib/browser-plugins/. |
|
2966 |
|
2967 ------------------------------------------------------------------- |
|
2968 Sat Sep 30 20:10:50 UTC 2017 - zaitor@opensuse.org |
|
2969 |
|
2970 - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0), |
|
2971 pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0), |
|
2972 pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and |
|
2973 pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure |
|
2974 looks for. |
|
2975 |
|
2976 ------------------------------------------------------------------- |
|
2977 Thu Sep 28 08:28:29 UTC 2017 - wr@rosenauer.org |
|
2978 |
|
2979 - update to Firefox 56.0 (boo#1060445) |
|
2980 * Firefox Screenshots |
|
2981 * Find Options/Preferences more quickly with new search function |
|
2982 * Media is no longer auto-played when opened in a background tab |
|
2983 * Enable CSS Grid Layout View |
|
2984 MFSA 2017-21 |
|
2985 * CVE-2017-7793 (bmo#1371889) |
|
2986 Use-after-free with Fetch API |
|
2987 * CVE-2017-7817 (bmo#1356596) (Android-only) |
|
2988 Firefox for Android address bar spoofing through fullscreen mode |
|
2989 * CVE-2017-7818 (bmo#1363723) |
|
2990 Use-after-free during ARIA array manipulation |
|
2991 * CVE-2017-7819 (bmo#1380292) |
|
2992 Use-after-free while resizing images in design mode |
|
2993 * CVE-2017-7824 (bmo#1398381) |
|
2994 Buffer overflow when drawing and validating elements with ANGLE |
|
2995 * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) |
|
2996 Use-after-free in TLS 1.2 generating handshake hashes |
|
2997 * CVE-2017-7812 (bmo#1379842) |
|
2998 Drag and drop of malicious page content to the tab bar can open locally stored files |
|
2999 * CVE-2017-7814 (bmo#1376036) |
|
3000 Blob and data URLs bypass phishing and malware protection warnings |
|
3001 * CVE-2017-7813 (bmo#1383951) |
|
3002 Integer truncation in the JavaScript parser |
|
3003 * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) |
|
3004 OS X fonts render some Tibetan and Arabic unicode characters as spaces |
|
3005 * CVE-2017-7815 (bmo#1368981) |
|
3006 Spoofing attack with modal dialogs on non-e10s installations |
|
3007 * CVE-2017-7816 (bmo#1380597) |
|
3008 WebExtensions can load about: URLs in extension UI |
|
3009 * CVE-2017-7821 (bmo#1346515) |
|
3010 WebExtensions can download and open non-executable files without user interaction |
|
3011 * CVE-2017-7823 (bmo#1396320) |
|
3012 CSP sandbox directive did not create a unique origin |
|
3013 * CVE-2017-7822 (bmo#1368859) |
|
3014 WebCrypto allows AES-GCM with 0-length IV |
|
3015 * CVE-2017-7820 (bmo#1378207) |
|
3016 Xray wrapper bypass with new tab and web console |
|
3017 * CVE-2017-7811 |
|
3018 Memory safety bugs fixed in Firefox 56 |
|
3019 * CVE-2017-7810 |
|
3020 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 |
|
3021 - requires NSPR 4.16 and NSS 3.32.1 |
|
3022 - rebased patches |
|
3023 |
|
3024 ------------------------------------------------------------------- |
|
3025 Thu Sep 28 07:53:13 UTC 2017 - dimstar@opensuse.org |
|
3026 |
|
3027 - Add alsa-devel BuildRequires: we care for ALSA support to be |
|
3028 built and thus need to ensure we get the dependencies in place. |
|
3029 In the past, alsa-devel was pulled in by accident: we |
|
3030 buildrequire libgnome-devel. This required esound-devel and that |
|
3031 in turn pulled in alsa-devel for us. libgnome is being fixed to |
|
3032 no longer require esound-devel. |
|
3033 |
|
3034 ------------------------------------------------------------------- |
|
3035 Mon Sep 4 18:27:44 UTC 2017 - wr@rosenauer.org |
|
3036 |
|
3037 - update to Firefox 55.0.3 |
|
3038 * Fix an issue with addons when using a path containing non-ascii |
|
3039 characters (bmo#1389160) |
|
3040 * Fix file uploads to some websites, including YouTube (bmo#1383518) |
|
3041 - fix Google API key build integration |
|
3042 - add mozilla-ucontext.patch to fix Tumbleweed build |
|
3043 - do not enable XINPUT2 for now (boo#1053959) |
|
3044 |
|
3045 ------------------------------------------------------------------- |
|
3046 Fri Aug 11 08:32:30 UTC 2017 - wr@rosenauer.org |
|
3047 |
|
3048 - update to Firefox 55.0.1 |
|
3049 * Fix a regression the tab restoration process (bmo#1388160) |
|
3050 * Fix a problem causing What's new pages not to be displayed (bmo#1386224) |
|
3051 * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370) |
|
3052 * Disable the predictor prefetch (bmo#1388160) |
|
3053 |
|
3054 ------------------------------------------------------------------- |
|
3055 Sat Aug 5 13:22:16 UTC 2017 - wr@rosenauer.org |
|
3056 |
|
3057 - update to Firefox 55.0 (boo#1052829) |
|
3058 * Browsing sessions with a high number of tabs are now restored |
|
3059 in an instant |
|
3060 * Sidebar (bookmarks, history, synced tabs) can now be moved to |
|
3061 the right edge of the window |
|
3062 * Fine-tune your browser performance from the Preferences/Options page. |
|
3063 * Make screenshots of webpages, and save them locally or upload |
|
3064 them to the cloud. This feature will undergo A/B testing and |
|
3065 will not be visible for some users. |
|
3066 * Added Belarusian (be) locale |
|
3067 * Simplify print jobs from within print preview |
|
3068 * Use virtual reality devices with the web with the introduction |
|
3069 of WebVR |
|
3070 * Search suggestions are now enabled by default for users who |
|
3071 haven't explicitly opted-out |
|
3072 * Search with any installed search engine directly from the |
|
3073 location bar |
|
3074 * IMPORTANT: Breaking profile changes - do not downgrade Firefox |
|
3075 and use a profile that has been opened with Firefox 55+. |
|
3076 * The Adobe Flash plugin is now click-to-activate by default and |
|
3077 only allowed on http:// and https:// URL schemes. This change |
|
3078 will be rolled out progressively and so will not be visible to |
|
3079 all users immediately. For more information see the Firefox |
|
3080 plugin roadmap |
|
3081 * Modernized application update UI to be less intrusive and more |
|
3082 aligned with the rest of the browser. Only users who have not |
|
3083 restarted their browser 8 days after downloading an update or |
|
3084 users who opted out of automatic updates will see this change. |
|
3085 * Insecure sites can no longer access the Geolocation APIs to get |
|
3086 access to your physical location |
|
3087 * requires NSPR 4.15 and NSS 3.31 |
|
3088 MFSA 2017-18 |
|
3089 * CVE-2017-7798 (bmo#1371586, bmo#1372112) |
|
3090 XUL injection in the style editor in devtools |
|
3091 * CVE-2017-7800 (bmo#1374047) |
|
3092 Use-after-free in WebSockets during disconnection |
|
3093 * CVE-2017-7801 (bmo#1371259) |
|
3094 Use-after-free with marquee during window resizing |
|
3095 * CVE-2017-7809 (bmo#1380284) |
|
3096 Use-after-free while deleting attached editor DOM node |
|
3097 * CVE-2017-7784 (bmo#1376087) |
|
3098 Use-after-free with image observers |
|
3099 * CVE-2017-7802 (bmo#1378147) |
|
3100 Use-after-free resizing image elements |
|
3101 * CVE-2017-7785 (bmo#1356985) |
|
3102 Buffer overflow manipulating ARIA attributes in DOM |
|
3103 * CVE-2017-7786 (bmo#1365189) |
|
3104 Buffer overflow while painting non-displayable SVG |
|
3105 * CVE-2017-7806 (bmo#1378113) |
|
3106 Use-after-free in layer manager with SVG |
|
3107 * CVE-2017-7753 (bmo#1353312) |
|
3108 Out-of-bounds read with cached style data and pseudo-elements# |
|
3109 * CVE-2017-7787 (bmo#1322896) |
|
3110 Same-origin policy bypass with iframes through page reloads |
|
3111 * CVE-2017-7807 (bmo#1376459) |
|
3112 Domain hijacking through AppCache fallback |
|
3113 * CVE-2017-7792 (bmo#1368652) |
|
3114 Buffer overflow viewing certificates with an extremely long OID |
|
3115 * CVE-2017-7804 (bmo#1372849) |
|
3116 Memory protection bypass through WindowsDllDetourPatcher |
|
3117 * CVE-2017-7791 (bmo#1365875) |
|
3118 Spoofing following page navigation with data: protocol and modal alerts |
|
3119 * CVE-2017-7808 (bmo#1367531) |
|
3120 CSP information leak with frame-ancestors containing paths |
|
3121 * CVE-2017-7782 (bmo#1344034) |
|
3122 WindowsDllDetourPatcher allocates memory without DEP protections |
|
3123 * CVE-2017-7781 (bmo#1352039) |
|
3124 Elliptic curve point addition error when using mixed Jacobian-affine coordinates |
|
3125 * CVE-2017-7794 (bmo#1374281) |
|
3126 Linux file truncation via sandbox broker |
|
3127 * CVE-2017-7803 (bmo#1377426) |
|
3128 CSP containing 'sandbox' improperly applied |
|
3129 * CVE-2017-7799 (bmo#1372509) |
|
3130 Self-XSS XUL injection in about:webrtc |
|
3131 * CVE-2017-7783 (bmo#1360842) |
|
3132 DOS attack through long username in URL |
|
3133 * CVE-2017-7788 (bmo#1073952) |
|
3134 Sandboxed about:srcdoc iframes do not inherit CSP directives |
|
3135 * CVE-2017-7789 (bmo#1074642) |
|
3136 Failure to enable HSTS when two STS headers are sent for a connection |
|
3137 * CVE-2017-7790 (bmo#1350460) (Windows-only) |
|
3138 Windows crash reporter reads extra memory for some non-null-terminated registry values |
|
3139 * CVE-2017-7796 (bmo#1234401) (Windows-only) |
|
3140 Windows updater can delete any file named update.log |
|
3141 * CVE-2017-7797 (bmo#1334776) |
|
3142 Response header name interning leaks across origins |
|
3143 * CVE-2017-7780 |
|
3144 Memory safety bugs fixed in Firefox 55 |
|
3145 * CVE-2017-7779 |
|
3146 Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 |
|
3147 - updated mozilla-kde.patch: |
|
3148 * removed "downloadfinished" alert as Firefox reimplemented the |
|
3149 whole thing (TODO: check if there is another function we should |
|
3150 hook in) |
|
3151 |
|
3152 ------------------------------------------------------------------- |
|
3153 Tue Jul 4 20:08:47 UTC 2017 - wr@rosenauer.org |
|
3154 |
|
3155 - update to Firefox 54.0.1 |
|
3156 * Fix a display issue of tab title (bmo#1357656) |
|
3157 * Fix a display issue of opening new tab (bmo#1371995) |
|
3158 * Fix a display issue when opening multiple tabs (bmo#1371962) |
|
3159 * Fix a tab display issue when downloading files (bmo#1373109) |
|
3160 * Fix a PDF printing issue (bmo#1366744) |
|
3161 * Fix a Netflix issue on Linux (bmo#1375708) |
|
3162 |
|
3163 ------------------------------------------------------------------- |
|
3164 Thu Jun 15 13:56:05 UTC 2017 - wr@rosenauer.org |
|
3165 |
|
3166 - update to Firefox 54.0 |
|
3167 * Clearer and more detailed information for download items in the |
|
3168 download panel |
|
3169 * Added Burmese (my) locale |
|
3170 * Bookmarks created on mobile devices are now shown in |
|
3171 "Mobile Bookmarks” folder in the drop down list from the toolbar |
|
3172 and Bookmarks option in the menu bar in Desktop Firefox |
|
3173 * added support for multiple content processes (e10s-multi) |
|
3174 - requires NSPR 4.14 and NSS 3.30.2 |
|
3175 - requires rust 1.15.1 |
|
3176 - removed mozilla-shared-nss-db.patch as it seems to be a rather |
|
3177 unused feature |
|
3178 |
|
3179 ------------------------------------------------------------------- |
|
3180 Thu Jun 1 04:25:05 UTC 2017 - kah0922@gmail.com |
|
3181 |
|
3182 - remove -fno-inline-small-functions and explicitely optimize with |
|
3183 -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105) |
|
3184 |
|
3185 ------------------------------------------------------------------- |
|
3186 Wed Apr 26 12:37:38 UTC 2017 - wr@rosenauer.org |
|
3187 |
|
3188 - switch to Mozilla's geolocation service (boo#1026989) |
|
3189 - removed mozilla-preferences.patch obsoleted by overriding via |
|
3190 firefox.js |
|
3191 - fixed KDE integration to avoid crash caused by filepicker |
|
3192 (boo#1015998) |
|
3193 |
|
3194 ------------------------------------------------------------------- |
|
3195 Mon Apr 17 12:52:10 UTC 2017 - wr@rosenauer.org |
|
3196 |
|
3197 - update to Firefox 53.0 |
|
3198 * requires NSS 3.29.5 |
|
3199 * Lightweight themes are now applied in private browsing windows |
|
3200 * Reader Mode now displays estimated reading time for the page |
|
3201 * Two new 'compact' themes available in Firefox, dark and light, |
|
3202 based on the Firefox Developer Edition theme |
|
3203 * Ended Firefox Linux support for processors older than Pentium 4 |
|
3204 and AMD Opteron |
|
3205 * Refresh of the media controls user interface |
|
3206 * Shortened titles on tabs are faded out instead of using ellipsis |
|
3207 for improved readability |
|
3208 * Media playback on new tabs is blocked until the tab is visible |
|
3209 * Permission notifications have a cleaner design and cannot be |
|
3210 easily missed |
|
3211 MFSA 2017-10 |
|
3212 * CVE-2017-5456 (bmo#1344415) |
|
3213 Sandbox escape allowing local file system access |
|
3214 * CVE-2017-5442 (bmo#1347979) |
|
3215 Use-after-free during style changes |
|
3216 * CVE-2017-5443 (bmo#1342661) |
|
3217 Out-of-bounds write during BinHex decoding |
|
3218 * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, |
|
3219 bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088) |
|
3220 Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and |
|
3221 Firefox ESR 52.1 |
|
3222 * CVE-2017-5464 (bmo#1347075) |
|
3223 Memory corruption with accessibility and DOM manipulation |
|
3224 * CVE-2017-5465 (bmo#1347617) |
|
3225 Out-of-bounds read in ConvolvePixel |
|
3226 * CVE-2017-5466 (bmo#1353975) |
|
3227 Origin confusion when reloading isolated data:text/html URL |
|
3228 * CVE-2017-5467 (bmo#1347262) |
|
3229 Memory corruption when drawing Skia content |
|
3230 * CVE-2017-5460 (bmo#1343642) |
|
3231 Use-after-free in frame selection |
|
3232 * CVE-2017-5461 (bmo#1344380) |
|
3233 Out-of-bounds write in Base64 encoding in NSS |
|
3234 * CVE-2017-5448 (bmo#1346648) |
|
3235 Out-of-bounds write in ClearKeyDecryptor |
|
3236 * CVE-2017-5449 (bmo#1340127) |
|
3237 Crash during bidirectional unicode manipulation with animation |
|
3238 * CVE-2017-5446 (bmo#1343505) |
|
3239 Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data |
|
3240 * CVE-2017-5447 (bmo#1343552) |
|
3241 Out-of-bounds read during glyph processing |
|
3242 * CVE-2017-5444 (bmo#1344461) |
|
3243 Buffer overflow while parsing application/http-index-format content |
|
3244 * CVE-2017-5445 (bmo#1344467) |
|
3245 Uninitialized values used while parsing application/http-index-format |
|
3246 content |
|
3247 * CVE-2017-5468 (bmo#1329521) |
|
3248 Incorrect ownership model for Private Browsing information |
|
3249 * CVE-2017-5469 (bmo#1292534) |
|
3250 Potential Buffer overflow in flex-generated code |
|
3251 * CVE-2017-5440 (bmo#1336832) |
|
3252 Use-after-free in txExecutionState destructor during XSLT processing |
|
3253 * CVE-2017-5441 (bmo#1343795) |
|
3254 Use-after-free with selection during scroll events |
|
3255 * CVE-2017-5439 (bmo#1336830) |
|
3256 Use-after-free in nsTArray Length() during XSLT processing |
|
3257 * CVE-2017-5438 (bmo#1336828) |
|
3258 Use-after-free in nsAutoPtr during XSLT processing |
|
3259 * CVE-2017-5437 (bmo#1343453) |
|
3260 Vulnerabilities in Libevent library |
|
3261 * CVE-2017-5436 (bmo#1345461) |
|
3262 Out-of-bounds write with malicious font in Graphite 2 |
|
3263 * CVE-2017-5435 (bmo#1350683) |
|
3264 Use-after-free during transaction processing in the editor |
|
3265 * CVE-2017-5434 (bmo#1349946) |
|
3266 Use-after-free during focus handling |
|
3267 * CVE-2017-5433 (bmo#1347168) |
|
3268 Use-after-free in SMIL animation functions |
|
3269 * CVE-2017-5432 (bmo#1346654) |
|
3270 Use-after-free in text input selection |
|
3271 * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482, |
|
3272 bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, |
|
3273 bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621, |
|
3274 bmo#1349719, bmo#1353476) |
|
3275 Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 |
|
3276 * CVE-2017-5459 (bmo#1333858) |
|
3277 Buffer overflow in WebGL |
|
3278 * CVE-2017-5458 (bmo#1229426) |
|
3279 Drag and drop of javascript: URLs can allow for self-XSS |
|
3280 * CVE-2017-5455 (bmo#1341191) |
|
3281 Sandbox escape through internal feed reader APIs |
|
3282 * CVE-2017-5454 (bmo#1349276) |
|
3283 Sandbox escape allowing file system read access through file picker |
|
3284 * CVE-2017-5451 (bmo#1273537) |
|
3285 Addressbar spoofing with onblur event |
|
3286 * CVE-2017-5453 (bmo#1321247) |
|
3287 HTML injection into RSS Reader feed preview page through |
|
3288 TITLE element |
|
3289 * CVE-2017-5462 (bmo#1345089) |
|
3290 DRBG flaw in NSS |
|
3291 - removed browser(npapi) provides as these plugins are deprecated |
|
3292 - switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for |
|
3293 Leap 42 |
|
3294 - Gtk2 is not longer an option; switched to Gtk3 |
|
3295 - apply MOZ_USE_XINPUT2=1 for better touchpad and touchscreen support |
|
3296 (boo#1032003) |
|
3297 |
|
3298 ------------------------------------------------------------------- |
|
3299 Mon Apr 3 06:16:26 UTC 2017 - wr@rosenauer.org |
|
3300 |
|
3301 - update to Firefox 52.0.2 |
|
3302 * Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787) |
|
3303 * Fix loading tab icons on session restore (bmo#1338009) |
|
3304 * Fix a crash on startup on Linux (bmo#1345413) |
|
3305 * Fix new installs erroneously not prompting to change the default |
|
3306 browser setting (bmo#1343938) |
|
3307 |
|
3308 ------------------------------------------------------------------- |
|
3309 Mon Mar 20 15:35:57 UTC 2017 - wr@rosenauer.org |
|
3310 |
|
3311 - disable rust usage for everything but x86(-64) |
|
3312 - explicitely add libffi build requirement |
|
3313 |
|
3314 ------------------------------------------------------------------- |
|
3315 Fri Mar 17 15:43:29 UTC 2017 - wr@rosenauer.org |
|
3316 |
|
3317 - update to Firefox 52.0.1 (boo#1029822) |
|
3318 MFSA 2017-08 |
|
3319 CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168) |
|
3320 |
|
3321 ------------------------------------------------------------------- |
|
3322 Thu Mar 9 12:30:14 UTC 2017 - wr@rosenauer.org |
|
3323 |
|
3324 - reenable ALSA support which was removed by default upstream |
|
3325 |
|
3326 ------------------------------------------------------------------- |
|
3327 Sat Mar 4 16:57:45 UTC 2017 - wr@rosenauer.org |
|
3328 |
|
3329 - update to Firefox 52.0 (boo#1028391) |
|
3330 * requires NSS >= 3.28.3 |
|
3331 * Pages containing insecure password fields now display a warning |
|
3332 directly within username and password fields. |
|
3333 * Send and open a tab from one device to another with Sync |
|
3334 * Removed NPAPI support for plugins other than Flash. Silverlight, |
|
3335 Java, Acrobat and the like are no longer supported. |
|
3336 * Removed Battery Status API to reduce fingerprinting of users by |
|
3337 trackers |
|
3338 * MFSA 2017-05 |
|
3339 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP |
|
3340 (bmo#1334933) |
|
3341 CVE-2017-5401: Memory Corruption when handling ErrorResult |
|
3342 (bmo#1328861) |
|
3343 CVE-2017-5402: Use-after-free working with events in FontFace |
|
3344 objects (bmo#1334876) |
|
3345 CVE-2017-5403: Use-after-free using addRange to add range to an |
|
3346 incorrect root object (bmo#1340186) |
|
3347 CVE-2017-5404: Use-after-free working with ranges in selections |
|
3348 (bmo#1340138) |
|
3349 CVE-2017-5406: Segmentation fault in Skia with canvas operations |
|
3350 (bmo#1306890) |
|
3351 CVE-2017-5407: Pixel and history stealing via floating-point |
|
3352 timing side channel with SVG filters (bmo#1336622) |
|
3353 CVE-2017-5410: Memory corruption during JavaScript garbage |
|
3354 collection incremental sweeping (bmo#1330687) |
|
3355 CVE-2017-5408: Cross-origin reading of video captions in violation |
|
3356 of CORS (bmo#1313711) |
|
3357 CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323) |
|
3358 CVE-2017-5413: Segmentation fault during bidirectional operations |
|
3359 (bmo#1337504) |
|
3360 CVE-2017-5414: File picker can choose incorrect default directory |
|
3361 (bmo#1319370) |
|
3362 CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719) |
|
3363 CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121) |
|
3364 CVE-2017-5417: Addressbar spoofing by draging and dropping URLs |
|
3365 (bmo#791597) |
|
3366 CVE-2017-5426: Gecko Media Plugin sandbox is not started if |
|
3367 seccomp-bpf filter is running (bmo#1257361) |
|
3368 CVE-2017-5427: Non-existent chrome.manifest file loaded during |
|
3369 startup (bmo#1295542) |
|
3370 CVE-2017-5418: Out of bounds read when parsing HTTP digest |
|
3371 authorization responses (bmo#1338876) |
|
3372 CVE-2017-5419: Repeated authentication prompts lead to DOS |
|
3373 attack (bmo#1312243) |
|
3374 CVE-2017-5420: Javascript: URLs can obfuscate addressbar |
|
3375 location (bmo#1284395) |
|
3376 CVE-2017-5405: FTP response codes can cause use of |
|
3377 uninitialized values for ports (bmo#1336699) |
|
3378 CVE-2017-5421: Print preview spoofing (bmo#1301876) |
|
3379 CVE-2017-5422: DOS attack by using view-source: protocol |
|
3380 repeatedly in one hyperlink (bmo#1295002) |
|
3381 CVE-2017-5399: Memory safety bugs fixed in Firefox 52 |
|
3382 CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and |
|
3383 Firefox ESR 45.8 |
|
3384 - removed obsolete patches |
|
3385 * mozilla-binutils-visibility.patch |
|
3386 * mozilla-check_return.patch |
|
3387 * mozilla-disable-skia-be.patch |
|
3388 * mozilla-skia-overflow.patch |
|
3389 * mozilla-skia-ppc-endianess.patch |
|
3390 - rebased patches |
|
3391 - enable rust usage for Tumbleweed |
|
3392 |
|
3393 ------------------------------------------------------------------- |
|
3394 Fri Jan 27 20:25:59 UTC 2017 - astieger@suse.com |
|
3395 |
|
3396 - Mozilla Firefox 51.0.1: |
|
3397 - Multiprocess incompatibility did not correctly register with |
|
3398 some add-ons (bmo#1333423) |
|
3399 |
|
3400 ------------------------------------------------------------------- |
|
3401 Fri Jan 20 13:57:56 UTC 2017 - wr@rosenauer.org |
|
3402 |
|
3403 - update to Firefox 51.0 |
|
3404 * requires NSPR >= 4.13.1, NSS >= 3.28.1 |
|
3405 * Added support for FLAC (Free Lossless Audio Codec) playback |
|
3406 * Added support for WebGL 2 |
|
3407 * Added Georgian (ka) and Kabyle (kab) locales |
|
3408 * Support saving passwords for forms without 'submit' events |
|
3409 * Improved video performance for users without GPU acceleration |
|
3410 * Zoom indicator is shown in the URL bar if the zoom level is not |
|
3411 at default level |
|
3412 * View passwords from the prompt before saving them |
|
3413 * Remove Belarusian (be) locale |
|
3414 * Use Skia for content rendering (Linux) |
|
3415 * MFSA 2017-01 |
|
3416 CVE-2017-5375: Excessive JIT code allocation allows bypass of |
|
3417 ASLR and DEP (bmo#1325200, boo#1021814) |
|
3418 CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) |
|
3419 CVE-2017-5377: Memory corruption with transforms to create |
|
3420 gradients in Skia (bmo#1306883, boo#1021826) |
|
3421 CVE-2017-5378: Pointer and frame data leakage of Javascript objects |
|
3422 (bmo#1312001, bmo#1330769, boo#1021818) |
|
3423 CVE-2017-5379: Use-after-free in Web Animations |
|
3424 (bmo#1309198,boo#1021827) |
|
3425 CVE-2017-5380: Potential use-after-free during DOM manipulations |
|
3426 (bmo#1322107, boo#1021819) |
|
3427 CVE-2017-5390: Insecure communication methods in Developer Tools |
|
3428 JSON viewer (bmo#1297361, boo#1021820) |
|
3429 CVE-2017-5389: WebExtensions can install additional add-ons via |
|
3430 modified host requests (bmo#1308688, boo#1021828) |
|
3431 CVE-2017-5396: Use-after-free with Media Decoder |
|
3432 (bmo#1329403, boo#1021821) |
|
3433 CVE-2017-5381: Certificate Viewer exporting can be used to navigate |
|
3434 and save to arbitrary filesystem locations |
|
3435 (bmo#1017616, boo#1021830) |
|
3436 CVE-2017-5382: Feed preview can expose privileged content errors |
|
3437 and exceptions (bmo#1295322, boo#1021831) |
|
3438 CVE-2017-5383: Location bar spoofing with unicode characters |
|
3439 (bmo#1323338, bmo#1324716, boo#1021822) |
|
3440 CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) |
|
3441 (bmo#1255474, boo#1021832) |
|
3442 CVE-2017-5385: Data sent in multipart channels ignores referrer-policy |
|
3443 response headers (bmo#1295945, boo#1021833) |
|
3444 CVE-2017-5386: WebExtensions can use data: protocol to affect other |
|
3445 extensions (bmo#1319070, boo#1021823) |
|
3446 CVE-2017-5394: Android location bar spoofing using fullscreen and |
|
3447 JavaScript events (bmo#1222798) |
|
3448 CVE-2017-5391: Content about: pages can load privileged about: pages |
|
3449 (bmo#1309310, boo#1021835) |
|
3450 CVE-2017-5392: Weak references using multiple threads on weak proxy |
|
3451 objects lead to unsafe memory usage (bmo#1293709) |
|
3452 (Android only) |
|
3453 CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for |
|
3454 mozAddonManager (bmo#1309282, boo#1021837) |
|
3455 CVE-2017-5395: Android location bar spoofing during scrolling |
|
3456 (bmo#1293463) (Android only) |
|
3457 CVE-2017-5387: Disclosure of local file existence through TRACK |
|
3458 tag error messages (bmo#1295023, boo#1021839) |
|
3459 CVE-2017-5388: WebRTC can be used to generate a large amount of |
|
3460 UDP traffic for DDOS attacks |
|
3461 (bmo#1281482, boo#1021840) |
|
3462 CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841) |
|
3463 CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and |
|
3464 Firefox ESR 45.7 (boo#1021824) |
|
3465 - switch Firefox to Gtk3 for Tumbleweed |
|
3466 - removed obsolete patches |
|
3467 * mozilla-flex_buffer_overrun.patch |
|
3468 - updated RPM locale support tag |
|
3469 - improve recognition of LANGUAGE env variable (boo#1017174) |
|
3470 - add upstream patch to fix PPC64LE (bmo#1319389) |
|
3471 (mozilla-skia-ppc-endianess.patch) |
|
3472 - fix build without skia (big endian archs) (bmo#1319374) |
|
3473 (mozilla-disable-skia-be.patch) |
|
3474 |
|
3475 ------------------------------------------------------------------- |
|
3476 Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org |
|
3477 |
|
3478 - update to Firefox 50.1.0 (boo#1015422) |
|
3479 * MFSA 2016-94 |
|
3480 CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628) |
|
3481 CVE-2016-9899: Use-after-free while manipulating DOM events and |
|
3482 audio elements (bmo#1317409) |
|
3483 CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272) |
|
3484 CVE-2016-9896: Use-after-free with WebVR (bmo#1315543) |
|
3485 CVE-2016-9897: Memory corruption in libGLES (bmo#1301381) |
|
3486 CVE-2016-9898: Use-after-free in Editor while manipulating |
|
3487 DOM subtrees (bmo#1314442) |
|
3488 CVE-2016-9900: Restricted external resources can be loaded by |
|
3489 SVG images through data URLs (bmo#1319122) |
|
3490 CVE-2016-9904: Cross-origin information leak in shared atoms |
|
3491 (bmo#1317936) |
|
3492 CVE-2016-9901: Data from Pocket server improperly sanitized |
|
3493 before execution (bmo#1320057) |
|
3494 CVE-2016-9902: Pocket extension does not validate the origin |
|
3495 of events (bmo#1320039) |
|
3496 CVE-2016-9903: XSS injection vulnerability in add-ons SDK |
|
3497 (bmo#1315435) |
|
3498 CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1 |
|
3499 CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and |
|
3500 Firefox ESR 45.6 |
|
3501 |
|
3502 ------------------------------------------------------------------- |
|
3503 Fri Dec 9 17:57:22 UTC 2016 - cgrobertson@novell.com |
|
3504 |
|
3505 - added patch mozilla-aarch64-startup-crash.patch (bsc#1011922) |
|
3506 |
|
3507 ------------------------------------------------------------------- |
|
3508 Thu Dec 1 02:49:45 UTC 2016 - wr@rosenauer.org |
|
3509 |
|
3510 - update to Firefox 50.0.2 |
|
3511 * Firefox crashes with 3rd party Chinese IME when using IME text |
|
3512 (50.0.1) |
|
3513 security fixes (in 50.0.1): (boo#1012807) |
|
3514 * MFSA 2016-91 |
|
3515 CVE-2016-9078: data: URL can inherit wrong origin after an |
|
3516 HTTP redirect (bmo#1317641) |
|
3517 security fixes (in 50.0.2) (boo#1012964) |
|
3518 * MFSA 2016-92 |
|
3519 CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066) |
|
3520 |
|
3521 ------------------------------------------------------------------- |
|
3522 Mon Nov 14 21:07:03 UTC 2016 - wr@rosenauer.org |
|
3523 |
|
3524 - update to Firefox 50.0 (boo#1009026) |
|
3525 * requires NSS 3.26.2 |
|
3526 new features |
|
3527 * Updates to keyboard shortcuts |
|
3528 Set a preference to have Ctrl+Tab cycle through tabs in recently |
|
3529 used order |
|
3530 View a page in Reader Mode by using Ctrl+Alt+R |
|
3531 * Added option to Find in page that allows users to limit search to |
|
3532 whole words only |
|
3533 * Added download protection for a large number of executable file |
|
3534 types on Windows, Mac and Linux |
|
3535 * Fixed rendering of dashed and dotted borders with rounded corners |
|
3536 (border-radius) |
|
3537 * Added a built-in Emoji set for operating systems without native |
|
3538 Emoji fonts (Windows 8.0 and lower and Linux) |
|
3539 * Blocked versions of libavcodec older than 54.35.1 |
|
3540 * additional locale |
|
3541 security fixes: |
|
3542 * MFSA 2016-89 |
|
3543 CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 |
|
3544 (bmo#1292443) |
|
3545 CVE-2016-5292: URL parsing causes crash (bmo#1288482) |
|
3546 CVE-2016-5293: Write to arbitrary file with updater and moz |
|
3547 maintenance service using updater.log hardlink |
|
3548 (Windows only) (bmo#1246945) |
|
3549 CVE-2016-5294: Arbitrary target directory for result files of |
|
3550 update process (Windows only) (bmo#1246972) |
|
3551 CVE-2016-5297: Incorrect argument length checking in Javascript |
|
3552 (bmo#1303678) |
|
3553 CVE-2016-9064: Addons update must verify IDs match between |
|
3554 current and new versions (bmo#1303418) |
|
3555 CVE-2016-9065: Firefox for Android location bar spoofing usingfullscreen |
|
3556 (Android only) (bmo#1306696) |
|
3557 CVE-2016-9066: Integer overflow leading to a buffer overflow in |
|
3558 nsScriptLoadHandler (bmo#1299686) |
|
3559 CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore |
|
3560 (bmo#1301777, bmo#1308922 (CVE-2016-9069)) |
|
3561 CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973) |
|
3562 CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile |
|
3563 (bmo#1300083) (Windows only) |
|
3564 CVE-2016-9075: WebExtensions can access the mozAddonManager API |
|
3565 and use it to gain elevated privileges (bmo#1295324) |
|
3566 CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied |
|
3567 to cross-origin images, allowing timing attacks on them |
|
3568 (bmo#1298552) |
|
3569 CVE-2016-5291: Same-origin policy violation using local HTML file |
|
3570 and saved shortcut file (bmo#1292159) |
|
3571 CVE-2016-5295: Mozilla Maintenance Service: Ability to read |
|
3572 arbitrary files as SYSTEM (Windows only) (bmo#1247239) |
|
3573 CVE-2016-5298: SSL indicator can mislead the user about the real |
|
3574 URL visited (bmo#1227538) (Android only) |
|
3575 CVE-2016-5299: Firefox AuthToken in broadcast protected with |
|
3576 signature-level permission can be accessed by an |
|
3577 application installed beforehand that defines the |
|
3578 same permissions (bmo#1245791) (Android only) |
|
3579 CVE-2016-9061: API Key (glocation) in broadcast protected with |
|
3580 signature-level permission can be accessed by an |
|
3581 application installed beforehand that defines the |
|
3582 same permissions (Android only) (bmo#1245795) |
|
3583 CVE-2016-9062: Private browsing browser traces (android) in |
|
3584 browser.db and wal file (Android only) (bmo#1294438) |
|
3585 CVE-2016-9070: Sidebar bookmark can have reference to chrome window |
|
3586 (bmo#1281071) |
|
3587 CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl" |
|
3588 (bmo#1289273) |
|
3589 CVE-2016-9074: Insufficient timing side-channel resistance in |
|
3590 divSpoiler (bmo#1293334) (fixed via NSS 3.26.1) |
|
3591 CVE-2016-9076: select dropdown menu can be used for URL bar |
|
3592 spoofing on e10s (bmo#1276976) |
|
3593 CVE-2016-9063: Possible integer overflow to fix inside XML_Parse |
|
3594 in expat (bmo#1274777) |
|
3595 CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP |
|
3596 (bmo#1285003) |
|
3597 CVE-2016-5289: Memory safety bugs fixed in Firefox 50 |
|
3598 CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 |
|
3599 - make aarch64 build more similar to x86_64 build (remove conditionals |
|
3600 that don't seem to be necessary anymore) |
|
3601 |
|
3602 ------------------------------------------------------------------- |
|
3603 Mon Oct 24 09:41:17 UTC 2016 - astieger@suse.com |
|
3604 |
|
3605 - Mozilla Firefox 49.0.2: |
|
3606 * CVE-2016-5287: Crash in nsTArray_base (bsc#1006475) |
|
3607 * CVE-2016-5288: Web content can read cache entries (bsc#1006476) |
|
3608 * Asynchronous rendering of the Flash plugins is now enabled by |
|
3609 default |
|
3610 * Change D3D9 default fallback preference to prevent graphical |
|
3611 artifacts |
|
3612 * Network issue prevents some users from seeing the Firefox UI on |
|
3613 startup |
|
3614 * Web compatibility issue with file uploads |
|
3615 * Web compatibility issue with Array.prototype.values |
|
3616 * Diagnostic information on timing for tab switching |
|
3617 * Fix a Canvas filters graphics issue affecting HTML5 apps |
|
3618 |
|
3619 ------------------------------------------------------------------- |
|
3620 Wed Oct 12 20:42:28 UTC 2016 - badshah400@gmail.com |
|
3621 |
|
3622 - Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0 |
|
3623 and fixes have been incorporated by upstream. |
|
3624 |
|
3625 ------------------------------------------------------------------- |
|
3626 Fri Sep 23 20:36:39 UTC 2016 - astieger@suse.com |
|
3627 |
|
3628 - Mozilla Firefox 49.0.1: |
|
3629 * Mitigate a startup crash issue caused by Websense - bmo#1304783 |
|
3630 |
|
3631 ------------------------------------------------------------------- |
|
3632 Tue Sep 20 07:09:52 UTC 2016 - wr@rosenauer.org |
|
3633 |
|
3634 - update to Firefox 49.0 (boo#999701) |
|
3635 new features |
|
3636 * Updated Firefox Login Manager to allow HTTPS pages to use saved |
|
3637 HTTP logins. |
|
3638 * Added features to Reader Mode that make it easier on the eyes and |
|
3639 the ears |
|
3640 * Improved video performance for users on systems that support |
|
3641 SSE3 without hardware acceleration |
|
3642 * Added context menu controls to HTML5 audio and video that let users |
|
3643 loops files or play files at 1.25x speed |
|
3644 * Improvements in about:memory reports for tracking font memory usage |
|
3645 security related |
|
3646 * MFSA 2016-85 |
|
3647 CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in |
|
3648 mozilla::net::IsValidReferrerPolicy |
|
3649 CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in |
|
3650 nsCaseTransformTextRunFactory::TransformString |
|
3651 CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in |
|
3652 PropertyProvider::GetSpacingInternal |
|
3653 CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin |
|
3654 CVE-2016-5273 (bmo#1280387) - crash in |
|
3655 mozilla::a11y::HyperTextAccessible::GetChildOffset |
|
3656 CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in |
|
3657 mozilla::a11y::DocAccessible::ProcessInvalidationList |
|
3658 CVE-2016-5274 (bmo#1282076) - use-after-free in |
|
3659 nsFrameManager::CaptureFrameState |
|
3660 CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick |
|
3661 CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in |
|
3662 mozilla::gfx::FilterSupport::ComputeSourceNeededRegions |
|
3663 CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in |
|
3664 nsBMPEncoder::AddImageFrame |
|
3665 CVE-2016-5279 (bmo#1249522) - Full local path of files is available |
|
3666 to web pages after drag and drop |
|
3667 CVE-2016-5280 (bmo#1289970) - Use-after-free in |
|
3668 mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap |
|
3669 CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength |
|
3670 CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons |
|
3671 from non-whitelisted schemes |
|
3672 CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can |
|
3673 reveal cross-origin data |
|
3674 CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration |
|
3675 CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 |
|
3676 CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 |
|
3677 - removed obsolete patches: |
|
3678 * mozilla-aarch64-48bit-va.patch |
|
3679 * mozilla-exclude-nametablecpp.patch |
|
3680 * mozilla-old_configure-bmo1282843.patch |
|
3681 - added patch mozilla-skia-overflow.patch (bmo#1304114) |
|
3682 - requires NSS 3.25 |
|
3683 |
|
3684 ------------------------------------------------------------------- |
|
3685 Tue Aug 30 20:25:38 UTC 2016 - astieger@suse.com |
|
3686 |
|
3687 - Mozilla Firefox 48.0.2: |
|
3688 * Mitigate a startup crash issue caused on Windows (bmo#1291738) |
|
3689 |
|
3690 ------------------------------------------------------------------- |
|
3691 Sat Aug 20 10:58:26 UTC 2016 - astieger@suse.com |
|
3692 |
|
3693 - Mozilla Firefox 48.0.1: |
|
3694 * Fix an audio regression impacting some major websites |
|
3695 (bmo#1295296) |
|
3696 * Fix a top crash in the JavaScript engine (bmo#1290469) |
|
3697 * Fix a startup crash issue caused by Websense (bmo#1291738) |
|
3698 * Fix a different behavior with e10s / non-e10s on <select> and |
|
3699 mouse events (bmo#1291078) |
|
3700 * Fix a top crash caused by plugin issues (bmo#1264530) |
|
3701 * Fix a shutdown issue (bmo#1276920) |
|
3702 * Fix a crash in WebRTC |
|
3703 |
|
3704 ------------------------------------------------------------------- |
|
3705 Mon Aug 15 11:24:00 UTC 2016 - wr@rosenauer.org |
|
3706 |
|
3707 - added upstream patch so system plugins/extensions are correctly |
|
3708 loaded again on x86-64 (bmo#1282843) |
|
3709 (mozilla-old_configure-bmo1282843.patch) |
|
3710 |
|
3711 ------------------------------------------------------------------- |
|
3712 Fri Aug 5 13:47:12 UTC 2016 - pcerny@suse.com |
|
3713 |
|
3714 - Fix for possible buffer overrun (bsc#990856) |
|
3715 CVE-2016-6354 (bmo#1292534) |
|
3716 [mozilla-flex_buffer_overrun.patch] |
|
3717 |
|
3718 ------------------------------------------------------------------- |
|
3719 Wed Aug 3 03:38:47 UTC 2016 - badshah400@gmail.com |
|
3720 |
|
3721 - Update mozilla-gtk3_20.patch to latest version from Fedora. |
|
3722 |
|
3723 ------------------------------------------------------------------- |
|
3724 Mon Aug 1 12:37:05 UTC 2016 - wr@rosenauer.org |
|
3725 |
|
3726 - update to Firefox 48.0 (boo#991809) |
|
3727 * requires NSS 3.24 |
|
3728 * Process separation (e10s) is enabled for some of you |
|
3729 * Add-ons that have not been verified and signed by Mozilla will not load |
|
3730 * WebRTC embetterments |
|
3731 * The media parser has been redeveloped using the Rust programming |
|
3732 language |
|
3733 * better Canvas performance with speedy Skia support |
|
3734 security fixes: |
|
3735 * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 |
|
3736 Miscellaneous memory safety hazards |
|
3737 * MFSA 2016-63/CVE-2016-2830 (bmo#1255270) |
|
3738 Favicon network connection can persist when page is closed |
|
3739 * MFSA 2016-64/CVE-2016-2838 (bmo#1279814) |
|
3740 Buffer overflow rendering SVG with bidirectional content |
|
3741 * MFSA 2016-65/CVE-2016-2839 (bmo#1275339) |
|
3742 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 |
|
3743 * MFSA 2016-66/CVE-2016-5251 (bmo#1255570) |
|
3744 Location bar spoofing via data URLs with malformed/invalid mediatypes |
|
3745 * MFSA 2016-67/CVE-2016-5252 (bmo#1268854) |
|
3746 Stack underflow during 2D graphics rendering |
|
3747 * MFSA 2016-68/CVE-2016-0718 (bmo#1236923) |
|
3748 Out-of-bounds read during XML parsing in Expat library |
|
3749 * MFSA 2016-69/CVE-2016-5253 (bmo#1246944) |
|
3750 Arbitrary file manipulation by local user through Mozilla updater |
|
3751 and callback application path parameter (Windows-only) |
|
3752 * MFSA 2016-70/CVE-2016-5254 (bmo#1266963) |
|
3753 Use-after-free when using alt key and toplevel menus |
|
3754 * MFSA 2016-71/CVE-2016-5255 (bmo#1212356) |
|
3755 Crash in incremental garbage collection in JavaScript |
|
3756 * MFSA 2016-72/CVE-2016-5258 (bmo#1279146) |
|
3757 Use-after-free in DTLS during WebRTC session shutdown |
|
3758 * MFSA 2016-73/CVE-2016-5259 (bmo#1282992) |
|
3759 Use-after-free in service workers with nested sync events |
|
3760 * MFSA 2016-74/CVE-2016-5260 (bmo#1280294) |
|
3761 Form input type change from password to text can store plain |
|
3762 text password in session restore file |
|
3763 * MFSA 2016-75/CVE-2016-5261 (bmo#1287266) |
|
3764 Integer overflow in WebSockets during data buffering |
|
3765 * MFSA 2016-76/CVE-2016-5262 (bmo#1277475) |
|
3766 Scripts on marquee tag can execute in sandboxed iframes |
|
3767 * MFSA 2016-77/CVE-2016-2837 (bmo#1274637) |
|
3768 Buffer overflow in ClearKey Content Decryption Module (CDM) |
|
3769 during video playback |
|
3770 * MFSA 2016-78/CVE-2016-5263 (bmo#1276897) |
|
3771 Type confusion in display transformation |
|
3772 * MFSA 2016-79/CVE-2016-5264 (bmo#1286183) |
|
3773 Use-after-free when applying SVG effects |
|
3774 * MFSA 2016-80/CVE-2016-5265 (bmo#1278013) |
|
3775 Same-origin policy violation using local HTML file and saved shortcut file |
|
3776 * MFSA 2016-81/CVE-2016-5266 (bmo#1226977) |
|
3777 Information disclosure and local file manipulation through drag and drop |
|
3778 * MFSA 2016-82/CVE-2016-5267 (bmo#1284372) |
|
3779 Addressbar spoofing with right-to-left characters on Firefox for Android |
|
3780 (Android only) |
|
3781 * MFSA 2016-83/CVE-2016-5268 (bmo#1253673) |
|
3782 Spoofing attack through text injection into internal error pages |
|
3783 * MFSA 2016-84/CVE-2016-5250 (bmo#1254688) |
|
3784 Information disclosure through Resource Timing API during page navigation |
|
3785 - removed obsolete mozilla-gcc6.patch |
|
3786 |
|
3787 ------------------------------------------------------------------- |
|
3788 Fri Jul 29 01:26:13 UTC 2016 - badshah400@gmail.com |
|
3789 |
|
3790 - Update description and screenshots in appdata.xml file. |
|
3791 |
|
3792 ------------------------------------------------------------------- |
|
3793 Sat Jul 23 20:13:08 UTC 2016 - antoine.belvire@laposte.net |
|
3794 |
|
3795 - Fix Firefox crash on startup on i586 (boo#986541): |
|
3796 * Add -fno-delete-null-pointer-checks and |
|
3797 -fno-inline-small-functions to CFLAGS |
|
3798 |
|
3799 ------------------------------------------------------------------- |
|
3800 Tue Jul 19 20:12:11 UTC 2016 - mailaender@opensuse.org |
|
3801 |
|
3802 - Update the appdata.xml file (replace Windows XP screenshot) |
|
3803 |
|
3804 ------------------------------------------------------------------- |
|
3805 Wed Jun 29 09:25:41 UTC 2016 - astieger@suse.com |
|
3806 |
|
3807 - Mozilla Firefox 47.0.1: |
|
3808 * Selenium WebDriver may cause Firefox to crash at startup |
|
3809 (bmo#1280854) |
|
3810 |
|
3811 ------------------------------------------------------------------- |
|
3812 Wed Jun 15 07:52:18 UTC 2016 - wr@rosenauer.org |
|
3813 |
|
3814 - mozilla-binutils-visibility.patch to fix build issues with |
|
3815 gcc/binutils combination used in Leap 42.2 (boo#984637) |
|
3816 |
|
3817 ------------------------------------------------------------------- |
|
3818 Tue Jun 14 08:35:03 UTC 2016 - badshah400@gmail.com |
|
3819 |
|
3820 - Update mozilla-gtk3_20.patch to latest version from Fedora. |
|
3821 |
|
3822 ------------------------------------------------------------------- |
|
3823 Mon Jun 13 20:28:01 UTC 2016 - agraf@suse.com |
|
3824 |
|
3825 - Fix running on 48bit va aarch64 (bsc#984126) |
|
3826 * add patch mozilla-aarch64-48bit-va.patch |
|
3827 |
|
3828 ------------------------------------------------------------------- |
|
3829 Mon Jun 13 15:27:13 UTC 2016 - wr@rosenauer.org |
|
3830 |
|
3831 - fix XUL dialog button order under KDE session (boo#984403) |
|
3832 |
|
3833 ------------------------------------------------------------------- |
|
3834 Tue Jun 7 19:47:25 UTC 2016 - wr@rosenauer.org |
|
3835 |
|
3836 - update to Firefox 47.0 (boo#983549) |
|
3837 * Enable VP9 video codec for users with fast machines |
|
3838 * Embedded YouTube videos now play with HTML5 video if Flash is |
|
3839 not installed |
|
3840 * View and search open tabs from your smartphone or another |
|
3841 computer in a sidebar |
|
3842 * Allow no-cache on back/forward navigations for https resources |
|
3843 security fixes: |
|
3844 * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818 |
|
3845 (boo#983638) |
|
3846 (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743, |
|
3847 bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493, |
|
3848 bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752, |
|
3849 bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130, |
|
3850 bmo#1269729, bmo#1273202, bmo#1273701) |
|
3851 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) |
|
3852 * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381) |
|
3853 Buffer overflow parsing HTML5 fragments |
|
3854 * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460) |
|
3855 Use-after-free deleting tables from a contenteditable document |
|
3856 * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129) |
|
3857 Addressbar spoofing though the SELECT element |
|
3858 * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580) |
|
3859 Out-of-bounds write with WebGL shader |
|
3860 * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093) |
|
3861 Partial same-origin-policy through setting location.host |
|
3862 through data URI |
|
3863 * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810) |
|
3864 Use-after-free when textures are used in WebGL operations |
|
3865 after recycle pool destruction |
|
3866 * MFSA 2016-57/CVE-2016-2829 (boo#983644) (bmo#1248329) |
|
3867 Incorrect icon displayed on permissions notifications |
|
3868 * MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933) |
|
3869 Entering fullscreen and persistent pointerlock without user |
|
3870 permission |
|
3871 * MFSA 2016-59/CVE-2016-2832 (boo#983632) (bmo#1025267) |
|
3872 Information disclosure of disabled plugins through CSS |
|
3873 pseudo-classes |
|
3874 * MFSA 2016-60/CVE-2016-2833 (boo#983640) (bmo#908933) |
|
3875 Java applets bypass CSP protections |
|
3876 * MFSA 2016-62/CVE-2016-2834 (boo#983639) (bmo#1206283, |
|
3877 bmo#1221620, bmo#1241034, bmo#1241037) |
|
3878 Network Security Services (NSS) vulnerabilities |
|
3879 fixed by requiring NSS 3.23 |
|
3880 packaging changes: |
|
3881 * cleanup configure options (boo#981695): |
|
3882 - notably remove GStreamer support which is gone from FF |
|
3883 * remove obsolete patches |
|
3884 - mozilla-libproxy.patch |
|
3885 - mozilla-repo.patch |
|
3886 |
|
3887 ------------------------------------------------------------------- |
|
3888 Wed May 25 16:36:23 UTC 2016 - badshah400@gmail.com |
|
3889 |
|
3890 - The conditional testing for gcc was failing for different |
|
3891 openSUSE versions, drop it and apply patches unconditionally. |
|
3892 |
|
3893 ------------------------------------------------------------------- |
|
3894 Mon May 23 15:30:27 UTC 2016 - badshah400@gmail.com |
|
3895 |
|
3896 - Add patches to fix building with gcc6: |
|
3897 + mozilla-gcc6.patch: fix building with gcc >= 6.1; patch |
|
3898 taken from upstream: |
|
3899 https://hg.mozilla.org/mozilla-central/rev/55212130f19d. |
|
3900 + mozilla-exclude-nametablecpp.patch: Exclude NameTable.cpp |
|
3901 from unified compilation because #include <cmath> in other |
|
3902 source files causes gcc6 compilation failure; patch taken from |
|
3903 upstream: |
|
3904 https://hg.mozilla.org/mozilla-central/rev/9c57b7cacffc. |
|
3905 |
|
3906 ------------------------------------------------------------------- |
|
3907 Fri May 13 00:00:00 CEST 2016 - dsterba@suse.cz |
|
3908 |
|
3909 - enable build with PIE and full relro on x86_64 (boo#980384) |
|
3910 |
|
3911 ------------------------------------------------------------------- |
|
3912 Wed May 4 10:27:43 UTC 2016 - wr@rosenauer.org |
|
3913 |
|
3914 - update to Firefox 46.0.1 |
|
3915 Fixed: |
|
3916 * Search plugin issue for various locales |
|
3917 * Add-on signing certificate expiration |
|
3918 * Service worker update issue |
|
3919 * Build issue when jit is disabled |
|
3920 * Limit Sync registration updates |
|
3921 - removed now obsolete mozilla-jit_branch64.patch |
|
3922 |
|
3923 ------------------------------------------------------------------- |
|
3924 Tue May 3 15:47:18 UTC 2016 - normand@linux.vnet.ibm.com |
|
3925 |
|
3926 - add mozilla-jit_branch64.patch to avoid PowerPC build failure |
|
3927 (from bmo#1266366) |
|
3928 |
|
3929 ------------------------------------------------------------------- |
|
3930 Wed Apr 27 08:39:28 UTC 2016 - badshah400@gmail.com |
|
3931 |
|
3932 - Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest |
|
3933 version from Fedora). |
|
3934 |
|
3935 ------------------------------------------------------------------- |
|
3936 Wed Apr 27 06:09:30 UTC 2016 - wr@rosenauer.org |
|
3937 |
|
3938 - update to Firefox 46.0 (boo#977333) |
|
3939 * Improved security of the JavaScript Just In Time (JIT) Compiler |
|
3940 * WebRTC fixes to improve performance and stability |
|
3941 * Added support for document.elementsFromPoint |
|
3942 * Added HKDF support for Web Crypto API |
|
3943 * requires NSPR 4.12 and NSS 3.22.3 |
|
3944 * added patch to fix unchecked return value |
|
3945 mozilla-check_return.patch |
|
3946 * Gtk3 builds not supported at the moment |
|
3947 security fixes: |
|
3948 * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807 |
|
3949 (boo#977373, boo#977375, boo#977376) |
|
3950 Miscellaneous memory safety hazards |
|
3951 * MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377) |
|
3952 Privilege escalation through file deletion by Maintenance Service updater |
|
3953 (Windows only) |
|
3954 * MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378) |
|
3955 Content provider permission bypass allows malicious application |
|
3956 to access data (Android only) |
|
3957 * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 |
|
3958 (bmo#1252330, bmo#1261776, boo#977379) |
|
3959 Use-after-free and buffer overflow in Service Workers |
|
3960 * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380) |
|
3961 Disclosure of user actions through JavaScript with motion and |
|
3962 orientation sensors (only affects mobile variants) |
|
3963 * MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381) |
|
3964 Buffer overflow in libstagefright with CENC offsets |
|
3965 * MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382) |
|
3966 CSP not applied to pages sent with multipart/x-mixed-replace |
|
3967 * MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384) |
|
3968 Elevation of privilege with chrome.tabs.update API in web extensions |
|
3969 * MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386) |
|
3970 Write to invalid HashMap entry through JavaScript.watch() |
|
3971 * MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388) |
|
3972 Firefox Health Reports could accept events from untrusted domains |
|
3973 |
|
3974 ------------------------------------------------------------------- |
|
3975 Thu Apr 21 12:00:28 UTC 2016 - badshah400@gmail.com |
|
3976 |
|
3977 - Update mozilla-gtk3_20.patch to fix scrollbar appearance under |
|
3978 gtk >= 3.20 (patch synced to Fedora's version). |
|
3979 |
|
3980 ------------------------------------------------------------------- |
|
3981 Tue Apr 12 19:11:30 UTC 2016 - badshah400@gmail.com |
|
3982 |
|
3983 - Compile against gtk3 depending on whether the macro |
|
3984 %firefox_use_gtk3 is defined or not (e.g., at the prjconf |
|
3985 level); macro is undefined by default and so gtk2 is used as the |
|
3986 default toolkit. |
|
3987 - Add BuildRequires for additional packages needed when building |
|
3988 against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0), |
|
3989 pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0). |
|
3990 - Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20; |
|
3991 patch taken from Fedora (bmo#1230955). |
|
3992 |
|
3993 ------------------------------------------------------------------- |
|
3994 Mon Apr 11 22:49:24 UTC 2016 - astieger@suse.com |
|
3995 |
|
3996 - Mozilla Firefox 45.0.2: |
|
3997 * Fix an issue impacting the cookie header when third-party |
|
3998 cookies are blocked (bmo#1257861) |
|
3999 * Fix a web compatibility regression impacting the srcset |
|
4000 attribute of the image tag (bmo#1259482) |
|
4001 * Fix a crash impacting the video playback with Media Source |
|
4002 Extension (bmo#1258562) |
|
4003 * Fix a regression impacting some specific uploads (bmo#1255735) |
|
4004 * Fix a regression with the copy and paste with some old versions |
|
4005 of some Gecko applications like Thunderbird (bmo#1254980) |
|
4006 |
|
4007 ------------------------------------------------------------------- |
|
4008 Fri Mar 18 08:52:58 UTC 2016 - astieger@suse.com |
|
4009 |
|
4010 - Mozilla Firefox 45.0.1: |
|
4011 * Fix a regression causing search engine settings to be lost in |
|
4012 some context (bmo#1254694) |
|
4013 * Bring back non-standard jar: URIs to fix a regression in IBM |
|
4014 iNotes (bmo#1255139) |
|
4015 * XSLTProcessor.importStylesheet was failing when <import> was |
|
4016 used (bmo#1249572) |
|
4017 * Fix an issue which could cause the list of search provider to |
|
4018 be empty (bmo#1255605) |
|
4019 * Fix a regression when using the location bar (bmo#1254503) |
|
4020 * Fix some loading issues when Accept third-party cookies: was |
|
4021 set to Never (bmo#1254856) |
|
4022 * Disabled Graphite font shaping library |
|
4023 |
|
4024 ------------------------------------------------------------------- |
|
4025 Sun Mar 6 19:52:13 UTC 2016 - wr@rosenauer.org |
|
4026 |
|
4027 - update to Firefox 45.0 (boo#969894) |
|
4028 * requires NSPR 4.12 / NSS 3.21.1 |
|
4029 * Instant browser tab sharing through Hello |
|
4030 * Synced Tabs button in button bar |
|
4031 * Tabs synced via Firefox Accounts from other devices are now shown |
|
4032 in dropdown area of Awesome Bar when searching |
|
4033 * Introduce a new preference (network.dns.blockDotOnion) to allow |
|
4034 blocking .onion at the DNS level |
|
4035 * Tab Groups (Panorama) feature removed |
|
4036 * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 |
|
4037 Miscellaneous memory safety hazards |
|
4038 * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) |
|
4039 Local file overwriting and potential privilege escalation through |
|
4040 CSP reports |
|
4041 * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) |
|
4042 CSP reports fail to strip location information for embedded iframe pages |
|
4043 * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) |
|
4044 Linux video memory DOS with Intel drivers |
|
4045 * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) |
|
4046 Memory leak in libstagefright when deleting an array during MP4 |
|
4047 processing |
|
4048 * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) |
|
4049 Displayed page address can be overridden |
|
4050 * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) |
|
4051 Service Worker Manager out-of-bounds read in Service Worker Manager |
|
4052 * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) |
|
4053 Use-after-free in HTML5 string parser |
|
4054 * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) |
|
4055 Use-after-free in SetBody |
|
4056 * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) |
|
4057 Use-after-free when using multiple WebRTC data channels |
|
4058 * MFSA 2016-26/CVE-2016-1963 (bmo#1238440) |
|
4059 Memory corruption when modifying a file being read by FileReader |
|
4060 * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) |
|
4061 Use-after-free during XML transformations |
|
4062 * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) |
|
4063 Addressbar spoofing though history navigation and Location protocol |
|
4064 property |
|
4065 * MFSA 2016-29/CVE-2016-1967 (bmo#1246956) |
|
4066 Same-origin policy violation using perfomance.getEntries and |
|
4067 history navigation with session restore |
|
4068 * MFSA 2016-30/CVE-2016-1968 (bmo#1246742) |
|
4069 Buffer overflow in Brotli decompression |
|
4070 * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) |
|
4071 Memory corruption with malicious NPAPI plugin |
|
4072 * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ |
|
4073 CVE-2016-1976/CVE-2016-1972 |
|
4074 WebRTC and LibVPX vulnerabilities found through code inspection |
|
4075 * MFSA 2016-33/CVE-2016-1973 (bmo#1219339) |
|
4076 Use-after-free in GetStaticInstance in WebRTC |
|
4077 * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) |
|
4078 Out-of-bounds read in HTML parser following a failed allocation |
|
4079 * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) |
|
4080 Buffer overflow during ASN.1 decoding in NSS |
|
4081 (fixed by requiring 3.21.1) |
|
4082 * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) |
|
4083 Use-after-free during processing of DER encoded keys in NSS |
|
4084 (fixed by requiring 3.21.1) |
|
4085 * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ |
|
4086 CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ |
|
4087 CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ |
|
4088 CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 |
|
4089 Font vulnerabilities in the Graphite 2 library |
|
4090 |
|
4091 ------------------------------------------------------------------- |
|
4092 Sat Mar 5 15:27:00 UTC 2016 - olaf@aepfle.de |
|
4093 |
|
4094 - Remove B_CNT from symbols.zip filename to reduce build-compare noise |
|
4095 |
|
4096 ------------------------------------------------------------------- |
|
4097 Fri Feb 26 16:22:52 UTC 2016 - astieger@suse.com |
|
4098 |
|
4099 - fix build problems on i586, caused by too large unified compile |
|
4100 units - adding mozilla-reduce-files-per-UnifiedBindings.patch |
|
4101 |
|
4102 ------------------------------------------------------------------- |
|
4103 Thu Feb 11 07:51:34 UTC 2016 - wr@rosenauer.org |
|
4104 |
|
4105 - update to Firefox 44.0.2 |
|
4106 * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) |
|
4107 Same-origin-policy violation using Service Workers with plugins |
|
4108 * Fix issue which could lead to the removal of stored passwords |
|
4109 under certain circumstances (bmo#1242176) |
|
4110 * Allows spaces in cookie names (bmo#1244505) |
|
4111 * Disable opus/vorbis audio with H.264 (bmo#1245696) |
|
4112 * Fix for graphics startup crash (GNU/Linux) (bmo#1222171) |
|
4113 * Fix a crash in cache networking (bmo#1244076) |
|
4114 * Fix using WebSockets in service worker controlled pages (bmo#1243942) |
|
4115 |
|
4116 ------------------------------------------------------------------- |
|
4117 Sat Jan 30 08:28:17 UTC 2016 - dmueller@suse.com |
|
4118 |
|
4119 - build fixes for arm/aarch64: |
|
4120 * disable webrtc for arm/aarch64 |
|
4121 * switch away from openGL-ES backend to default for arm/aarch64 |
|
4122 since it almost never builds |
|
4123 * reenable neon |
|
4124 - reenable webrtc for powerpc as it seems to build |
|
4125 |
|
4126 ------------------------------------------------------------------- |
|
4127 Sun Jan 24 09:33:15 UTC 2016 - wr@rosenauer.org |
|
4128 |
|
4129 - update to Firefox 44.0 |
|
4130 * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633 |
|
4131 Miscellaneous memory safety hazards |
|
4132 * MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634 |
|
4133 Out of Memory crash when parsing GIF format images |
|
4134 * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635 |
|
4135 Buffer overflow in WebGL after out of memory allocation |
|
4136 * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637 |
|
4137 Firefox allows for control characters to be set in cookie names |
|
4138 * MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641 |
|
4139 Missing delay following user click events in protocol handler dialog |
|
4140 * MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731 |
|
4141 Errors in mp_div and mp_exptmod cryptographic functions in NSS |
|
4142 (fixed by requiring NSS 3.21) |
|
4143 * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590) |
|
4144 Addressbar spoofing attacks boo#963643 |
|
4145 * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946 |
|
4146 (bmo#1186621, bmo#1214782, bmo#1232096) boo#963644 |
|
4147 Unsafe memory manipulation found through code inspection |
|
4148 * MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645 |
|
4149 Application Reputation service disabled in Firefox 43 |
|
4150 * requires NSPR 4.11 |
|
4151 * requires NSS 3.21 |
|
4152 - prepare mozilla-kde.patch for Gtk3 builds |
|
4153 - rebased patches |
|
4154 |
|
4155 ------------------------------------------------------------------- |
|
4156 Mon Jan 11 08:04:24 UTC 2016 - astieger@suse.com |
|
4157 |
|
4158 - Mozilla Firefox 43.0.4: |
|
4159 * Re-enable SHA-1 certificates to prevent outdated |
|
4160 man-in-the-middle security devices from interfering with |
|
4161 properly secured SSL/TLS connections (bmo#1236975) |
|
4162 * Fix for startup crash for users of a third party antivirus tool |
|
4163 (bmo#1235537) |
|
4164 - The following change was previously in the package as a patch: |
|
4165 * Multi-user GNU/Linux download folders can be created |
|
4166 (bmo#1233434), removed mozilla-bmo1233434.patch |
|
4167 |
|
4168 ------------------------------------------------------------------- |
|
4169 Tue Dec 29 20:29:35 UTC 2015 - wr@rosenauer.org |
|
4170 |
|
4171 - update to Firefox 43.0.3 |
|
4172 * requires NSS 3.20.2 to fix |
|
4173 MFSA 2015-150/CVE-2015-7575 (bmo#1158489) |
|
4174 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in |
|
4175 server signature |
|
4176 * various changes to support Windows update (SHA-1 vs. SHA-2) |
|
4177 * workaround Youtube user agent detection issue (bmo#1233970) |
|
4178 - fix file download regression for multi user systems |
|
4179 (bmo#1233434) (mozilla-bmo1233434.patch) |
|
4180 - explicitely requires libXcomposite-devel |
|
4181 |
|
4182 ------------------------------------------------------------------- |
|
4183 Sun Dec 13 23:07:56 UTC 2015 - wr@rosenauer.org |
|
4184 |
|
4185 - update to Firefox 43.0 (bnc#959277) |
|
4186 * Improved API support for m4v video playback |
|
4187 * Users can opt-in to receive search suggestions from the Awesome Bar |
|
4188 * WebRTC streaming on multiple monitors |
|
4189 * User selectable second block list for Private Browsing's Tracking |
|
4190 Protection |
|
4191 security fixes: |
|
4192 * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 |
|
4193 Miscellaneous memory safety hazards |
|
4194 * MFSA 2015-135/CVE-2015-7204 (bmo#1216130) |
|
4195 Crash with JavaScript variable assignment with unboxed objects |
|
4196 * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) |
|
4197 Same-origin policy violation using perfomance.getEntries and |
|
4198 history navigation |
|
4199 * MFSA 2015-137/CVE-2015-7208 (bmo#1191423) |
|
4200 Firefox allows for control characters to be set in cookies |
|
4201 * MFSA 2015-138/CVE-2015-7210 (bmo#1218326) |
|
4202 Use-after-free in WebRTC when datachannel is used after being |
|
4203 destroyed |
|
4204 * MFSA 2015-139/CVE-2015-7212 (bmo#1222809) |
|
4205 Integer overflow allocating extremely large textures |
|
4206 * MFSA 2015-140/CVE-2015-7215 (bmo#1160890) |
|
4207 Cross-origin information leak through web workers error events |
|
4208 * MFSA 2015-141/CVE-2015-7211 (bmo#1221444) |
|
4209 Hash in data URI is incorrectly parsed |
|
4210 * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) |
|
4211 DOS due to malformed frames in HTTP/2 |
|
4212 * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) |
|
4213 Linux file chooser crashes on malformed images due to flaws in |
|
4214 Jasper library |
|
4215 * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 |
|
4216 (bmo#1201183, bmo#1178033, bmo#1199400) |
|
4217 Buffer overflows found through code inspection |
|
4218 * MFSA 2015-145/CVE-2015-7205 (bmo#1220493) |
|
4219 Underflow through code inspection |
|
4220 * MFSA 2015-146/CVE-2015-7213 (bmo#1206211) |
|
4221 Integer overflow in MP4 playback in 64-bit versions |
|
4222 * MFSA 2015-147/CVE-2015-7222 (bmo#1216748) |
|
4223 Integer underflow and buffer overflow processing MP4 metadata in |
|
4224 libstagefright |
|
4225 * MFSA 2015-148/CVE-2015-7223 (bmo#1226423) |
|
4226 Privilege escalation vulnerabilities in WebExtension APIs |
|
4227 * MFSA 2015-149/CVE-2015-7214 (bmo#1228950) |
|
4228 Cross-site reading attack through data and view-source URIs |
|
4229 - rebased patches |
|
4230 |
|
4231 ------------------------------------------------------------------- |
|
4232 Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org |
|
4233 |
|
4234 - Add desktop menu action for private browsing window to desktop |
|
4235 file (boo#954747) |
|
4236 - remove obsolete patch mozilla-bmo1005535.patch completely from |
|
4237 source package to avoid automatic check failures |
|
4238 |
|
4239 ------------------------------------------------------------------- |
|
4240 Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org |
|
4241 |
|
4242 - update to Firefox 42.0 (bnc#952810) |
|
4243 * Private Browsing with Tracking Protection blocks certain Web |
|
4244 elements that could be used to record your behavior across sites |
|
4245 * Control Center that contains site security and privacy controls |
|
4246 * Login Manager improvements |
|
4247 * WebRTC improvements |
|
4248 * Indicator added to tabs that play audio with one-click muting |
|
4249 * Media Source Extension for HTML5 video available for all sites |
|
4250 security fixes: |
|
4251 * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 |
|
4252 Miscellaneous memory safety hazards |
|
4253 * MFSA 2015-117/CVE-2015-4515 (bmo#1046421) |
|
4254 Information disclosure through NTLM authentication |
|
4255 * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) |
|
4256 CSP bypass due to permissive Reader mode whitelist |
|
4257 * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) |
|
4258 Firefox for Android addressbar can be removed after fullscreen mode |
|
4259 * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) |
|
4260 Reading sensitive profile files through local HTML file on Android |
|
4261 * MFSA 2015-121/CVE-2015-7187 (bmo#1195735) |
|
4262 disabling scripts in Add-on SDK panels has no effect |
|
4263 * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) |
|
4264 Trailing whitespace in IP address hostnames can bypass same-origin policy |
|
4265 * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) |
|
4266 Buffer overflow during image interactions in canvas |
|
4267 * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) |
|
4268 Android intents can be used on Firefox for Android to open privileged files |
|
4269 * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) |
|
4270 XSS attack through intents on Firefox for Android |
|
4271 * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) |
|
4272 Crash when accessing HTML tables with accessibility tools on OS X |
|
4273 * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) |
|
4274 CORS preflight is bypassed when non-standard Content-Type headers |
|
4275 are received |
|
4276 * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) |
|
4277 Memory corruption in libjar through zip files |
|
4278 * MFSA 2015-129/CVE-2015-7195 (bmo#1211871) |
|
4279 Certain escaped characters in host of Location-header are being |
|
4280 treated as non-escaped |
|
4281 * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) |
|
4282 JavaScript garbage collection crash with Java applet |
|
4283 * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 |
|
4284 (bmo#1188010, bmo#1204061, bmo#1204155) |
|
4285 Vulnerabilities found through code inspection |
|
4286 * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) |
|
4287 Mixed content WebSocket policy bypass through workers |
|
4288 * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 |
|
4289 (bmo#1202868, bmo#1205157) |
|
4290 NSS and NSPR memory corruption issues |
|
4291 (fixed in mozilla-nspr and mozilla-nss packages) |
|
4292 - requires NSPR >= 4.10.10 and NSS >= 3.19.4 |
|
4293 - removed obsolete patches |
|
4294 * mozilla-arm-disable-edsp.patch |
|
4295 * mozilla-icu-strncat.patch |
|
4296 * mozilla-skia-be-le.patch |
|
4297 * toolkit-download-folder.patch |
|
4298 - fixed build with enable-libproxy (bmo#1220399) |
|
4299 * mozilla-libproxy.patch |
|
4300 |
|
4301 ------------------------------------------------------------------- |
|
4302 Thu Oct 15 08:25:54 UTC 2015 - wr@rosenauer.org |
|
4303 |
|
4304 - update to Firefox 41.0.2 (bnc#950686) |
|
4305 * MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669) |
|
4306 Cross-origin restriction bypass using Fetch |
|
4307 - added explicit appdata provides (bnc#949983) |
|
4308 |
|
4309 ------------------------------------------------------------------- |
|
4310 Sun Oct 4 09:20:56 UTC 2015 - wr@rosenauer.org |
|
4311 |
|
4312 - do not build with --enable-stdcxx-compat |
|
4313 (this starts to fail build on various toolchain combinations |
|
4314 and is not required for openSUSE builds in general |
|
4315 |
|
4316 ------------------------------------------------------------------- |
|
4317 Thu Oct 1 09:49:57 UTC 2015 - wr@rosenauer.org |
|
4318 |
|
4319 - update to Firefox 41.0.1 |
|
4320 * Fix a startup crash related to Yandex toolbar and Adblock Plus |
|
4321 (bmo#1209124) |
|
4322 * Fix potential hangs with Flash plugins (bmo#1185639) |
|
4323 * Fix a regression in the bookmark creation (bmo#1206376) |
|
4324 * Fix a startup crash with some Intel Media Accelerator 3150 |
|
4325 graphic cards (bmo#1207665) |
|
4326 * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601) |
|
4327 |
|
4328 ------------------------------------------------------------------- |
|
4329 Sat Sep 19 20:23:29 UTC 2015 - wr@rosenauer.org |
|
4330 |
|
4331 - update to Firefox 41.0 (bnc#947003) |
|
4332 * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 |
|
4333 Miscellaneous memory safety hazards |
|
4334 * MFSA 2015-97/CVE-2015-4503 (bmo#994337) |
|
4335 Memory leak in mozTCPSocket to servers |
|
4336 * MFSA 2015-98/CVE-2015-4504 (bmo#1132467) |
|
4337 Out of bounds read in QCMS library with ICC V4 profile attributes |
|
4338 * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) |
|
4339 Site attribute spoofing on Android by pasting URL with unknown scheme |
|
4340 * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) |
|
4341 Arbitrary file manipulation by local user through Mozilla updater |
|
4342 * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) |
|
4343 Buffer overflow in libvpx while parsing vp9 format video |
|
4344 * MFSA 2015-102/CVE-2015-4507 (bmo#1192401) |
|
4345 Crash when using debugger with SavedStacks in JavaScript |
|
4346 * MFSA 2015-103/CVE-2015-4508 (bmo#1195976) |
|
4347 URL spoofing in reader mode |
|
4348 * MFSA 2015-104/CVE-2015-4510 (bmo#1200004) |
|
4349 Use-after-free with shared workers and IndexedDB |
|
4350 * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) |
|
4351 Buffer overflow while decoding WebM video |
|
4352 * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) |
|
4353 Use-after-free while manipulating HTML media content |
|
4354 * MFSA 2015-107/CVE-2015-4512 (bmo#1170390) |
|
4355 Out-of-bounds read during 2D canvas display on Linux 16-bit |
|
4356 color depth systems |
|
4357 * MFSA 2015-108/CVE-2015-4502 (bmo#1105045) |
|
4358 Scripted proxies can access inner window |
|
4359 * MFSA 2015-109/CVE-2015-4516 (bmo#904886) |
|
4360 JavaScript immutable property enforcement can be bypassed |
|
4361 * MFSA 2015-110/CVE-2015-4519 (bmo#1189814) |
|
4362 Dragging and dropping images exposes final URL after redirects |
|
4363 * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) |
|
4364 Errors in the handling of CORS preflight request headers |
|
4365 * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ |
|
4366 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ |
|
4367 CVE-2015-7180 |
|
4368 Vulnerabilities found through code inspection |
|
4369 * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, |
|
4370 bmo#1190526) (Windows only) |
|
4371 Memory safety errors in libGLES in the ANGLE graphics library |
|
4372 * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) |
|
4373 Information disclosure via the High Resolution Time API |
|
4374 - rebased patches |
|
4375 - removed obsolete patches |
|
4376 * mozilla-arm64-libjpeg-turbo.patch |
|
4377 |
|
4378 ------------------------------------------------------------------ |
|
4379 Thu Aug 27 06:03:51 UTC 2015 - wr@rosenauer.org |
|
4380 |
|
4381 - update to Firefox 40.0.3 (bnc#943550) |
|
4382 * Disable the asynchronous plugin initialization (bmo#1198590) |
|
4383 * Fix a segmentation fault in the GStreamer support (bmo#1145230) |
|
4384 * Fix a regression with some Japanese fonts used in the <input> |
|
4385 field (bmo#1194055) |
|
4386 * On some sites, the selection in a select combox box using the |
|
4387 mouse could be broken (bmo#1194733) |
|
4388 security fixes |
|
4389 * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278) |
|
4390 Use-after-free when resizing canvas element during restyling |
|
4391 * MFSA 2015-95/CVE-2015-4498 (bmo#1042699) |
|
4392 Add-on notification bypass through data URLs |
|
4393 |
|
4394 ------------------------------------------------------------------- |
|
4395 Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org |
|
4396 |
|
4397 - update to Firefox 40.0 (bnc#940806) |
|
4398 * Added protection against unwanted software downloads |
|
4399 * Suggested Tiles show sites of interest, based on categories |
|
4400 from your recent browsing history |
|
4401 * Hello allows adding a link to conversations to provide context |
|
4402 on what the conversation will be about |
|
4403 * New style for add-on manager based on the in-content |
|
4404 preferences style |
|
4405 * Improved scrolling, graphics, and video playback performance |
|
4406 with off main thread compositing (GNU/Linux only) |
|
4407 * Graphic blocklist mechanism improved: Firefox version ranges |
|
4408 can be specified, limiting the number of devices blocked |
|
4409 security fixes: |
|
4410 * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 |
|
4411 Miscellaneous memory safety hazards |
|
4412 * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) |
|
4413 Out-of-bounds read with malformed MP3 file |
|
4414 * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) |
|
4415 Use-after-free in MediaStream playback |
|
4416 * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) |
|
4417 Redefinition of non-configurable JavaScript object properties |
|
4418 * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 |
|
4419 Overflow issues in libstagefright |
|
4420 * MFSA 2015-84/CVE-2015-4481 (bmo1171518) |
|
4421 Arbitrary file overwriting through Mozilla Maintenance Service |
|
4422 with hard links (only affected Windows) |
|
4423 * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) |
|
4424 Out-of-bounds write with Updater and malicious MAR file |
|
4425 (does not affect openSUSE RPM packages which do not ship the |
|
4426 updater) |
|
4427 * MFSA 2015-86/CVE-2015-4483 (bmo#1148732) |
|
4428 Feed protocol with POST bypasses mixed content protections |
|
4429 * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) |
|
4430 Crash when using shared memory in JavaScript |
|
4431 * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) |
|
4432 Heap overflow in gdk-pixbuf when scaling bitmap images |
|
4433 * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) |
|
4434 Buffer overflows on Libvpx when decoding WebM video |
|
4435 * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 |
|
4436 Vulnerabilities found through code inspection |
|
4437 * MFSA 2015-91/CVE-2015-4490 (bmo#1086999) |
|
4438 Mozilla Content Security Policy allows for asterisk wildcards |
|
4439 in violation of CSP specification |
|
4440 * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) |
|
4441 Use-after-free in XMLHttpRequest with shared workers |
|
4442 - added mozilla-no-stdcxx-check.patch |
|
4443 - removed obsolete patches |
|
4444 * mozilla-add-glibcxx_use_cxx11_abi.patch |
|
4445 * firefox-multilocale-chrome.patch |
|
4446 - rebased patches |
|
4447 - requires version 40 of the branding package |
|
4448 - removed browser/searchplugins/ location as it's not valid anymore |
|
4449 |
|
4450 ------------------------------------------------------------------- |
|
4451 Fri Aug 7 07:09:39 UTC 2015 - wr@rosenauer.org |
|
4452 |
|
4453 - security update to Firefox 39.0.3 (bnc#940918) |
|
4454 * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) |
|
4455 Same origin violation and local file stealing via PDF reader |
|
4456 |
|
4457 ------------------------------------------------------------------- |
|
4458 Wed Jul 1 06:43:02 UTC 2015 - wr@rosenauer.org |
|
4459 |
|
4460 - update to Firefox 39.0 (bnc#935979) |
|
4461 * Share Hello URLs with social networks |
|
4462 * Support for 'switch' role in ARIA 1.1 (web accessibility) |
|
4463 * SafeBrowsing malware detection lookups enabled for downloads |
|
4464 (Mac OS X and Linux) |
|
4465 * Support for new Unicode 8.0 skin tone emoji |
|
4466 * Removed support for insecure SSLv3 for network communications |
|
4467 * Disable use of RC4 except for temporarily whitelisted hosts |
|
4468 * NPAPI Plug-in performance improved via asynchronous initialization |
|
4469 security fixes: |
|
4470 * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726 |
|
4471 Miscellaneous memory safety hazards |
|
4472 * MFSA 2015-60/CVE-2015-2727 (bmo#1163422) |
|
4473 Local files or privileged URLs in pages can be opened into new tabs |
|
4474 * MFSA 2015-61/CVE-2015-2728 (bmo#1142210) |
|
4475 Type confusion in Indexed Database Manager |
|
4476 * MFSA 2015-62/CVE-2015-2729 (bmo#1122218) |
|
4477 Out-of-bound read while computing an oscillator rendering range in Web Audio |
|
4478 * MFSA 2015-63/CVE-2015-2731 (bmo#1149891) |
|
4479 Use-after-free in Content Policy due to microtask execution error |
|
4480 * MFSA 2015-64/CVE-2015-2730 (bmo#1125025) |
|
4481 ECDSA signature validation fails to handle some signatures correctly |
|
4482 (this fix is shipped by NSS 3.19.1 externally) |
|
4483 * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) |
|
4484 Use-after-free in workers while using XMLHttpRequest |
|
4485 * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 |
|
4486 CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 |
|
4487 Vulnerabilities found through code inspection |
|
4488 * MFSA 2015-67/CVE-2015-2741 (bmo#1147497) |
|
4489 Key pinning is ignored when overridable errors are encountered |
|
4490 * MFSA 2015-68/CVE-2015-2742 (bmo#1138669) |
|
4491 OS X crash reports may contain entered key press information |
|
4492 (not relevant under Linux) |
|
4493 * MFSA 2015-69/CVE-2015-2743 (bmo#1163109) |
|
4494 Privilege escalation in PDF.js |
|
4495 * MFSA 2015-70/CVE-2015-4000 (bmo#1138554) |
|
4496 NSS accepts export-length DHE keys with regular DHE cipher suites |
|
4497 (this fix is shipped by NSS 3.19.1 externally) |
|
4498 * MFSA 2015-71/CVE-2015-2721 (bmo#1086145) |
|
4499 NSS incorrectly permits skipping of ServerKeyExchange |
|
4500 (this fix is shipped by NSS 3.19.1 externally) |
|
4501 - dropped mozilla-prefer_plugin_pref.patch as this feature is |
|
4502 likely not worth maintaining further |
|
4503 - rebased patches |
|
4504 - require NSS 3.19.2 |
|
4505 |
|
4506 ------------------------------------------------------------------- |
|
4507 Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de |
|
4508 |
|
4509 - mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration |
|
4510 |
|
4511 ------------------------------------------------------------------- |
|
4512 Sun Jun 7 07:09:12 UTC 2015 - wr@rosenauer.org |
|
4513 |
|
4514 - update to Firefox 38.0.6 |
|
4515 * fixes bmo#1171730 which is not really relevant to oS builds |
|
4516 - fix KDE regression from 38.0.5 builds (bsc#933439) |
|
4517 |
|
4518 ------------------------------------------------------------------- |
|
4519 Sat May 23 21:13:49 UTC 2015 - wr@rosenauer.org |
|
4520 |
|
4521 - update to Firefox 38.0.5 |
|
4522 * Keep track of articles and videos with Pocket |
|
4523 * Clean formatting for articles and blog posts with Reader View |
|
4524 * Share the active tab or window in a Hello conversation |
|
4525 - add changes file as source for SRPM (bsc#932142) |
|
4526 |
|
4527 ------------------------------------------------------------------- |
|
4528 Fri May 15 10:40:19 UTC 2015 - normand@linux.vnet.ibm.com |
|
4529 |
|
4530 - add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from |
|
4531 https://bugzilla.mozilla.org/show_bug.cgi?id=1153109 |
|
4532 |
|
4533 ------------------------------------------------------------------- |
|
4534 Fri May 15 07:37:46 UTC 2015 - wr@rosenauer.org |
|
4535 |
|
4536 - update to Firefox 38.0.1 |
|
4537 stability and regression fixes |
|
4538 * Systems with first generation NVidia Optimus graphics cards |
|
4539 may crash on start-up |
|
4540 * Users who import cookies from Google Chrome can end up with |
|
4541 broken websites |
|
4542 * Large animated images may fail to play and may stop other |
|
4543 images from loading |
|
4544 |
|
4545 ------------------------------------------------------------------- |
|
4546 Sun May 10 07:07:49 UTC 2015 - wr@rosenauer.org |
|
4547 |
|
4548 - update to Firefox 38.0 (bnc#930622) |
|
4549 * New tab-based preferences |
|
4550 * Ruby annotation support |
|
4551 * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/ |
|
4552 security fixes: |
|
4553 * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 |
|
4554 Miscellaneous memory safety hazards |
|
4555 * MFSA 2015-47/VE-2015-0797 (bmo#1080995) |
|
4556 Buffer overflow parsing H.264 video with Linux Gstreamer |
|
4557 * MFSA 2015-48/CVE-2015-2710 (bmo#1149542) |
|
4558 Buffer overflow with SVG content and CSS |
|
4559 * MFSA 2015-49/CVE-2015-2711 (bmo#1113431) |
|
4560 Referrer policy ignored when links opened by middle-click and |
|
4561 context menu |
|
4562 * MFSA 2015-50/CVE-2015-2712 (bmo#1152280) |
|
4563 Out-of-bounds read and write in asm.js validation |
|
4564 * MFSA 2015-51/CVE-2015-2713 (bmo#1153478) |
|
4565 Use-after-free during text processing with vertical text enabled |
|
4566 * MFSA 2015-53/CVE-2015-2715 (bmo#988698) |
|
4567 Use-after-free due to Media Decoder Thread creation during shutdown |
|
4568 * MFSA 2015-54/CVE-2015-2716 (bmo#1140537) |
|
4569 Buffer overflow when parsing compressed XML |
|
4570 * MFSA 2015-55/CVE-2015-2717 (bmo#1154683) |
|
4571 Buffer overflow and out-of-bounds read while parsing MP4 video |
|
4572 metadata |
|
4573 * MFSA 2015-56/CVE-2015-2718 (bmo#1146724) |
|
4574 Untrusted site hosting trusted page can intercept webchannel |
|
4575 responses |
|
4576 * MFSA 2015-57/CVE-2011-3079 (bmo#1087565) |
|
4577 Privilege escalation through IPC channel messages |
|
4578 - requires NSS 3.18.1 |
|
4579 - removed obsolete patches: |
|
4580 * mozilla-skia-bmo1136958.patch |
|
4581 - remove gnomevfs build options as it is removed from sources |
|
4582 - rebased patches |
|
4583 |
|
4584 ------------------------------------------------------------------- |
|
4585 Fri Apr 17 16:39:20 UTC 2015 - wr@rosenauer.org |
|
4586 |
|
4587 - update to Firefox 37.0.2 (bnc#928116) |
|
4588 * MFSA 2015-45/CVE-2015-2706 (bmo#1141081) |
|
4589 Memory corruption during failed plugin initialization |
|
4590 |
|
4591 ------------------------------------------------------------------- |
|
4592 Fri Apr 3 08:27:24 UTC 2015 - wr@rosenauer.org |
|
4593 |
|
4594 - update to Firefox 37.0.1 (bnc#926166) |
|
4595 * MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only) |
|
4596 Loading privileged content through Reader mode |
|
4597 * MFSA 2015-44/CVE-2015-0799 (bmo#1148328) |
|
4598 Certificate verification bypass through the HTTP/2 Alt-Svc header |
|
4599 |
|
4600 ------------------------------------------------------------------- |
|
4601 Sat Mar 28 09:46:48 UTC 2015 - wr@rosenauer.org |
|
4602 |
|
4603 - update to Firefox 37.0 (bnc#925368) |
|
4604 * Heartbeat user rating system |
|
4605 * Yandex set as default search provider for the Turkish locale |
|
4606 * Bing search now uses HTTPS for secure searching |
|
4607 * Improved protection against site impersonation via OneCRL |
|
4608 centralized certificate revocation |
|
4609 * Opportunistically encrypt HTTP traffic where the server supports |
|
4610 HTTP/2 AltSvc |
|
4611 * some more behaviour changes for TLS |
|
4612 security fixes: |
|
4613 * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 |
|
4614 Miscellaneous memory safety hazards |
|
4615 * MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) |
|
4616 Use-after-free when using the Fluendo MP3 GStreamer plugin |
|
4617 * MFSA 2015-32/CVE-2015-0812 (bmo#1128126) |
|
4618 Add-on lightweight theme installation approval bypassed through |
|
4619 MITM attack |
|
4620 * MFSA 2015-33/CVE-2015-0816 (bmo#1144991) |
|
4621 resource:// documents can load privileged pages |
|
4622 * MFSA-2015-34/CVE-2015-0811 (bmo#1132468) |
|
4623 Out of bounds read in QCMS library |
|
4624 * MFSA-2015-35/CVE-2015-0810 (bmo#1125013) |
|
4625 Cursor clickjacking with flash and images (OS X only) |
|
4626 * MFSA-2015-36/CVE-2015-0808 (bmo#1109552) |
|
4627 Incorrect memory management for simple-type arrays in WebRTC |
|
4628 * MFSA-2015-37/CVE-2015-0807 (bmo#1111834) |
|
4629 CORS requests should not follow 30x redirections after preflight |
|
4630 * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437) |
|
4631 Memory corruption crashes in Off Main Thread Compositing |
|
4632 * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560) |
|
4633 Use-after-free due to type confusion flaws |
|
4634 * MFSA-2015-40/CVE-2015-0801 (bmo#1146339) |
|
4635 Same-origin bypass through anchor navigation |
|
4636 * MFSA-2015-41/CVE-2015-0800/CVE-2012-2808 |
|
4637 PRNG weakness allows for DNS poisoning on Android (only) |
|
4638 * MFSA-2015-42/CVE-2015-0802 (bmo#1124898) |
|
4639 Windows can retain access to privileged content on navigation |
|
4640 to unprivileged pages |
|
4641 - removed obsolete patches |
|
4642 * mozilla-bmo1088588.patch |
|
4643 * mozilla-bmo1108834.patch |
|
4644 - requires NSPR 4.10.8 |
|
4645 |
|
4646 ------------------------------------------------------------------- |
|
4647 Tue Mar 24 15:35:24 UTC 2015 - dvaleev@suse.com |
|
4648 |
|
4649 - Fix builds with skia on Power |
|
4650 mozilla-skia-be-le.patch (patch from #bmo1136958) |
|
4651 mozilla-bmo1108834.patch |
|
4652 mozilla-bmo1005535.patch |
|
4653 |
|
4654 ------------------------------------------------------------------- |
|
4655 Sat Mar 21 09:03:12 UTC 2015 - wr@rosenauer.org |
|
4656 |
|
4657 - update to Firefox 36.0.4 (bnc#923534) |
|
4658 * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) |
|
4659 Privilege escalation through SVG navigation |
|
4660 * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) |
|
4661 Code execution through incorrect JavaScript bounds checking |
|
4662 elimination |
|
4663 |
|
4664 ------------------------------------------------------------------- |
|
4665 Fri Mar 20 15:02:33 UTC 2015 - dimstar@opensuse.org |
|
4666 |
|
4667 - Copy the icons to /usr/share/icons instead of symlinking them: |
|
4668 in preparation for containerized apps (e.g. xdg-app) as well as |
|
4669 AppStream metadata extraction, there are a couple locations that |
|
4670 need to be real files for system integration (.desktop files, |
|
4671 icons, mime-type info). |
|
4672 |
|
4673 ------------------------------------------------------------------- |
|
4674 Sat Mar 7 07:40:56 UTC 2015 - wr@rosenauer.org |
|
4675 |
|
4676 - update to Firefox 36.0.1 |
|
4677 Bugfixes: |
|
4678 * Disable the usage of the ANY DNS query type (bmo#1093983) |
|
4679 * Hello may become inactive until restart (bmo#1137469) |
|
4680 * Print preferences may not be preserved (bmo#1136855) |
|
4681 * Hello contact tabs may not be visible (bmo#1137141) |
|
4682 * Accept hostnames that include an underscore character ("_") |
|
4683 (bmo#1136616) |
|
4684 * WebGL may use significant memory with Canvas2d (bmo#1137251) |
|
4685 * Option -remote has been restored (bmo#1080319) |
|
4686 - added mozilla-skia-bmo1136958.patch to fix build issues for |
|
4687 ARM and PPC |
|
4688 |
|
4689 ------------------------------------------------------------------- |
|
4690 Fri Feb 20 22:53:39 UTC 2015 - wr@rosenauer.org |
|
4691 |
|
4692 - update to Firefox 36.0 (bnc#917597) |
|
4693 * mozilla-xremote-client was removed |
|
4694 * added libclearkey.so media plugin |
|
4695 * Pinned tiles on the new tab page can be synced |
|
4696 * Support for the full HTTP/2 protocol. HTTP/2 enables a faster, |
|
4697 more scalable, and more responsive web. |
|
4698 * Locale added: Uzbek (uz) |
|
4699 security fixes: |
|
4700 * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 |
|
4701 Miscellaneous memory safety hazards |
|
4702 * MFSA 2015-12/CVE-2015-0833 (bmo#945192) |
|
4703 Invoking Mozilla updater will load locally stored DLL files |
|
4704 (Windows only) |
|
4705 * MFSA 2015-13/CVE-2015-0832 (bmo#1065909) |
|
4706 Appended period to hostnames can bypass HPKP and HSTS protections |
|
4707 * MFSA 2015-14/CVE-2015-0830 (bmo#1110488) |
|
4708 Malicious WebGL content crash when writing strings |
|
4709 * MFSA 2015-15/CVE-2015-0834 (bmo#1098314) |
|
4710 TLS TURN and STUN connections silently fail to simple TCP connections |
|
4711 * MFSA 2015-16/CVE-2015-0831 (bmo#1130514) |
|
4712 Use-after-free in IndexedDB |
|
4713 * MFSA 2015-17/CVE-2015-0829 (bmo#1128939) |
|
4714 Buffer overflow in libstagefright during MP4 video playback |
|
4715 * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) |
|
4716 Double-free when using non-default memory allocators with a |
|
4717 zero-length XHR |
|
4718 * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) |
|
4719 Out-of-bounds read and write while rendering SVG content |
|
4720 * MFSA 2015-20/CVE-2015-0826 (bmo#1092363) |
|
4721 Buffer overflow during CSS restyling |
|
4722 * MFSA 2015-21/CVE-2015-0825 (bmo#1092370) |
|
4723 Buffer underflow during MP3 playback |
|
4724 * MFSA 2015-22/CVE-2015-0824 (bmo#1095925) |
|
4725 Crash using DrawTarget in Cairo graphics library |
|
4726 * MFSA 2015-23/CVE-2015-0823 (bmo#1098497) |
|
4727 Use-after-free in Developer Console date with OpenType Sanitiser |
|
4728 * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) |
|
4729 Reading of local files through manipulation of form autocomplete |
|
4730 * MFSA 2015-25/CVE-2015-0821 (bmo#1111960) |
|
4731 Local files or privileged URLs in pages can be opened into new tabs |
|
4732 * MFSA 2015-26/CVE-2015-0819 (bmo#1079554) |
|
4733 UI Tour whitelisted sites in background tab can spoof foreground |
|
4734 tabs |
|
4735 * MFSA 2015-27CVE-2015-0820 (bmo#1125398) |
|
4736 Caja Compiler JavaScript sandbox bypass |
|
4737 - rebased patches |
|
4738 - requires NSS 3.17.4 |
|
4739 |
|
4740 ------------------------------------------------------------------- |
|
4741 Sat Jan 31 18:37:38 UTC 2015 - wr@rosenauer.org |
|
4742 |
|
4743 - update to Firefox 35.0.1 |
|
4744 * With the Enhanced Steam extension, Firefox could crash (bmo#1123732) |
|
4745 * Kerberos authentication did not work with alias (bmo#1108971) |
|
4746 * SVG / CSS animation had a regression causing rendering issues on |
|
4747 websites like openstreemap.org (bmo#1083079) |
|
4748 * On Godaddy webmail, Firefox could crash (bmo#1113121) |
|
4749 * document.baseURI did not get updated to document.location after |
|
4750 base tag was removed from DOM for site with a CSP (bmo#1121857) |
|
4751 * With a Right-to-left (RTL) version of Firefox, the text selection |
|
4752 could be broken (bmo#1104036) |
|
4753 * CSP had a change in behavior with regard to case sensitivity |
|
4754 resources loading (bmo#1122445) |
|
4755 |
|
4756 ------------------------------------------------------------------- |
|
4757 Sat Jan 10 18:36:37 UTC 2015 - wr@rosenauer.org |
|
4758 |
|
4759 - update to Firefox 35.0 (bnc#910669) |
|
4760 notable features: |
|
4761 * Firefox Hello with new rooms-based conversations model |
|
4762 * Implemented HTTP Public Key Pinning Extension (for enhanced |
|
4763 authentication of encrypted connections) |
|
4764 security fixes: |
|
4765 * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 |
|
4766 Miscellaneous memory safety hazards |
|
4767 * MFSA 2015-02/CVE-2014-8637 (bmo#1094536) |
|
4768 Uninitialized memory use during bitmap rendering |
|
4769 * MFSA 2015-03/CVE-2014-8638 (bmo#1080987) |
|
4770 sendBeacon requests lack an Origin header |
|
4771 * MFSA 2015-04/CVE-2014-8639 (bmo#1095859) |
|
4772 Cookie injection through Proxy Authenticate responses |
|
4773 * MFSA 2015-05/CVE-2014-8640 (bmo#1100409) |
|
4774 Read of uninitialized memory in Web Audio |
|
4775 * MFSA 2015-06/CVE-2014-8641 (bmo#1108455) |
|
4776 Read-after-free in WebRTC |
|
4777 * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) |
|
4778 Gecko Media Plugin sandbox escape |
|
4779 * MFSA 2015-08/CVE-2014-8642 (bmo#1079658) |
|
4780 Delegated OCSP responder certificates failure with |
|
4781 id-pkix-ocsp-nocheck extension |
|
4782 * MFSA 2015-09/CVE-2014-8636 (bmo#987794) |
|
4783 XrayWrapper bypass through DOM objects |
|
4784 - rebased patches |
|
4785 - dropped explicit support for everything older than 12.3 |
|
4786 (including SLES11) |
|
4787 * merge firefox-kde.patch and firefox-kde-114.patch |
|
4788 * dropped mozilla-sle11.patch |
|
4789 - reworked specfile to build conditionally based on release channel |
|
4790 either Firefox or Firefox Developer Edition |
|
4791 - added mozilla-openaes-decl.patch to fix implicit declarations |
|
4792 - obsolete tracker-miner-firefox < 0.15 because it leads to startup |
|
4793 crashes (bnc#908892) |
|
4794 |
|
4795 ------------------------------------------------------------------- |
|
4796 Sat Dec 13 22:13:00 UTC 2014 - Led <ledest@gmail.com> |
|
4797 |
|
4798 - fix bashism in mozilla.sh script |
|
4799 |
|
4800 ------------------------------------------------------------------- |
|
4801 Sat Nov 29 21:23:03 UTC 2014 - wr@rosenauer.org |
|
4802 |
|
4803 - update to Firefox 34.0.5 (bnc#908009) |
|
4804 * Default search engine changed to Yahoo! for North America |
|
4805 * Default search engine changed to Yandex for Belarusian, Kazakh, |
|
4806 and Russian locales |
|
4807 * Improved search bar (en-US only) |
|
4808 * Firefox Hello real-time communication client |
|
4809 * Easily switch themes/personas directly in the Customizing mode |
|
4810 * Implementation of HTTP/2 (draft14) and ALPN |
|
4811 * Disabled SSLv3 |
|
4812 * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588 |
|
4813 Miscellaneous memory safety hazards |
|
4814 * MFSA 2014-84/CVE-2014-1589 (bmo#1043787) |
|
4815 XBL bindings accessible via improper CSS declarations |
|
4816 * MFSA 2014-85/CVE-2014-1590 (bmo#1087633) |
|
4817 XMLHttpRequest crashes with some input streams |
|
4818 * MFSA 2014-86/CVE-2014-1591 (bmo#1069762) |
|
4819 CSP leaks redirect data via violation reports |
|
4820 * MFSA 2014-87/CVE-2014-1592 (bmo#1088635) |
|
4821 Use-after-free during HTML5 parsing |
|
4822 * MFSA 2014-88/CVE-2014-1593 (bmo#1085175) |
|
4823 Buffer overflow while parsing media content |
|
4824 * MFSA 2014-89/CVE-2014-1594 (bmo#1074280) |
|
4825 Bad casting from the BasicThebesLayer to BasicContainerLayer |
|
4826 - rebased patches |
|
4827 - limit linker memory usage for %ix86 |
|
4828 - rebased patches |
|
4829 |
|
4830 ------------------------------------------------------------------- |
|
4831 Fri Nov 7 20:14:32 UTC 2014 - wr@rosenauer.org |
|
4832 |
|
4833 - update to Firefox 33.1 |
|
4834 * Adding DuckDuckGo as a search option (upstream) |
|
4835 * Forget Button added |
|
4836 * Enhanced Tiles |
|
4837 * Privacy tour introduced |
|
4838 - fix typo in GStreamer Recommends |
|
4839 |
|
4840 ------------------------------------------------------------------- |
|
4841 Tue Nov 4 18:00:35 UTC 2014 - guillaume@opensuse.org |
|
4842 |
|
4843 - Disable elf-hack for aarch64 |
|
4844 - Enable EGL for aarch64 |
|
4845 - Limit RAM usage during link for %arm |
|
4846 - Fix _constraints for ARM |
|
4847 |
|
4848 ------------------------------------------------------------------- |
|
4849 Mon Nov 3 11:36:04 UTC 2014 - dmueller@suse.com |
|
4850 |
|
4851 - use proper macros for ARM |
|
4852 |
|
4853 ------------------------------------------------------------------- |
|
4854 Mon Nov 3 11:26:23 UTC 2014 - josua.mayer97@gmail.com |
|
4855 |
|
4856 - use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too |
|
4857 to fix compiling. |
|
4858 - pass '-Wl,--no-keep-memory' to linker to reduce required memory during |
|
4859 linking on arm. |
|
4860 |
|
4861 ------------------------------------------------------------------- |
|
4862 Thu Oct 30 11:31:05 UTC 2014 - wr@rosenauer.org |
|
4863 |
|
4864 - update to Firefox 33.0.2 |
|
4865 * Fix a startup crash with some combination of hardware and drivers |
|
4866 33.0.1 |
|
4867 * Firefox displays a black screen at start-up with certain |
|
4868 graphics drivers |
|
4869 - adjusted _constraints for ARM |
|
4870 |
|
4871 ------------------------------------------------------------------- |
|
4872 Tue Oct 28 15:23:09 UTC 2014 - josua.mayer97@gmail.com |
|
4873 |
|
4874 - added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588) |
|
4875 |
|
4876 ------------------------------------------------------------------- |
|
4877 Sat Oct 25 08:45:43 UTC 2014 - wr@rosenauer.org |
|
4878 |
|
4879 - define /usr/share/myspell as additional dictionary location |
|
4880 and remove add-plugins.sh finally (bnc#900639) |
|
4881 |
|
4882 ------------------------------------------------------------------- |
|
4883 Sun Oct 19 12:59:28 UTC 2014 - vindex17@outlook.it |
|
4884 |
|
4885 - use Firefox default optimization flags instead of -Os |
|
4886 - specfile cleanup |
|
4887 |
|
4888 ------------------------------------------------------------------- |
|
4889 Wed Oct 15 08:05:33 UTC 2014 - wr@rosenauer.org |
|
4890 |
|
4891 - fix build for all ppc by not enabling elf-hack |
|
4892 (bnc#901213) |
|
4893 |
|
4894 ------------------------------------------------------------------- |
|
4895 Sat Oct 11 08:48:24 UTC 2014 - wr@rosenauer.org |
|
4896 |
|
4897 - update to Firefox 33.0 (bnc#900941) |
|
4898 New features: |
|
4899 * OpenH264 support (sandboxed) |
|
4900 * Enhanced Tiles |
|
4901 * Improved search experience through the location bar |
|
4902 * Slimmer and faster JavaScript strings |
|
4903 * New CSP (Content Security Policy) backend |
|
4904 * Support for connecting to HTTP proxy over HTTPS |
|
4905 * Improved reliability of the session restoration |
|
4906 * Proprietary window.crypto properties/functions removed |
|
4907 Security: |
|
4908 * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 |
|
4909 Miscellaneous memory safety hazards |
|
4910 * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) |
|
4911 Buffer overflow during CSS manipulation |
|
4912 * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) |
|
4913 Web Audio memory corruption issues with custom waveforms |
|
4914 * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) |
|
4915 Out-of-bounds write with WebM video |
|
4916 * MFSA 2014-78/CVE-2014-1580 (bmo#1063733) |
|
4917 Further uninitialized memory use during GIF rendering |
|
4918 * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) |
|
4919 Use-after-free interacting with text directionality |
|
4920 * MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) |
|
4921 Key pinning bypasses |
|
4922 * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) |
|
4923 Inconsistent video sharing within iframe |
|
4924 * MFSA 2014-82/CVE-2014-1583 (bmo#1015540) |
|
4925 Accessing cross-origin objects via the Alarms API |
|
4926 (only relevant for installed web apps) |
|
4927 - requires NSPR 4.10.7 |
|
4928 - requires NSS 3.17.1 |
|
4929 - removed obsolete patches: |
|
4930 * mozilla-ppc.patch |
|
4931 * mozilla-libproxy-compat.patch |
|
4932 - added basic appdata information |
|
4933 |
|
4934 ------------------------------------------------------------------- |
|
4935 Sat Sep 20 13:33:51 UTC 2014 - wr@rosenauer.org |
|
4936 |
|
4937 - update to Firefox 32.0.2 |
|
4938 * just a version bump for our builds |
|
4939 * fixed the in application update process for certain environments |
|
4940 (in application update is not enabled in openSUSE and Linux |
|
4941 is unaffected in any case) |
|
4942 - build with --disable-optimize for 13.1 and above for i586 to |
|
4943 workaround miscompilations (bnc#896624) |
|
4944 - use some more build flags to align with upstream |
|
4945 |
|
4946 ------------------------------------------------------------------- |
|
4947 Sat Sep 13 16:58:16 UTC 2014 - wr@rosenauer.org |
|
4948 |
|
4949 - update to Firefox 32.0.1 |
|
4950 * fixed stability issues for computers with multiple graphics cards |
|
4951 * mixed content icon may be incorrectly displayed instead of lock |
|
4952 icon for SSL sites in 32.0 ( |
|
4953 * WebRTC: setRemoteDescription() silently fails if no success |
|
4954 callback is specified (bmo#1063971) |
|
4955 |
|
4956 ------------------------------------------------------------------- |
|
4957 Sun Aug 31 07:44:54 UTC 2014 - wr@rosenauer.org |
|
4958 |
|
4959 - update to Firefox 32.0 (bnc#894370) |
|
4960 * MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562 |
|
4961 Miscellaneous memory safety hazards |
|
4962 * MFSA 2014-68/CVE-2014-1563 (bmo#1018524) |
|
4963 Use-after-free during DOM interactions with SVG |
|
4964 * MFSA 2014-69/CVE-2014-1564 (bmo#1045977) |
|
4965 Uninitialized memory use during GIF rendering |
|
4966 * MFSA 2014-70/CVE-2014-1565 (bmo#1047831) |
|
4967 Out-of-bounds read in Web Audio audio timeline |
|
4968 * MFSA 2014-72/CVE-2014-1567 (bmo#1037641) |
|
4969 Use-after-free setting text directionality |
|
4970 - rebased patches |
|
4971 - requires NSS 3.16.4 |
|
4972 - removed upstreamed patch |
|
4973 * mozilla-aarch64-bmo-810631.patch |
|
4974 |
|
4975 ------------------------------------------------------------------- |
|
4976 Wed Aug 20 13:50:58 CEST 2014 - behlert@suse.de |
|
4977 |
|
4978 - adapted _constraints, used more than 3900MB on s390x during |
|
4979 last build |
|
4980 |
|
4981 ------------------------------------------------------------------- |
|
4982 Sun Jul 20 18:11:44 UTC 2014 - wr@rosenauer.org |
|
4983 |
|
4984 - update to Firefox 31.0 (bnc#887746) |
|
4985 * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 |
|
4986 Miscellaneous memory safety hazards |
|
4987 * MFSA 2014-57/CVE-2014-1549 (bmo#1020205) |
|
4988 Buffer overflow during Web Audio buffering for playback |
|
4989 * MFSA 2014-58/CVE-2014-1550 (bmo#1020411) |
|
4990 Use-after-free in Web Audio due to incorrect control message ordering |
|
4991 * MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375) |
|
4992 Toolbar dialog customization event spoofing |
|
4993 * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) |
|
4994 Use-after-free with FireOnStateChange event |
|
4995 * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) |
|
4996 Exploitable WebGL crash with Cesium JavaScript library |
|
4997 * MFSA 2014-63/CVE-2014-1544 (bmo#963150) |
|
4998 Use-after-free while when manipulating certificates in the trusted cache |
|
4999 (solved with NSS 3.16.2 requirement) |
|
5000 * MFSA 2014-64/CVE-2014-1557 (bmo#913805) |
|
5001 Crash in Skia library when scaling high quality images |
|
5002 * MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560 |
|
5003 (bmo#1015973, bmo#1026022, bmo#997795) |
|
5004 Certificate parsing broken by non-standard character encoding |
|
5005 * MFSA 2014-66/CVE-2014-1552 (bmo#985135) |
|
5006 IFRAME sandbox same-origin access through redirect |
|
5007 - use EGL on ARM |
|
5008 - rebased patches |
|
5009 - requires NSS 3.16.2 |
|
5010 - requires python-devel (not only python) |
|
5011 |
|
5012 ------------------------------------------------------------------- |
|
5013 Mon Jun 9 08:28:17 UTC 2014 - wr@rosenauer.org |
|
5014 |
|
5015 - update to Firefox 30.0 (bnc#881874) |
|
5016 * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 |
|
5017 (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874, |
|
5018 bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981, |
|
5019 bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817, |
|
5020 bmo#996536, bmo#996715, bmo#999651, bmo#1000598, |
|
5021 bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223, |
|
5022 bmo#1009952, bmo#1011007) |
|
5023 Miscellaneous memory safety hazards (rv:30.0) |
|
5024 * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 |
|
5025 (bmo#989994, bmo#999274, bmo#1005584) |
|
5026 Use-after-free and out of bounds issues found using Address |
|
5027 Sanitizer |
|
5028 * MFSA 2014-50/CVE-2014-1539 (bmo#995603) |
|
5029 Clickjacking through cursor invisability after Flash interaction |
|
5030 * MFSA 2014-51/CVE-2014-1540 (bmo#978862) |
|
5031 Use-after-free in Event Listener Manager |
|
5032 * MFSA 2014-52/CVE-2014-1541 (bmo#1000185) |
|
5033 Use-after-free with SMIL Animation Controller |
|
5034 * MFSA 2014-53/CVE-2014-1542 (bmo#991533) |
|
5035 Buffer overflow in Web Audio Speex resampler |
|
5036 * MFSA 2014-54/CVE-2014-1543 (bmo#1011859) |
|
5037 Buffer overflow in Gamepad API |
|
5038 * MFSA 2014-55/CVE-2014-1545 (bmo#1018783) |
|
5039 Out of bounds write in NSPR |
|
5040 - rebased patches |
|
5041 - removed obsolete patches |
|
5042 * firefox-browser-css.patch |
|
5043 * mozilla-aarch64-bmo-962488.patch |
|
5044 * mozilla-aarch64-bmo-963023.patch |
|
5045 * mozilla-aarch64-bmo-963024.patch |
|
5046 * mozilla-aarch64-bmo-963027.patch |
|
5047 * mozilla-ppc64-xpcom.patch |
|
5048 * mozilla-ppc64le-javascript.patch |
|
5049 * mozilla-ppc64le-libffi.patch |
|
5050 * mozilla-ppc64le-mfbt.patch |
|
5051 * mozilla-ppc64le-webrtc.patch |
|
5052 * mozilla-ppc64le-xpcom.patch |
|
5053 * mozilla-ppc64le-build.patch |
|
5054 - requires NSPR 4.10.6 |
|
5055 - enabled GStreamer 1.0 usage for 13.2 and above |
|
5056 |
|
5057 ------------------------------------------------------------------- |
|
5058 Sat May 10 06:09:37 UTC 2014 - wr@rosenauer.org |
|
5059 |
|
5060 - update to Firefox 29.0.1 |
|
5061 * Seer disabled by default (bmo#1005958) |
|
5062 * Session Restore failed with a corrupted sessionstore.js file |
|
5063 (bmo#1001167) |
|
5064 * pdf.js printing white page (bmo#1003707, bnc#876833) |
|
5065 - general.useragent.locale gets overwritten with en-US while it |
|
5066 should be using the active langpack's setting |
|
5067 |
|
5068 ------------------------------------------------------------------- |
|
5069 Sat Apr 26 12:18:07 UTC 2014 - wr@rosenauer.org |
|
5070 |
|
5071 - update to Firefox 29.0 (bnc#875378) |
|
5072 * MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 |
|
5073 Miscellaneous memory safety hazards |
|
5074 * MFSA 2014-36/CVE-2014-1522 (bmo#995289) |
|
5075 Web Audio memory corruption issues |
|
5076 * MFSA 2014-37/CVE-2014-1523 (bmo#969226) |
|
5077 Out of bounds read while decoding JPG images |
|
5078 * MFSA 2014-38/CVE-2014-1524 (bmo#989183) |
|
5079 Buffer overflow when using non-XBL object as XBL |
|
5080 * MFSA 2014-39/CVE-2014-1525 (bmo#989210) |
|
5081 Use-after-free in the Text Track Manager for HTML video |
|
5082 * MFSA 2014-41/CVE-2014-1528 (bmo#963962) |
|
5083 Out-of-bounds write in Cairo |
|
5084 * MFSA 2014-42/CVE-2014-1529 (bmo#987003) |
|
5085 Privilege escalation through Web Notification API |
|
5086 * MFSA 2014-43/CVE-2014-1530 (bmo#895557) |
|
5087 Cross-site scripting (XSS) using history navigations |
|
5088 * MFSA 2014-44/CVE-2014-1531 (bmo#987140) |
|
5089 Use-after-free in imgLoader while resizing images |
|
5090 * MFSA 2014-45/CVE-2014-1492 (bmo#903885) |
|
5091 Incorrect IDNA domain name matching for wildcard certificates |
|
5092 (fixed by NSS 3.16) |
|
5093 * MFSA 2014-46/CVE-2014-1532 (bmo#966006) |
|
5094 Use-after-free in nsHostResolver |
|
5095 * MFSA 2014-47/CVE-2014-1526 (bmo#988106) |
|
5096 Debugger can bypass XrayWrappers with JavaScript |
|
5097 - rebased patches |
|
5098 - removed obsolete patches |
|
5099 * firefox-browser-css.patch |
|
5100 * mozilla-aarch64-599882cfb998.diff |
|
5101 * mozilla-aarch64-bmo-963028.patch |
|
5102 * mozilla-aarch64-bmo-963029.patch |
|
5103 * mozilla-aarch64-bmo-963030.patch |
|
5104 * mozilla-aarch64-bmo-963031.patch |
|
5105 - requires NSS 3.16 |
|
5106 - added mozilla-icu-strncat.patch to fix post build checks |
|
5107 |
|
5108 ------------------------------------------------------------------- |
|
5109 Mon Apr 7 15:34:31 UTC 2014 - dmueller@suse.com |
|
5110 |
|
5111 - add mozilla-aarch64-599882cfb998.patch, |
|
5112 mozilla-aarch64-bmo-810631.patch, |
|
5113 mozilla-aarch64-bmo-962488.patch, |
|
5114 mozilla-aarch64-bmo-963030.patch, |
|
5115 mozilla-aarch64-bmo-963027.patch, |
|
5116 mozilla-aarch64-bmo-963028.patch, |
|
5117 mozilla-aarch64-bmo-963029.patch, |
|
5118 mozilla-aarch64-bmo-963023.patch, |
|
5119 mozilla-aarch64-bmo-963024.patch, |
|
5120 mozilla-aarch64-bmo-963031.patch: AArch64 porting |
|
5121 |
|
5122 ------------------------------------------------------------------- |
|
5123 Mon Mar 24 16:18:44 UTC 2014 - dvaleev@suse.com |
|
5124 |
|
5125 - Add patch for bmo#973977 |
|
5126 * mozilla-ppc64-xpcom.patch |
|
5127 |
|
5128 ------------------------------------------------------------------- |
|
5129 Mon Mar 24 14:29:12 UTC 2014 - dvaleev@suse.com |
|
5130 |
|
5131 - Refresh mozilla-ppc64le-xpcom.patch patch |
|
5132 |
|
5133 ------------------------------------------------------------------- |
|
5134 Fri Mar 21 19:01:42 UTC 2014 - dvaleev@suse.com |
|
5135 |
|
5136 - Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system |
|
5137 |
|
5138 ------------------------------------------------------------------- |
|
5139 Sun Mar 16 13:39:15 UTC 2014 - wr@rosenauer.org |
|
5140 |
|
5141 - update to Firefox 28.0 (bnc#868603) |
|
5142 * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 |
|
5143 Miscellaneous memory safety hazards |
|
5144 * MFSA 2014-17/CVE-2014-1497 (bmo#966311) |
|
5145 Out of bounds read during WAV file decoding |
|
5146 * MFSA 2014-18/CVE-2014-1498 (bmo#935618) |
|
5147 crypto.generateCRMFRequest does not validate type of key |
|
5148 * MFSA 2014-19/CVE-2014-1499 (bmo#961512) |
|
5149 Spoofing attack on WebRTC permission prompt |
|
5150 * MFSA 2014-20/CVE-2014-1500 (bmo#956524) |
|
5151 onbeforeunload and Javascript navigation DOS |
|
5152 * MFSA 2014-22/CVE-2014-1502 (bmo#972622) |
|
5153 WebGL content injection from one domain to rendering in another |
|
5154 * MFSA 2014-23/CVE-2014-1504 (bmo#911547) |
|
5155 Content Security Policy for data: documents not preserved by |
|
5156 session restore |
|
5157 * MFSA 2014-26/CVE-2014-1508 (bmo#963198) |
|
5158 Information disclosure through polygon rendering in MathML |
|
5159 * MFSA 2014-27/CVE-2014-1509 (bmo#966021) |
|
5160 Memory corruption in Cairo during PDF font rendering |
|
5161 * MFSA 2014-28/CVE-2014-1505 (bmo#941887) |
|
5162 SVG filters information disclosure through feDisplacementMap |
|
5163 * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) |
|
5164 Privilege escalation using WebIDL-implemented APIs |
|
5165 * MFSA 2014-30/CVE-2014-1512 (bmo#982957) |
|
5166 Use-after-free in TypeObject |
|
5167 * MFSA 2014-31/CVE-2014-1513 (bmo#982974) |
|
5168 Out-of-bounds read/write through neutering ArrayBuffer objects |
|
5169 * MFSA 2014-32/CVE-2014-1514 (bmo#983344) |
|
5170 Out-of-bounds write through TypedArrayObject after neutering |
|
5171 - requires NSPR 4.10.3 and NSS 3.15.5 |
|
5172 - new build dependency (and recommends): |
|
5173 * libpulse |
|
5174 - update of PowerPC 64 patches (bmo#976648) (pcerny@suse.com) |
|
5175 - rebased patches |
|
5176 |
|
5177 ------------------------------------------------------------------- |
|
5178 Mon Feb 17 11:59:28 UTC 2014 - wr@rosenauer.org |
|
5179 |
|
5180 - update to Firefox 27.0.1 |
|
5181 * Fixed stability issues with Greasemonkey and other JS that used |
|
5182 ClearTimeoutOrInterval |
|
5183 * JS math correctness issue (bmo#941381) |
|
5184 - incorporate Google API key for geolocation (bnc#864170) |
|
5185 - updated list of "other" locales in RPM requirements |
|
5186 |
|
5187 ------------------------------------------------------------------- |
|
5188 Tue Jan 28 15:45:41 UTC 2014 - wr@rosenauer.org |
|
5189 |
|
5190 - update to Firefox 27.0 (bnc#861847) |
|
5191 * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 |
|
5192 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) |
|
5193 * MFSA 2014-02/CVE-2014-1479 (bmo#911864) |
|
5194 Clone protected content with XBL scopes |
|
5195 * MFSA 2014-03/CVE-2014-1480 (bmo#916726) |
|
5196 UI selection timeout missing on download prompts |
|
5197 * MFSA 2014-04/CVE-2014-1482 (bmo#943803) |
|
5198 Incorrect use of discarded images by RasterImage |
|
5199 * MFSA 2014-05/CVE-2014-1483 (bmo#950427) |
|
5200 Information disclosure with *FromPoint on iframes |
|
5201 * MFSA 2014-06/CVE-2014-1484 (bmo#953993) |
|
5202 Profile path leaks to Android system log |
|
5203 * MFSA 2014-07/CVE-2014-1485 (bmo#910139) |
|
5204 XSLT stylesheets treated as styles in Content Security Policy |
|
5205 * MFSA 2014-08/CVE-2014-1486 (bmo#942164) |
|
5206 Use-after-free with imgRequestProxy and image proccessing |
|
5207 * MFSA 2014-09/CVE-2014-1487 (bmo#947592) |
|
5208 Cross-origin information leak through web workers |
|
5209 * MFSA 2014-10/CVE-2014-1489 (bmo#959531) |
|
5210 Firefox default start page UI content invokable by script |
|
5211 * MFSA 2014-11/CVE-2014-1488 (bmo#950604) |
|
5212 Crash when using web workers with asm.js |
|
5213 * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 |
|
5214 (bmo#934545, bmo#930874, bmo#930857) |
|
5215 NSS ticket handling issues |
|
5216 * MFSA 2014-13/CVE-2014-1481(bmo#936056) |
|
5217 Inconsistent JavaScript handling of access to Window objects |
|
5218 - requires NSS 3.15.4 or higher |
|
5219 - rebased/reworked patches |
|
5220 - removed obsolete mozilla-bug929439.patch |
|
5221 |
|
5222 ------------------------------------------------------------------- |
|
5223 Thu Dec 12 21:19:54 UTC 2013 - uweigand@de.ibm.com |
|
5224 |
|
5225 - Add support for powerpc64le-linux. |
|
5226 * mozilla-ppc64le.patch: general support |
|
5227 * mozilla-libffi-ppc64le.patch: libffi backport |
|
5228 * mozilla-xpcom-ppc64le.patch: port xpcom |
|
5229 - Add build fix from mainline. |
|
5230 * mozilla-bug929439.patch |
|
5231 |
|
5232 ------------------------------------------------------------------- |
|
5233 Sun Dec 8 20:26:23 UTC 2013 - wr@rosenauer.org |
|
5234 |
|
5235 - update to Firefox 26.0 (bnc#854367, bnc#854370) |
|
5236 * rebased patches |
|
5237 * requires NSPR 4.10.2 and NSS 3.15.3.1 |
|
5238 * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 |
|
5239 Miscellaneous memory safety hazards |
|
5240 * MFSA 2013-105/CVE-2013-5611 (bmo#771294) |
|
5241 Application Installation doorhanger persists on navigation |
|
5242 * MFSA 2013-106/CVE-2013-5612 (bmo#871161) |
|
5243 Character encoding cross-origin XSS attack |
|
5244 * MFSA 2013-107/CVE-2013-5614 (bmo#886262) |
|
5245 Sandbox restrictions not applied to nested object elements |
|
5246 * MFSA 2013-108/CVE-2013-5616 (bmo#938341) |
|
5247 Use-after-free in event listeners |
|
5248 * MFSA 2013-109/CVE-2013-5618 (bmo#926361) |
|
5249 Use-after-free during Table Editing |
|
5250 * MFSA 2013-110/CVE-2013-5619 (bmo#917841) |
|
5251 Potential overflow in JavaScript binary search algorithms |
|
5252 * MFSA 2013-111/CVE-2013-6671 (bmo#930281) |
|
5253 Segmentation violation when replacing ordered list elements |
|
5254 * MFSA 2013-112/CVE-2013-6672 (bmo#894736) |
|
5255 Linux clipboard information disclosure though selection paste |
|
5256 * MFSA 2013-113/CVE-2013-6673 (bmo#970380) |
|
5257 Trust settings for built-in roots ignored during EV certificate |
|
5258 validation |
|
5259 * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) |
|
5260 Use-after-free in synthetic mouse movement |
|
5261 * MFSA 2013-115/CVE-2013-5615 (bmo#929261) |
|
5262 GetElementIC typed array stubs can be generated outside observed |
|
5263 typesets |
|
5264 * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) |
|
5265 JPEG information leak |
|
5266 * MFSA 2013-117 (bmo#946351) |
|
5267 Mis-issued ANSSI/DCSSI certificate |
|
5268 (fixed via NSS 3.15.3.1) |
|
5269 - removed gecko.js preference file as GStreamer is enabled by |
|
5270 default now |
|
5271 |
|
5272 ------------------------------------------------------------------- |
|
5273 Thu Oct 24 18:16:19 UTC 2013 - wr@rosenauer.org |
|
5274 |
|
5275 - update to Firefox 25.0 (bnc#847708) |
|
5276 * rebased patches |
|
5277 * requires NSS 3.15.2 or above |
|
5278 * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 |
|
5279 Miscellaneous memory safety hazards |
|
5280 * MFSA 2013-94/CVE-2013-5593 (bmo#868327) |
|
5281 Spoofing addressbar through SELECT element |
|
5282 * MFSA 2013-95/CVE-2013-5604 (bmo#914017) |
|
5283 Access violation with XSLT and uninitialized data |
|
5284 * MFSA 2013-96/CVE-2013-5595 (bmo#916580) |
|
5285 Improperly initialized memory and overflows in some JavaScript |
|
5286 functions |
|
5287 * MFSA 2013-97/CVE-2013-5596 (bmo#910881) |
|
5288 Writing to cycle collected object during image decoding |
|
5289 * MFSA 2013-98/CVE-2013-5597 (bmo#918864) |
|
5290 Use-after-free when updating offline cache |
|
5291 * MFSA 2013-99/CVE-2013-5598 (bmo#920515) |
|
5292 Security bypass of PDF.js checks using iframes |
|
5293 * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 |
|
5294 (bmo#915210, bmo#915576, bmo#916685) |
|
5295 Miscellaneous use-after-free issues found through ASAN fuzzing |
|
5296 * MFSA 2013-101/CVE-2013-5602 (bmo#897678) |
|
5297 Memory corruption in workers |
|
5298 * MFSA 2013-102/CVE-2013-5603 (bmo#916404) |
|
5299 Use-after-free in HTML document templates |
|
5300 |
|
5301 ------------------------------------------------------------------- |
|
5302 Tue Sep 24 07:31:30 UTC 2013 - wr@rosenauer.org |
|
5303 |
|
5304 - as GStreamer is not automatically required anymore but loaded |
|
5305 dynamically if available, require it explicitely |
|
5306 - recommend optional GStreamer plugins for comprehensive media |
|
5307 support |
|
5308 |
|
5309 ------------------------------------------------------------------- |
|
5310 Mon Sep 16 11:59:18 UTC 2013 - lnussel@suse.de |
|
5311 |
|
5312 - move greek to the translations-common package (bnc#840551) |
|
5313 |
|
5314 ------------------------------------------------------------------- |
|
5315 Sat Sep 14 14:39:58 UTC 2013 - wr@rosenauer.org |
|
5316 |
|
5317 - update to Firefox 24.0 (bnc#840485) |
|
5318 * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 |
|
5319 Miscellaneous memory safety hazards |
|
5320 * MFSA 2013-77/CVE-2013-1720 (bmo#888820) |
|
5321 Improper state in HTML5 Tree Builder with templates |
|
5322 * MFSA 2013-78/CVE-2013-1721 (bmo#890277) |
|
5323 Integer overflow in ANGLE library |
|
5324 * MFSA 2013-79/CVE-2013-1722 (bmo#893308) |
|
5325 Use-after-free in Animation Manager during stylesheet cloning |
|
5326 * MFSA 2013-80/CVE-2013-1723 (bmo#891292) |
|
5327 NativeKey continues handling key messages after widget is destroyed |
|
5328 * MFSA 2013-81/CVE-2013-1724 (bmo#894137) |
|
5329 Use-after-free with select element |
|
5330 * MFSA 2013-82/CVE-2013-1725 (bmo#876762) |
|
5331 Calling scope for new Javascript objects can lead to memory corruption |
|
5332 * MFSA 2013-85/CVE-2013-1728 (bmo#883686) |
|
5333 Uninitialized data in IonMonkey |
|
5334 * MFSA 2013-88/CVE-2013-1730 (bmo#851353) |
|
5335 Compartment mismatch re-attaching XBL-backed nodes |
|
5336 * MFSA 2013-89/CVE-2013-1732 (bmo#883514) |
|
5337 Buffer overflow with multi-column, lists, and floats |
|
5338 * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) |
|
5339 Memory corruption involving scrolling |
|
5340 * MFSA 2013-91/CVE-2013-1737 (bmo#907727) |
|
5341 User-defined properties on DOM proxies get the wrong "this" object |
|
5342 * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) |
|
5343 GC hazard with default compartments and frame chain restoration |
|
5344 - enable gstreamer explicitely via pref (gecko.js) |
|
5345 - require NSS 3.15.1 |
|
5346 |
|
5347 ------------------------------------------------------------------- |
|
5348 Mon Aug 26 07:35:36 UTC 2013 - wr@rosenauer.org |
|
5349 |
|
5350 - update to Firefox 23.0.1 |
|
5351 * Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls |
|
5352 (bmo#901527) |
|
5353 |
|
5354 ------------------------------------------------------------------- |
|
5355 Sun Aug 4 18:30:11 UTC 2013 - wr@rosenauer.org |
|
5356 |
|
5357 - update to Firefox 23.0 (bnc#833389) |
|
5358 * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 |
|
5359 Miscellaneous memory safety hazards |
|
5360 * MFSA 2013-64/CVE-2013-1704 (bmo#883313) |
|
5361 Use after free mutating DOM during SetBody |
|
5362 * MFSA 2013-65/CVE-2013-1705 (bmo#882865) |
|
5363 Buffer underflow when generating CRMF requests |
|
5364 * MFSA 2013-67/CVE-2013-1708 (bmo#879924) |
|
5365 Crash during WAV audio file decoding |
|
5366 * MFSA 2013-68/CVE-2013-1709 (bmo#838253) |
|
5367 Document URI misrepresentation and masquerading |
|
5368 * MFSA 2013-69/CVE-2013-1710 (bmo#871368) |
|
5369 CRMF requests allow for code execution and XSS attacks |
|
5370 * MFSA 2013-70/CVE-2013-1711 (bmo#843829) |
|
5371 Bypass of XrayWrappers using XBL Scopes |
|
5372 * MFSA 2013-72/CVE-2013-1713 (bmo#887098) |
|
5373 Wrong principal used for validating URI for some Javascript |
|
5374 components |
|
5375 * MFSA 2013-73/CVE-2013-1714 (bmo#879787) |
|
5376 Same-origin bypass with web workers and XMLHttpRequest |
|
5377 * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) |
|
5378 Local Java applets may read contents of local file system |
|
5379 - requires NSPR 4.10 and NSS 3.15 |
|
5380 |
|
5381 ------------------------------------------------------------------- |
|
5382 Wed Jul 3 17:14:35 UTC 2013 - dmueller@suse.com |
|
5383 |
|
5384 - fix build on ARM (/-g/ matches /-grecord-switches/) |
|
5385 |
|
5386 ------------------------------------------------------------------- |
|
5387 Sat Jun 22 17:48:06 UTC 2013 - wr@rosenauer.org |
|
5388 |
|
5389 - update to Firefox 22.0 (bnc#825935) |
|
5390 * removed obsolete patches |
|
5391 + mozilla-qcms-ppc.patch |
|
5392 + mozilla-gstreamer-760140.patch |
|
5393 * GStreamer support does not build on 12.1 anymore (build only |
|
5394 on 12.2 and later) |
|
5395 * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 |
|
5396 Miscellaneous memory safety hazards |
|
5397 * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 |
|
5398 Memory corruption found using Address Sanitizer |
|
5399 * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) |
|
5400 Privileged content access and execution via XBL |
|
5401 * MFSA 2013-52/CVE-2013-1688 (bmo#873966) |
|
5402 Arbitrary code execution within Profiler |
|
5403 * MFSA 2013-53/CVE-2013-1690 (bmo#857883) |
|
5404 Execution of unmapped memory through onreadystatechange event |
|
5405 * MFSA 2013-54/CVE-2013-1692 (bmo#866915) |
|
5406 Data in the body of XHR HEAD requests leads to CSRF attacks |
|
5407 * MFSA 2013-55/CVE-2013-1693 (bmo#711043) |
|
5408 SVG filters can lead to information disclosure |
|
5409 * MFSA 2013-56/CVE-2013-1694 (bmo#848535) |
|
5410 PreserveWrapper has inconsistent behavior |
|
5411 * MFSA 2013-57/CVE-2013-1695 (bmo#849791) |
|
5412 Sandbox restrictions not applied to nested frame elements |
|
5413 * MFSA 2013-58/CVE-2013-1696 (bmo#761667) |
|
5414 X-Frame-Options ignored when using server push with multi-part |
|
5415 responses |
|
5416 * MFSA 2013-59/CVE-2013-1697 (bmo#858101) |
|
5417 XrayWrappers can be bypassed to run user defined methods in a |
|
5418 privileged context |
|
5419 * MFSA 2013-60/CVE-2013-1698 (bmo#876044) |
|
5420 getUserMedia permission dialog incorrectly displays location |
|
5421 * MFSA 2013-61/CVE-2013-1699 (bmo#840882) |
|
5422 Homograph domain spoofing in .com, .net and .name |
|
5423 |
|
5424 ------------------------------------------------------------------- |
|
5425 Tue Jun 11 21:06:58 UTC 2013 - dvaleev@suse.com |
|
5426 |
|
5427 - Fix qcms altivec include (mozilla-qcms-ppc.patch) |
|
5428 |
|
5429 ------------------------------------------------------------------- |
|
5430 Fri May 10 05:25:39 UTC 2013 - wr@rosenauer.org |
|
5431 |
|
5432 - update to Firefox 21.0 (bnc#819204) |
|
5433 * removed upstreamed patch firefox-712763.patch |
|
5434 * removed disabled mozilla-disable-neon-option.patch |
|
5435 * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 |
|
5436 Miscellaneous memory safety hazards |
|
5437 * MFSA 2013-42/CVE-2013-1670 (bmo#853709) |
|
5438 Privileged access for content level constructor |
|
5439 * MFSA 2013-43/CVE-2013-1671 (bmo#842255) |
|
5440 File input control has access to full path |
|
5441 * MFSA 2013-46/CVE-2013-1674 (bmo#860971) |
|
5442 Use-after-free with video and onresize event |
|
5443 * MFSA 2013-47/CVE-2013-1675 (bmo#866825) |
|
5444 Uninitialized functions in DOMSVGZoomEvent |
|
5445 * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ |
|
5446 CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 |
|
5447 Memory corruption found using Address Sanitizer |
|
5448 |
|
5449 ------------------------------------------------------------------- |
|
5450 Tue Apr 9 06:41:31 UTC 2013 - wr@rosenauer.org |
|
5451 |
|
5452 - revert to use GStreamer 0.10 on 12.3 (bnc#814101) |
|
5453 (remove mozilla-gstreamer-1.patch) |
|
5454 |
|
5455 ------------------------------------------------------------------- |
|
5456 Fri Apr 5 17:04:11 UTC 2013 - schwab@linux-m68k.org |
|
5457 |
|
5458 - Explicitly disable WebRTC support on non-x86, the configure script |
|
5459 disables it only half-heartedly |
|
5460 |
|
5461 ------------------------------------------------------------------- |
|
5462 Fri Mar 29 22:15:21 UTC 2013 - wr@rosenauer.org |
|
5463 |
|
5464 - update to Firefox 20.0 (bnc#813026) |
|
5465 * requires NSPR 4.9.5 and NSS 3.14.3 |
|
5466 * mozilla-webrtc-ppc.patch included upstream |
|
5467 * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 |
|
5468 Miscellaneous memory safety hazards |
|
5469 * MFSA 2013-31/CVE-2013-0800 (bmo#825721) |
|
5470 Out-of-bounds write in Cairo library |
|
5471 * MFSA 2013-35/CVE-2013-0796 (bmo#827106) |
|
5472 WebGL crash with Mesa graphics driver on Linux |
|
5473 * MFSA 2013-36/CVE-2013-0795 (bmo#825697) |
|
5474 Bypass of SOW protections allows cloning of protected nodes |
|
5475 * MFSA 2013-37/CVE-2013-0794 (bmo#626775) |
|
5476 Bypass of tab-modal dialog origin disclosure |
|
5477 * MFSA 2013-38/CVE-2013-0793 (bmo#803870) |
|
5478 Cross-site scripting (XSS) using timed history navigations |
|
5479 * MFSA 2013-39/CVE-2013-0792 (bmo#722831) |
|
5480 Memory corruption while rendering grayscale PNG images |
|
5481 - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch) |
|
5482 |
|
5483 ------------------------------------------------------------------- |
|
5484 Tue Mar 12 23:08:15 UTC 2013 - dmueller@suse.com |
|
5485 |
|
5486 - build fixes for armv7hl: |
|
5487 * disable debug build as armv7hl does not have enough memory |
|
5488 * disable webrtc on armv7hl as it is non-compiling |
|
5489 |
|
5490 ------------------------------------------------------------------- |
|
5491 Thu Mar 7 19:03:32 UTC 2013 - wr@rosenauer.org |
|
5492 |
|
5493 - update to Firefox 19.0.2 (bnc#808243) |
|
5494 * MFSA 2013-29/CVE-2013-0787 (bmo#848644) |
|
5495 Use-after-free in HTML Editor |
|
5496 |
|
5497 ------------------------------------------------------------------- |
|
5498 Thu Feb 28 22:06:36 UTC 2013 - wr@rosenauer.org |
|
5499 |
|
5500 - update to Firefox 19.0.1 |
|
5501 * blocklist updates |
|
5502 |
|
5503 ------------------------------------------------------------------- |
|
5504 Sat Feb 16 07:08:55 UTC 2013 - wr@rosenauer.org |
|
5505 |
|
5506 - update to Firefox 19.0 (bnc#804248) |
|
5507 * MFSA 2013-21/CVE-2013-0783/2013-0784 |
|
5508 Miscellaneous memory safety hazards |
|
5509 * MFSA 2013-22/CVE-2013-0772 (bmo#801366) |
|
5510 Out-of-bounds read in image rendering |
|
5511 * MFSA 2013-23/CVE-2013-0765 (bmo#830614) |
|
5512 Wrapped WebIDL objects can be wrapped again |
|
5513 * MFSA 2013-24/CVE-2013-0773 (bmo#809652) |
|
5514 Web content bypass of COW and SOW security wrappers |
|
5515 * MFSA 2013-25/CVE-2013-0774 (bmo#827193) |
|
5516 Privacy leak in JavaScript Workers |
|
5517 * MFSA 2013-26/CVE-2013-0775 (bmo#831095) |
|
5518 Use-after-free in nsImageLoadingContent |
|
5519 * MFSA 2013-27/CVE-2013-0776 (bmo#796475) |
|
5520 Phishing on HTTPS connection through malicious proxy |
|
5521 * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ |
|
5522 CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 |
|
5523 Use-after-free, out of bounds read, and buffer overflow issues |
|
5524 found using Address Sanitizer |
|
5525 - removed obsolete patches |
|
5526 * mozilla-webrtc.patch |
|
5527 * mozilla-gstreamer-803287.patch |
|
5528 - added patch to fix session restore window order (bmo#712763) |
|
5529 |
|
5530 ------------------------------------------------------------------- |
|
5531 Sat Feb 2 08:40:52 UTC 2013 - wr@rosenauer.org |
|
5532 |
|
5533 - update to Firefox 18.0.2 |
|
5534 * blocklist and CTP updates |
|
5535 * fixes in JS engine |
|
5536 |
|
5537 ------------------------------------------------------------------- |
|
5538 Wed Jan 16 20:51:55 UTC 2013 - wr@rosenauer.org |
|
5539 |
|
5540 - update to Firefox 18.0.1 |
|
5541 * blocklist updates |
|
5542 * backed out bmo#677092 (removed patch) |
|
5543 * fixed problems involving HTTP proxy transactions |
|
5544 |
|
5545 ------------------------------------------------------------------- |
|
5546 Sat Jan 12 17:25:11 UTC 2013 - schwab@linux-m68k.org |
|
5547 |
|
5548 - Fix WebRTC to build on powerpc |
|
5549 |
|
5550 ------------------------------------------------------------------- |
|
5551 Sun Jan 6 21:54:18 UTC 2013 - wr@rosenauer.org |
|
5552 |
|
5553 - update to Firefox 18.0 (bnc#796895) |
|
5554 * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 |
|
5555 Miscellaneous memory safety hazards |
|
5556 * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 |
|
5557 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 |
|
5558 Use-after-free and buffer overflow issues found using Address Sanitizer |
|
5559 * MFSA 2013-03/CVE-2013-0768 (bmo#815795) |
|
5560 Buffer Overflow in Canvas |
|
5561 * MFSA 2013-04/CVE-2012-0759 (bmo#802026) |
|
5562 URL spoofing in addressbar during page loads |
|
5563 * MFSA 2013-05/CVE-2013-0744 (bmo#814713) |
|
5564 Use-after-free when displaying table with many columns and column groups |
|
5565 * MFSA 2013-06/CVE-2013-0751 (bmo#790454) |
|
5566 Touch events are shared across iframes |
|
5567 * MFSA 2013-07/CVE-2013-0764 (bmo#804237) |
|
5568 Crash due to handling of SSL on threads |
|
5569 * MFSA 2013-08/CVE-2013-0745 (bmo#794158) |
|
5570 AutoWrapperChanger fails to keep objects alive during garbage collection |
|
5571 * MFSA 2013-09/CVE-2013-0746 (bmo#816842) |
|
5572 Compartment mismatch with quickstubs returned values |
|
5573 * MFSA 2013-10/CVE-2013-0747 (bmo#733305) |
|
5574 Event manipulation in plugin handler to bypass same-origin policy |
|
5575 * MFSA 2013-11/CVE-2013-0748 (bmo#806031) |
|
5576 Address space layout leaked in XBL objects |
|
5577 * MFSA 2013-12/CVE-2013-0750 (bmo#805121) |
|
5578 Buffer overflow in Javascript string concatenation |
|
5579 * MFSA 2013-13/CVE-2013-0752 (bmo#805024) |
|
5580 Memory corruption in XBL with XML bindings containing SVG |
|
5581 * MFSA 2013-14/CVE-2013-0757 (bmo#813901) |
|
5582 Chrome Object Wrapper (COW) bypass through changing prototype |
|
5583 * MFSA 2013-15/CVE-2013-0758 (bmo#813906) |
|
5584 Privilege escalation through plugin objects |
|
5585 * MFSA 2013-16/CVE-2013-0753 (bmo#814001) |
|
5586 Use-after-free in serializeToStream |
|
5587 * MFSA 2013-17/CVE-2013-0754 (bmo#814026) |
|
5588 Use-after-free in ListenerManager |
|
5589 * MFSA 2013-18/CVE-2013-0755 (bmo#814027) |
|
5590 Use-after-free in Vibrate |
|
5591 * MFSA 2013-19/CVE-2013-0756 (bmo#814029) |
|
5592 Use-after-free in Javascript Proxy objects |
|
5593 - requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743) |
|
5594 - removed obsolete SLE11 patches (mozilla-gcc43*) |
|
5595 - reenable WebRTC |
|
5596 - added mozilla-libproxy-compat.patch for libproxy API compat |
|
5597 on openSUSE 11.2 and earlier |
|
5598 - backed out restartless language packs as it broke multi-locale |
|
5599 setup (bmo#677092, bmo#818468) |
|
5600 |
|
5601 ------------------------------------------------------------------- |
|
5602 Thu Nov 29 19:56:51 UTC 2012 - wr@rosenauer.org |
|
5603 |
|
5604 - update to Firefox 17.0.1 |
|
5605 * revert some useragent changes introduced in 17.0 |
|
5606 * leaving private browsing with social enabled doesn't reset all |
|
5607 social components (bmo#815042) |
|
5608 - fix KDE integration for file dialogs |
|
5609 |
|
5610 ------------------------------------------------------------------- |
|
5611 Tue Nov 20 19:52:02 UTC 2012 - wr@rosenauer.org |
|
5612 |
|
5613 - update to Firefox 17.0 (bnc#790140) |
|
5614 * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 |
|
5615 Miscellaneous memory safety hazards |
|
5616 * MFSA 2012-92/CVE-2012-4202 (bmo#758200) |
|
5617 Buffer overflow while rendering GIF images |
|
5618 * MFSA 2012-93/CVE-2012-4201 (bmo#747607) |
|
5619 evalInSanbox location context incorrectly applied |
|
5620 * MFSA 2012-94/CVE-2012-5836 (bmo#792857) |
|
5621 Crash when combining SVG text on path with CSS |
|
5622 * MFSA 2012-95/CVE-2012-4203 (bmo#765628) |
|
5623 Javascript: URLs run in privileged context on New Tab page |
|
5624 * MFSA 2012-96/CVE-2012-4204 (bmo#778603) |
|
5625 Memory corruption in str_unescape |
|
5626 * MFSA 2012-97/CVE-2012-4205 (bmo#779821) |
|
5627 XMLHttpRequest inherits incorrect principal within sandbox |
|
5628 * MFSA 2012-99/CVE-2012-4208 (bmo#798264) |
|
5629 XrayWrappers exposes chrome-only properties when not in chrome |
|
5630 compartment |
|
5631 * MFSA 2012-100/CVE-2012-5841 (bmo#805807) |
|
5632 Improper security filtering for cross-origin wrappers |
|
5633 * MFSA 2012-101/CVE-2012-4207 (bmo#801681) |
|
5634 Improper character decoding in HZ-GB-2312 charset |
|
5635 * MFSA 2012-102/CVE-2012-5837 (bmo#800363) |
|
5636 Script entered into Developer Toolbar runs with chrome privileges |
|
5637 * MFSA 2012-103/CVE-2012-4209 (bmo#792405) |
|
5638 Frames can shadow top.location |
|
5639 * MFSA 2012-104/CVE-2012-4210 (bmo#796866) |
|
5640 CSS and HTML injection through Style Inspector |
|
5641 * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ |
|
5642 CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ |
|
5643 CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 |
|
5644 Use-after-free and buffer overflow issues found using Address |
|
5645 Sanitizer |
|
5646 * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 |
|
5647 Use-after-free, buffer overflow, and memory corruption issues |
|
5648 found using Address Sanitizer |
|
5649 - rebased patches |
|
5650 - disabled WebRTC since build is broken (bmo#776877) |
|
5651 |
|
5652 ------------------------------------------------------------------- |
|
5653 Tue Nov 20 15:42:55 UTC 2012 - pcerny@suse.com |
|
5654 |
|
5655 - build on SLE11 |
|
5656 * mozilla-gcc43-enums.patch |
|
5657 * mozilla-gcc43-template_hacks.patch |
|
5658 * mozilla-gcc43-templates_instantiation.patch |
|
5659 |
|
5660 ------------------------------------------------------------------- |
|
5661 Wed Oct 24 08:27:29 UTC 2012 - wr@rosenauer.org |
|
5662 |
|
5663 - update to Firefox 16.0.2 (bnc#786522) |
|
5664 * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 |
|
5665 (bmo#800666, bmo#793121, bmo#802557) |
|
5666 Fixes for Location object issues |
|
5667 - bring back Obsoletes for libproxy's mozjs plugin for distributions |
|
5668 before 12.2 to avoid crashes |
|
5669 |
|
5670 ------------------------------------------------------------------- |
|
5671 Thu Oct 11 01:51:16 UTC 2012 - wr@rosenauer.org |
|
5672 |
|
5673 - update to Firefox 16.0.1 (bnc#783533) |
|
5674 * MFSA 2012-88/CVE-2012-4191 (bmo#798045) |
|
5675 Miscellaneous memory safety hazards |
|
5676 * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) |
|
5677 defaultValue security checks not applied |
|
5678 |
|
5679 ------------------------------------------------------------------- |
|
5680 Sun Oct 7 21:40:14 UTC 2012 - wr@rosenauer.org |
|
5681 |
|
5682 - update to Firefox 16.0 (bnc#783533) |
|
5683 * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 |
|
5684 Miscellaneous memory safety hazards |
|
5685 * MFSA 2012-75/CVE-2012-3984 (bmo#575294) |
|
5686 select element persistance allows for attacks |
|
5687 * MFSA 2012-76/CVE-2012-3985 (bmo#655649) |
|
5688 Continued access to initial origin after setting document.domain |
|
5689 * MFSA 2012-77/CVE-2012-3986 (bmo#775868) |
|
5690 Some DOMWindowUtils methods bypass security checks |
|
5691 * MFSA 2012-79/CVE-2012-3988 (bmo#725770) |
|
5692 DOS and crash with full screen and history navigation |
|
5693 * MFSA 2012-80/CVE-2012-3989 (bmo#783867) |
|
5694 Crash with invalid cast when using instanceof operator |
|
5695 * MFSA 2012-81/CVE-2012-3991 (bmo#783260) |
|
5696 GetProperty function can bypass security checks |
|
5697 * MFSA 2012-82/CVE-2012-3994 (bmo#765527) |
|
5698 top object and location property accessible by plugins |
|
5699 * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) |
|
5700 Chrome Object Wrapper (COW) does not disallow acces to privileged |
|
5701 functions or properties |
|
5702 * MFSA 2012-84/CVE-2012-3992 (bmo#775009) |
|
5703 Spoofing and script injection through location.hash |
|
5704 * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ |
|
5705 CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 |
|
5706 Use-after-free, buffer overflow, and out of bounds read issues |
|
5707 found using Address Sanitizer |
|
5708 * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ |
|
5709 CVE-2012-4188 |
|
5710 Heap memory corruption issues found using Address Sanitizer |
|
5711 * MFSA 2012-87/CVE-2012-3990 (bmo#787704) |
|
5712 Use-after-free in the IME State Manager |
|
5713 - requires NSPR 4.9.2 |
|
5714 - improve GStreamer integration (bmo#760140) |
|
5715 - removed upstreamed mozilla-crashreporter-restart-args.patch |
|
5716 - webapprt now included |
|
5717 - use kmozillahelper's new REVEAL command (bnc#777415) |
|
5718 (requires mozilla-kde4-integration >= 0.6.4) |
|
5719 - updated translations-other with new languages |
|
5720 |
|
5721 ------------------------------------------------------------------- |
|
5722 Mon Sep 10 19:37:56 UTC 2012 - wr@rosenauer.org |
|
5723 |
|
5724 - update to Firefox 15.0.1 (bnc#779936) |
|
5725 * Sites visited while in Private Browsing mode could be found |
|
5726 through manual browser cache inspection (bmo#787743) |
|
5727 |
|
5728 ------------------------------------------------------------------- |
|
5729 Sun Aug 26 13:47:43 UTC 2012 - wr@rosenauer.org |
|
5730 |
|
5731 - update to Firefox 15.0 (bnc#777588) |
|
5732 * MFSA 2012-57/CVE-2012-1970 |
|
5733 Miscellaneous memory safety hazards |
|
5734 * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975 |
|
5735 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959 |
|
5736 CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964 |
|
5737 Use-after-free issues found using Address Sanitizer |
|
5738 * MFSA 2012-59/CVE-2012-1956 (bmo#756719) |
|
5739 Location object can be shadowed using Object.defineProperty |
|
5740 * MFSA 2012-60/CVE-2012-3965 (bmo#769108) |
|
5741 Escalation of privilege through about:newtab |
|
5742 * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793) |
|
5743 Memory corruption with bitmap format images with negative height |
|
5744 * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 |
|
5745 WebGL use-after-free and memory corruption |
|
5746 * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 |
|
5747 SVG buffer overflow and use-after-free issues |
|
5748 * MFSA 2012-64/CVE-2012-3971 |
|
5749 Graphite 2 memory corruption |
|
5750 * MFSA 2012-65/CVE-2012-3972 (bmo#746855) |
|
5751 Out-of-bounds read in format-number in XSLT |
|
5752 * MFSA 2012-66/CVE-2012-3973 (bmo#757128) |
|
5753 HTTPMonitor extension allows for remote debugging without explicit |
|
5754 activation |
|
5755 * MFSA 2012-68/CVE-2012-3975 (bmo#770684) |
|
5756 DOMParser loads linked resources in extensions when parsing |
|
5757 text/html |
|
5758 * MFSA 2012-69/CVE-2012-3976 (bmo#768568) |
|
5759 Incorrect site SSL certificate data display |
|
5760 * MFSA 2012-70/CVE-2012-3978 (bmo#770429) |
|
5761 Location object security checks bypassed by chrome code |
|
5762 * MFSA 2012-72/CVE-2012-3980 (bmo#771859) |
|
5763 Web console eval capable of executing chrome-privileged code |
|
5764 - fix HTML5 video crash with GStreamer enabled (bmo#761030) |
|
5765 - GStreamer is only used for MP4 (no WebM, OGG) |
|
5766 - updated filelist |
|
5767 - moved browser specific preferences to correct location |
|
5768 |
|
5769 ------------------------------------------------------------------- |
|
5770 Sun Jul 29 08:34:39 UTC 2012 - aj@suse.de |
|
5771 |
|
5772 - Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16) |
|
5773 |
|
5774 ------------------------------------------------------------------- |
|
5775 Sat Jul 14 19:31:51 UTC 2012 - wr@rosenauer.org |
|
5776 |
|
5777 - update to 14.0.1 (bnc#771583) |
|
5778 * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 |
|
5779 Miscellaneous memory safety hazards |
|
5780 * MFSA 2012-43/CVE-2012-1950 |
|
5781 Incorrect URL displayed in addressbar through drag and drop |
|
5782 * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 |
|
5783 Gecko memory corruption |
|
5784 * MFSA 2012-45/CVE-2012-1955 (bmo#757376) |
|
5785 Spoofing issue with location |
|
5786 * MFSA 2012-46/CVE-2012-1966 (bmo#734076) |
|
5787 XSS through data: URLs |
|
5788 * MFSA 2012-47/CVE-2012-1957 (bmo#750096) |
|
5789 Improper filtering of javascript in HTML feed-view |
|
5790 * MFSA 2012-48/CVE-2012-1958 (bmo#750820) |
|
5791 use-after-free in nsGlobalWindow::PageHidden |
|
5792 * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) |
|
5793 Same-compartment Security Wrappers can be bypassed |
|
5794 * MFSA 2012-50/CVE-2012-1960 (bmo#761014) |
|
5795 Out of bounds read in QCMS |
|
5796 * MFSA 2012-51/CVE-2012-1961 (bmo#761655) |
|
5797 X-Frame-Options header ignored when duplicated |
|
5798 * MFSA 2012-52/CVE-2012-1962 (bmo#764296) |
|
5799 JSDependentString::undepend string conversion results in memory |
|
5800 corruption |
|
5801 * MFSA 2012-53/CVE-2012-1963 (bmo#767778) |
|
5802 Content Security Policy 1.0 implementation errors cause data |
|
5803 leakage |
|
5804 * MFSA 2012-55/CVE-2012-1965 (bmo#758990) |
|
5805 feed: URLs with an innerURI inherit security context of page |
|
5806 * MFSA 2012-56/CVE-2012-1967 (bmo#758344) |
|
5807 Code execution through javascript: URLs |
|
5808 - license change from tri license to MPL-2.0 |
|
5809 - fix crashreporter restart option (bmo#762780) |
|
5810 - require NSS 3.13.5 |
|
5811 - remove mozjs pacrunner obsoletes again for now |
|
5812 - adopted mozilla-prefer_plugin_pref.patch |
|
5813 - PPC fixes: |
|
5814 * reenabled mozilla-yarr-pcre.patch to fix build for PPC |
|
5815 * add patches for bmo#750620 and bmo#746112 |
|
5816 * fix xpcshell segfault on ppc |
|
5817 |
|
5818 ------------------------------------------------------------------- |
|
5819 Fri Jun 15 12:37:09 UTC 2012 - wr@rosenauer.org |
|
5820 |
|
5821 - update to Firefox 13.0.1 |
|
5822 * bugfix release |
|
5823 - obsolete libproxy's mozjs pacrunner (bnc#759123) |
|
5824 |
|
5825 ------------------------------------------------------------------- |
|
5826 Sat Jun 2 08:22:51 UTC 2012 - wr@rosenauer.org |
|
5827 |
|
5828 - update to Firefox 13.0 (bnc#765204) |
|
5829 * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 |
|
5830 Miscellaneous memory safety hazards |
|
5831 * MFSA 2012-36/CVE-2012-1944 (bmo#751422) |
|
5832 Content Security Policy inline-script bypass |
|
5833 * MFSA 2012-37/CVE-2012-1945 (bmo#670514) |
|
5834 Information disclosure though Windows file shares and shortcut |
|
5835 files |
|
5836 * MFSA 2012-38/CVE-2012-1946 (bmo#750109) |
|
5837 Use-after-free while replacing/inserting a node in a document |
|
5838 * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 |
|
5839 Buffer overflow and use-after-free issues found using Address |
|
5840 Sanitizer |
|
5841 - require NSS 3.13.4 |
|
5842 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) |
|
5843 - fix sound notifications when filename/path contains a whitespace |
|
5844 (bmo#749739) |
|
5845 |
|
5846 ------------------------------------------------------------------- |
|
5847 Wed May 23 14:40:16 UTC 2012 - adrian@suse.de |
|
5848 |
|
5849 - fix build on arm |
|
5850 |
|
5851 ------------------------------------------------------------------- |
|
5852 Wed May 16 05:34:01 UTC 2012 - wr@rosenauer.org |
|
5853 |
|
5854 - reenabled crashreporter for Factory/12.2 |
|
5855 (fix in mozilla-gcc47.patch) |
|
5856 |
|
5857 ------------------------------------------------------------------- |
|
5858 Sat Apr 21 10:02:37 UTC 2012 - wr@rosenauer.org |
|
5859 |
|
5860 - update to Firefox 12.0 (bnc#758408) |
|
5861 * rebased patches |
|
5862 * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 |
|
5863 Miscellaneous memory safety hazards |
|
5864 * MFSA 2012-22/CVE-2012-0469 (bmo#738985) |
|
5865 use-after-free in IDBKeyRange |
|
5866 * MFSA 2012-23/CVE-2012-0470 (bmo#734288) |
|
5867 Invalid frees causes heap corruption in gfxImageSurface |
|
5868 * MFSA 2012-24/CVE-2012-0471 (bmo#715319) |
|
5869 Potential XSS via multibyte content processing errors |
|
5870 * MFSA 2012-25/CVE-2012-0472 (bmo#744480) |
|
5871 Potential memory corruption during font rendering using cairo-dwrite |
|
5872 * MFSA 2012-26/CVE-2012-0473 (bmo#743475) |
|
5873 WebGL.drawElements may read illegal video memory due to |
|
5874 FindMaxUshortElement error |
|
5875 * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) |
|
5876 Page load short-circuit can lead to XSS |
|
5877 * MFSA 2012-28/CVE-2012-0475 (bmo#694576) |
|
5878 Ambiguous IPv6 in Origin headers may bypass webserver access |
|
5879 restrictions |
|
5880 * MFSA 2012-29/CVE-2012-0477 (bmo#718573) |
|
5881 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues |
|
5882 * MFSA 2012-30/CVE-2012-0478 (bmo#727547) |
|
5883 Crash with WebGL content using textImage2D |
|
5884 * MFSA 2012-31/CVE-2011-3062 (bmo#739925) |
|
5885 Off-by-one error in OpenType Sanitizer |
|
5886 * MFSA 2012-32/CVE-2011-1187 (bmo#624621) |
|
5887 HTTP Redirections and remote content can be read by javascript errors |
|
5888 * MFSA 2012-33/CVE-2012-0479 (bmo#714631) |
|
5889 Potential site identity spoofing when loading RSS and Atom feeds |
|
5890 - added mozilla-libnotify.patch to allow fallback from libnotify |
|
5891 to xul based events if no notification-daemon is running |
|
5892 - gcc 4.7 fixes |
|
5893 * mozilla-gcc47.patch |
|
5894 * disabled crashreporter temporarily for Factory |
|
5895 - recommend libcanberra0 for proper sound notifications |
|
5896 |
|
5897 ------------------------------------------------------------------- |
|
5898 Fri Mar 9 21:47:07 UTC 2012 - wr@rosenauer.org |
|
5899 |
|
5900 - update to Firefox 11.0 (bnc#750044) |
|
5901 * MFSA 2012-13/CVE-2012-0455 (bmo#704354) |
|
5902 XSS with Drag and Drop and Javascript: URL |
|
5903 * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) |
|
5904 SVG issues found with Address Sanitizer |
|
5905 * MFSA 2012-15/CVE-2012-0451 (bmo#717511) |
|
5906 XSS with multiple Content Security Policy headers |
|
5907 * MFSA 2012-16/CVE-2012-0458 |
|
5908 Escalation of privilege with Javascript: URL as home page |
|
5909 * MFSA 2012-17/CVE-2012-0459 (bmo#723446) |
|
5910 Crash when accessing keyframe cssText after dynamic modification |
|
5911 * MFSA 2012-18/CVE-2012-0460 (bmo#727303) |
|
5912 window.fullScreen writeable by untrusted content |
|
5913 * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ |
|
5914 CVE-2012-0463 |
|
5915 Miscellaneous memory safety hazards |
|
5916 - ported and reenabled KDE integration (bnc#746591) |
|
5917 - explicitely build-require X libs |
|
5918 |
|
5919 ------------------------------------------------------------------- |
|
5920 Mon Mar 5 13:31:48 UTC 2012 - vdziewiecki@suse.com |
|
5921 |
|
5922 - add Provides: browser(npapi) FATE#313084 |
|
5923 |
|
5924 ------------------------------------------------------------------- |
|
5925 Fri Feb 17 17:41:11 UTC 2012 - pcerny@suse.com |
|
5926 |
|
5927 - better plugin directory resolution (bnc#747320) |
|
5928 |
|
5929 ------------------------------------------------------------------- |
|
5930 Thu Feb 16 08:47:31 UTC 2012 - wr@rosenauer.org |
|
5931 |
|
5932 - update to Firefox 10.0.2 (bnc#747328) |
|
5933 * CVE-2011-3026 (bmo#727401) |
|
5934 libpng: integer overflow leading to heap-buffer overflow |
|
5935 |
|
5936 ------------------------------------------------------------------- |
|
5937 Thu Feb 9 09:26:11 UTC 2012 - wr@rosenauer.org |
|
5938 |
|
5939 - update to Firefox 10.0.1 (bnc#746616) |
|
5940 * MFSA 2012-10/CVE-2012-0452 (bmo#724284) |
|
5941 use after free in nsXBLDocumentInfo::ReadPrototypeBindings |
|
5942 |
|
5943 ------------------------------------------------------------------- |
|
5944 Tue Feb 7 10:40:58 UTC 2012 - dvaleev@suse.com |
|
5945 |
|
5946 - Use YARR interpreter instead of PCRE on platforms where YARR JIT |
|
5947 is not supported, since PCRE doesnt build (bmo#691898) |
|
5948 - fix ppc64 build (bmo#703534) |
|
5949 |
|
5950 ------------------------------------------------------------------- |
|
5951 Mon Jan 30 09:41:59 UTC 2012 - wr@rosenauer.org |
|
5952 |
|
5953 - update to Firefox 10.0 (bnc#744275) |
|
5954 * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 |
|
5955 Miscellaneous memory safety hazards |
|
5956 * MFSA 2012-03/CVE-2012-0445 (bmo#701071) |
|
5957 <iframe> element exposed across domains via name attribute |
|
5958 * MFSA 2012-04/CVE-2011-3659 (bmo#708198) |
|
5959 Child nodes from nsDOMAttribute still accessible after removal |
|
5960 of nodes |
|
5961 * MFSA 2012-05/CVE-2012-0446 (bmo#705651) |
|
5962 Frame scripts calling into untrusted objects bypass security |
|
5963 checks |
|
5964 * MFSA 2012-06/CVE-2012-0447 (bmo#710079) |
|
5965 Uninitialized memory appended when encoding icon images may |
|
5966 cause information disclosure |
|
5967 * MFSA 2012-07/CVE-2012-0444 (bmo#719612) |
|
5968 Potential Memory Corruption When Decoding Ogg Vorbis files |
|
5969 * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) |
|
5970 Crash with malformed embedded XSLT stylesheets |
|
5971 - KDE integration has been disabled since it needs refactoring |
|
5972 - removed obsolete ppc64 patch |
|
5973 |
|
5974 ------------------------------------------------------------------- |
|
5975 Sun Jan 22 12:08:07 UTC 2012 - joop.boonen@opensuse.org |
|
5976 |
|
5977 - Disable neon for arm as it doesn't build correctly |
|
5978 |
|
5979 ------------------------------------------------------------------- |
|
5980 Fri Dec 23 17:02:01 UTC 2011 - wr@rosenauer.org |
|
5981 |
|
5982 - update to Firefox 9.0.1 |
|
5983 * (strongparent) parentNode of element gets lost (bmo#335998) |
|
5984 |
|
5985 ------------------------------------------------------------------- |
|
5986 Sun Dec 18 09:58:52 UTC 2011 - adrian@suse.de |
|
5987 |
|
5988 - fix arm build, don't package crashreporter there |
|
5989 |
|
5990 ------------------------------------------------------------------- |
|
5991 Sun Dec 18 09:52:08 UTC 2011 - wr@rosenauer.org |
|
5992 |
|
5993 - update to Firefox 9 (bnc#737533) |
|
5994 * MFSA 2011-53/CVE-2011-3660 |
|
5995 Miscellaneous memory safety hazards (rv:9.0) |
|
5996 * MFSA 2011-54/CVE-2011-3661 (bmo#691299) |
|
5997 Potentially exploitable crash in the YARR regular expression |
|
5998 library |
|
5999 * MFSA 2011-55/CVE-2011-3658 (bmo#708186) |
|
6000 nsSVGValue out-of-bounds access |
|
6001 * MFSA 2011-56/CVE-2011-3663 (bmo#704482) |
|
6002 Key detection without JavaScript via SVG animation |
|
6003 * MFSA 2011-58/VE-2011-3665 (bmo#701259) |
|
6004 Crash scaling <video> to extreme sizes |
|
6005 |
|
6006 ------------------------------------------------------------------- |
|
6007 Sun Nov 27 03:51:54 UTC 2011 - mgorse@suse.com |
|
6008 |
|
6009 - Fix accessibility under GNOME 3 (bnc#732898) |
|
6010 |
|
6011 ------------------------------------------------------------------- |
|
6012 Sat Nov 12 15:16:38 UTC 2011 - dvaleev@suse.com |
|
6013 |
|
6014 - fix ppc64 build |
|
6015 |
|
6016 ------------------------------------------------------------------- |
|
6017 Sun Nov 6 08:20:59 UTC 2011 - wr@rosenauer.org |
|
6018 |
|
6019 - update to Firefox 8 (bnc#728520) |
|
6020 * MFSA 2011-47/CVE-2011-3648 (bmo#690225) |
|
6021 Potential XSS against sites using Shift-JIS |
|
6022 * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 |
|
6023 Miscellaneous memory safety hazards |
|
6024 * MFSA 2011-49/CVE-2011-3650 (bmo#674776) |
|
6025 Memory corruption while profiling using Firebug |
|
6026 * MFSA 2011-52/CVE-2011-3655 (bmo#672182) |
|
6027 Code execution via NoWaiverWrapper |
|
6028 - rebased patches |
|
6029 |
|
6030 ------------------------------------------------------------------- |
|
6031 Thu Oct 20 12:34:47 UTC 2011 - wr@rosenauer.org |
|
6032 |
|
6033 - enable telemetry prompt |
|
6034 |
|
6035 ------------------------------------------------------------------- |
|
6036 Fri Sep 30 10:52:36 UTC 2011 - wr@rosenauer.org |
|
6037 |
|
6038 - update to minor release 7.0.1 |
|
6039 * fixed staged addon updates |
|
6040 - set intl.locale.matchOS=true in the base package as it causes |
|
6041 too much confusion when it's only available with branding-openSUSE |
|
6042 |
|
6043 ------------------------------------------------------------------- |
|
6044 Fri Sep 23 11:22:22 UTC 2011 - wr@rosenauer.org |
|
6045 |
|
6046 - update to Firefox 7 (bnc#720264) |
|
6047 including |
|
6048 * Improve Responsiveness with Memory Reductions |
|
6049 * Instant Sync |
|
6050 * WebSocket protocol 8 |
|
6051 * MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997 |
|
6052 Miscellaneous memory safety hazards |
|
6053 * MFSA 2011-39/CVE-2011-3000 (bmo#655389) |
|
6054 Defense against multiple Location headers due to CRLF Injection |
|
6055 * MFSA 2011-40/CVE-2011-2372/CVE-2011-3001 |
|
6056 Code installation through holding down Enter |
|
6057 * MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335) |
|
6058 Potentially exploitable WebGL crashes |
|
6059 * MFSA 2011-42/CVE-2011-3232 (bmo#653672) |
|
6060 Potentially exploitable crash in the YARR regular expression |
|
6061 library |
|
6062 * MFSA 2011-43/CVE-2011-3004 (bmo#653926) |
|
6063 loadSubScript unwraps XPCNativeWrapper scope parameter |
|
6064 * MFSA 2011-44/CVE-2011-3005 (bmo#675747) |
|
6065 Use after free reading OGG headers |
|
6066 * MFSA 2011-45 |
|
6067 Inferring keystrokes from motion data |
|
6068 - removed obsolete mozilla-cairo-lcd.patch |
|
6069 - rebased patches |
|
6070 - removed XLIB_SKIP_ARGB_VISUALS=1 from environment in |
|
6071 mozilla.sh.in (bnc#680758) |
|
6072 |
|
6073 ------------------------------------------------------------------- |
|
6074 Fri Sep 16 06:57:38 UTC 2011 - wr@rosenauer.org |
|
6075 |
|
6076 - fixed loading of kde.js under KDE (bnc#718311) |
|
6077 |
|
6078 ------------------------------------------------------------------- |
|
6079 Wed Sep 14 07:02:04 UTC 2011 - wr@rosenauer.org |
|
6080 |
|
6081 - add dbus-1-glib-devel to BuildRequires (not pulled in |
|
6082 automatically anymore on 12.1) |
|
6083 - increase minversions for NSPR and NSS |
|
6084 |
|
6085 ------------------------------------------------------------------- |
|
6086 Fri Sep 9 20:44:15 UTC 2011 - wr@rosenauer.org |
|
6087 |
|
6088 - recreated source archive to get correct source-stamp.txt |
|
6089 |
|
6090 ------------------------------------------------------------------- |
|
6091 Wed Sep 7 14:30:34 UTC 2011 - pcerny@suse.com |
|
6092 |
|
6093 - security update to 6.0.2 (bnc#714931) |
|
6094 * Complete blocking of certificates issued by DigiNotar |
|
6095 (bmo#683449) |
|
6096 |
|
6097 ------------------------------------------------------------------- |
|
6098 Fri Sep 2 14:40:07 UTC 2011 - pcerny@suse.com |
|
6099 |
|
6100 - security update to 6.0.1 (bnc#714931) |
|
6101 * MFSA 2011-34 |
|
6102 Protection against fraudulent DigiNotar certificates |
|
6103 (bmo#682927) |
|
6104 |
|
6105 ------------------------------------------------------------------- |
|
6106 Fri Aug 12 21:16:19 UTC 2011 - wr@rosenauer.org |
|
6107 |
|
6108 - update to 6.0 (bnc#712224) |
|
6109 included security fixes MFSA 2011-29 |
|
6110 * CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985 |
|
6111 Miscellaneous memory safety hazards |
|
6112 * CVE-2011-2993 (bmo#657267) |
|
6113 Unsigned scripts can call script inside signed JAR |
|
6114 * CVE-2011-2988 (bmo#665934) |
|
6115 Heap overflow in ANGLE library |
|
6116 * CVE-2011-0084 (bmo#648094) |
|
6117 Crash in SVGTextElement.getCharNumAtPosition() |
|
6118 * CVE-2011-2990 |
|
6119 Credential leakage using Content Security Policy reports |
|
6120 * CVE-2011-2986 (bmo#655836) |
|
6121 Cross-origin data theft using canvas and Windows D2D |
|
6122 - removed obsolete curl header dependency (mozilla-curl.patch) |
|
6123 |
|
6124 ------------------------------------------------------------------- |
|
6125 Fri Jul 22 13:34:12 UTC 2011 - wr@rosenauer.org |
|
6126 |
|
6127 - update to 6.0b3 |
|
6128 * removed obsolete patches |
|
6129 - firefox-shellservice.patch |
|
6130 - mozilla-gio.patch |
|
6131 - mozilla-ppc-ipc.patch |
|
6132 - firefox-linkorder.patch |
|
6133 - firefox-no-sync-l10n.patch |
|
6134 - recognize linux3 as platform for symbolstore.py |
|
6135 |
|
6136 ------------------------------------------------------------------- |
|
6137 Fri Jul 1 19:53:18 CEST 2011 - vuntz@opensuse.org |
|
6138 |
|
6139 - Add x-scheme-handler/ftp to the MimeType key in the .desktop, to |
|
6140 let desktops know that Firefox can deal with ftp: URIs. |
|
6141 |
|
6142 ------------------------------------------------------------------- |
|
6143 Fri Jul 1 06:45:08 UTC 2011 - wr@rosenauer.org |
|
6144 |
|
6145 - create upstream branding package again (supposedly empty) |
|
6146 (bnc#703401) |
|
6147 - fix build on SLE11 (changes do not affect/are not applied for |
|
6148 later versions) |
|
6149 |
|
6150 ------------------------------------------------------------------- |
|
6151 Wed Jun 22 06:41:17 UTC 2011 - wr@rosenauer.org |
|
6152 |
|
6153 - enable startup notification (bnc#701465) |
|
6154 |
|
6155 ------------------------------------------------------------------- |
|
6156 Mon Jun 20 19:37:01 UTC 2011 - wr@rosenauer.org |
|
6157 |
|
6158 - update to 5.0 final |
|
6159 - included fixes for security issues: (bnc#701296, bnc#700578) |
|
6160 * MFSA 2011-19/CVE-2011-2374 CVE-2011-2375 |
|
6161 Miscellaneous memory safety hazards |
|
6162 * MFSA 2011-20/CVE-2011-2373 (bmo#617247) |
|
6163 Use-after-free vulnerability when viewing XUL document with |
|
6164 script disabled |
|
6165 * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303) |
|
6166 Memory corruption due to multipart/x-mixed-replace images |
|
6167 * MFSA 2011-22/CVE-2011-2371 (bmo#664009) |
|
6168 Integer overflow and arbitrary code execution in |
|
6169 Array.reduceRight() |
|
6170 * MFSA 2011-25/CVE-2011-2366 |
|
6171 Stealing of cross-domain images using WebGL textures |
|
6172 * MFSA 2011-26/CVE-2011-2367 CVE-2011-2368 |
|
6173 Multiple WebGL crashes |
|
6174 * MFSA 2011-27/CVE-2011-2369 (bmo#650001) |
|
6175 XSS encoding hazard with inline SVG |
|
6176 * MFSA 2011-28/CVE-2011-2370 (bmo#645699) |
|
6177 Non-whitelisted site can trigger xpinstall |
|
6178 |
|
6179 ------------------------------------------------------------------- |
|
6180 Mon Jun 20 09:17:42 UTC 2011 - wr@rosenauer.org |
|
6181 |
|
6182 - update to 5.0b7 |
|
6183 * updated supported locales |
|
6184 - do not build dump_syms static (not needed for us) |
|
6185 -> fix build for openSUSE 12.1 and above |
|
6186 |
|
6187 ------------------------------------------------------------------- |
|
6188 Wed Jun 15 14:59:32 UTC 2011 - wr@rosenauer.org |
|
6189 |
|
6190 - update to 5.0b6 |
|
6191 - include proper revision information into the build |
|
6192 - speedier find-external-requires.sh |
|
6193 |
|
6194 ------------------------------------------------------------------- |
|
6195 Tue May 31 06:53:55 UTC 2011 - wr@rosenauer.org |
|
6196 |
|
6197 - update to 5.0b3 |
|
6198 - transformed to standalone Firefox (not xulrunner based) |
|
6199 (with new Firefox rapid release cycle it makes no sense anymore) |
|
6200 * imported all relevant xulrunner patches |
|
6201 - do not compile in build timestamp |
|
6202 |
|
6203 ------------------------------------------------------------------- |
|
6204 Fri Apr 15 07:08:53 UTC 2011 - wr@rosenauer.org |
|
6205 |
|
6206 - security update to 4.0.1 (bnc#689281) |
|
6207 * MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0079 |
|
6208 CVE-2011-0080 CVE-2011-0081 |
|
6209 Miscellaneous memory safety hazards |
|
6210 * MFSA 2011-17/CVE-2011-0068 (bmo#623791) |
|
6211 WebGLES vulnerabilities |
|
6212 * MFSA 2011-18/CVE-2011-1202 (bmo#640339) |
|
6213 XSLT generate-id() function heap address leak |
|
6214 |
|
6215 ------------------------------------------------------------------- |
|
6216 Wed Mar 30 11:24:36 UTC 2011 - wr@rosenauer.org |
|
6217 |
|
6218 - add all available icon sizes |
|
6219 |
|
6220 ------------------------------------------------------------------- |
|
6221 Tue Mar 29 11:55:53 UTC 2011 - cfarrell@novell.com |
|
6222 |
|
6223 - license update: MPLv1.1 or GPLv2+ or LGPLv2+ |
|
6224 Sync licenses with Fedora. MPL does not state ^or later^ |
|
6225 |
|
6226 ------------------------------------------------------------------- |
|
6227 Fri Mar 18 08:49:15 UTC 2011 - wr@rosenauer.org |
|
6228 |
|
6229 - update to version 4.0rc2 |
|
6230 - fixed rpm macros delivered with devel package (bnc#679950) |
|
6231 |
|
6232 ------------------------------------------------------------------- |
|
6233 Wed Feb 23 07:52:04 UTC 2011 - wr@rosenauer.org |
|
6234 |
|
6235 - update to version 4.0b12 |
|
6236 - rebased patches |
|
6237 |
|
6238 ------------------------------------------------------------------- |
|
6239 Fri Feb 4 09:32:50 UTC 2011 - wr@rosenauer.org |
|
6240 |
|
6241 - update to version 4.0b11 |
|
6242 * loads of bugfixes compared to last beta |
|
6243 * added "Do Not Track" option |
|
6244 - rebased patches |
|
6245 - disable testpilot |
|
6246 |
|
6247 ------------------------------------------------------------------- |
|
6248 Fri Jan 28 08:56:12 UTC 2011 - wr@rosenauer.org |
|
6249 |
|
6250 - set correct desktop file name within KDE for 11.4 and up |
|
6251 - add devel package with macros for extensions (from lnussel@suse.de) |
|
6252 |
|
6253 ------------------------------------------------------------------- |
|
6254 Sat Jan 22 22:21:52 UTC 2011 - wr@rosenauer.org |
|
6255 |
|
6256 - update to version 4.0b10 |
|
6257 - removed obsolete firefox-shell-bmo624267.patch |
|
6258 - testpilot moved to distribution/extensions |
|
6259 - updated locale provides and removed bn-IN from locales |
|
6260 |
|
6261 ------------------------------------------------------------------- |
|
6262 Tue Jan 11 06:13:40 UTC 2011 - wr@rosenauer.org |
|
6263 |
|
6264 - update to version 4.0b9 |
|
6265 - added x-scheme-handler for http and https to desktop file for |
|
6266 newer Gnome environments |
|
6267 - fixed default browser check/set for GIO (bmo#611953) |
|
6268 (mozilla-shellservice.patch) |
|
6269 - removed obsolete firefox-appname.patch (integrated into |
|
6270 shellservice patch) |
|
6271 - renamed desktop file to firefox.desktop for 11.4 and newer |
|
6272 (bnc#664211) |
|
6273 - removed support for 10.3 and older from the spec file |
|
6274 - removed obsolete "Ximian" categories from desktop file |
|
6275 |
|
6276 ------------------------------------------------------------------- |
|
6277 Mon Jan 3 17:35:46 CET 2011 - meissner@suse.de |
|
6278 |
|
6279 - Mirror ac_add_options --disable-ipc from xulrunner for PowerPC. |
|
6280 |
|
6281 ------------------------------------------------------------------- |
|
6282 Wed Dec 15 07:49:45 UTC 2010 - wr@rosenauer.org |
|
6283 |
|
6284 - update to version 4.0beta8 |
|
6285 |
|
6286 ------------------------------------------------------------------- |
|
6287 Tue Nov 30 14:19:59 UTC 2010 - wr@rosenauer.org |
|
6288 |
|
6289 - major update to version 4.0beta7 |
|
6290 * based on mozilla-xulrunner20 |
|
6291 * far too many internal changes to list |
|
6292 |
|
6293 ------------------------------------------------------------------- |
|
6294 Wed Oct 27 07:12:14 CEST 2010 - wr@rosenauer.org |
|
6295 |
|
6296 - security update to 3.6.12 (bnc#649492) |
|
6297 * MFSA 2010-73/CVE-2010-3765 (bmo#607222) |
|
6298 Heap buffer overflow mixing document.write and DOM insertion |
|
6299 |
|
6300 ------------------------------------------------------------------- |
|
6301 Wed Oct 6 07:13:52 CEST 2010 - wr@rosenauer.org |
|
6302 |
|
6303 - security update to 3.6.11 (bnc#645315) |
|
6304 * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176 |
|
6305 Miscellaneous memory safety hazards |
|
6306 * MFSA 2010-65/CVE-2010-3179 (bmo#583077) |
|
6307 Buffer overflow and memory corruption using document.write |
|
6308 * MFSA 2010-66/CVE-2010-3180 (bmo#588929) |
|
6309 Use-after-free error in nsBarProp |
|
6310 * MFSA 2010-67/CVE-2010-3183 (bmo#598669) |
|
6311 Dangling pointer vulnerability in LookupGetterOrSetter |
|
6312 * MFSA 2010-68/CVE-2010-3177 (bmo#556734) |
|
6313 XSS in gopher parser when parsing hrefs |
|
6314 * MFSA 2010-69/CVE-2010-3178 (bmo#576616) |
|
6315 Cross-site information disclosure via modal calls |
|
6316 * MFSA 2010-70/CVE-2010-3170 (bmo#578697) |
|
6317 SSL wildcard certificate matching IP addresses |
|
6318 * MFSA 2010-71/CVE-2010-3182 (bmo#590753) |
|
6319 Unsafe library loading vulnerabilities |
|
6320 * MFSA 2010-72/CVE-2010-3173 |
|
6321 Insecure Diffie-Hellman key exchange |
|
6322 |
|
6323 ------------------------------------------------------------------- |
|
6324 Wed Sep 15 07:39:22 CEST 2010 - wr@rosenauer.org |
|
6325 |
|
6326 - update to 3.6.10 |
|
6327 * fixing startup topcrash (bmo#594699) |
|
6328 |
|
6329 ------------------------------------------------------------------- |
|
6330 Thu Aug 26 07:40:28 CEST 2010 - wr@rosenauer.org |
|
6331 |
|
6332 - security update to 3.6.9 (bnc#637303) |
|
6333 * MFSA 2010-49/CVE-2010-3169 |
|
6334 Miscellaneous memory safety hazards |
|
6335 * MFSA 2010-50/CVE-2010-2765 (bmo#576447) |
|
6336 Frameset integer overflow vulnerability |
|
6337 * MFSA 2010-51/CVE-2010-2767 (bmo#584512) |
|
6338 Dangling pointer vulnerability using DOM plugin array |
|
6339 * MFSA 2010-53/CVE-2010-3166 (bmo#579655) |
|
6340 Heap buffer overflow in nsTextFrameUtils::TransformText |
|
6341 * MFSA 2010-54/CVE-2010-2760 (bmo#585815) |
|
6342 Dangling pointer vulnerability in nsTreeSelection |
|
6343 * MFSA 2010-55/CVE-2010-3168 (bmo#576075) |
|
6344 XUL tree removal crash and remote code execution |
|
6345 * MFSA 2010-56/CVE-2010-3167 (bmo#576070) |
|
6346 Dangling pointer vulnerability in nsTreeContentView |
|
6347 * MFSA 2010-57/CVE-2010-2766 (bmo#580445) |
|
6348 Crash and remote code execution in normalizeDocument |
|
6349 * MFSA 2010-59/CVE-2010-2762 (bmo#584180) |
|
6350 SJOW creates scope chains ending in outer object |
|
6351 * MFSA 2010-61/CVE-2010-2768 (bmo#579744) |
|
6352 UTF-7 XSS by overriding document charset using <object> type |
|
6353 attribute |
|
6354 * MFSA 2010-62/CVE-2010-2769 (bmo#520189) |
|
6355 Copy-and-paste or drag-and-drop into designMode document allows |
|
6356 XSS |
|
6357 * MFSA 2010-63/CVE-2010-2764 (bmo#552090) |
|
6358 Information leak via XMLHttpRequest statusText |
|
6359 |
|
6360 ------------------------------------------------------------------- |
|
6361 Wed Jul 28 08:33:14 CEST 2010 - meissner@suse.de |
|
6362 |
|
6363 - disable crash reporter for non x86/x86_64 to make it build. |
|
6364 |
|
6365 ------------------------------------------------------------------- |
|
6366 Sat Jul 24 12:42:58 CEST 2010 - wr@rosenauer.org |
|
6367 |
|
6368 - security update to 3.6.8 (bnc#622506) |
|
6369 * MFSA 2010-48/CVE-2010-2755 (bmo#575836) |
|
6370 Dangling pointer crash regression from plugin parameter array |
|
6371 fix |
|
6372 |
|
6373 ------------------------------------------------------------------- |
|
6374 Fri Jul 16 06:48:44 CEST 2010 - wr@rosenauer.org |
|
6375 |
|
6376 - security update to 3.6.7 (bnc#622506) |
|
6377 * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212 |
|
6378 Miscellaneous memory safety hazards |
|
6379 * MFSA 2010-35/CVE-2010-1208 (bmo#572986) |
|
6380 DOM attribute cloning remote code execution vulnerability |
|
6381 * MFSA 2010-36/CVE-2010-1209 (bmo#552110) |
|
6382 Use-after-free error in NodeIterator |
|
6383 * MFSA 2010-37/CVE-2010-1214 (bmo#572985) |
|
6384 Plugin parameter EnsureCachedAttrParamArrays remote code |
|
6385 execution vulnerability |
|
6386 * MFSA 2010-38/CVE-2010-1215 (bmo#567069) |
|
6387 Arbitrary code execution using SJOW and fast native function |
|
6388 * MFSA 2010-39/CVE-2010-2752 (bmo#574059) |
|
6389 nsCSSValue::Array index integer overflow |
|
6390 * MFSA 2010-40/CVE-2010-2753 (bmo#571106) |
|
6391 nsTreeSelection dangling pointer remote code execution |
|
6392 vulnerability |
|
6393 * MFSA 2010-41/CVE-2010-1205 (bmo#570451) |
|
6394 Remote code execution using malformed PNG image |
|
6395 * MFSA 2010-42/CVE-2010-1213 (bmo#568148) |
|
6396 Cross-origin data disclosure via Web Workers and importScripts |
|
6397 * MFSA 2010-43/CVE-2010-1207 (bmo#571287) |
|
6398 Same-origin bypass using canvas context |
|
6399 * MFSA 2010-44/CVE-2010-1210 (bmo#564679) |
|
6400 Characters mapped to U+FFFD in 8 bit encodings cause subsequent |
|
6401 character to vanish |
|
6402 * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957) |
|
6403 Multiple location bar spoofing vulnerabilities |
|
6404 * MFSA 2010-46/CVE-2010-0654 (bmo#524223) |
|
6405 Cross-domain data theft using CSS |
|
6406 * MFSA 2010-47/CVE-2010-2754 (bmo#568564) |
|
6407 Cross-origin data leakage from script filename in error messages |
|
6408 |
|
6409 ------------------------------------------------------------------- |
|
6410 Sun Jun 27 20:24:31 CEST 2010 - wr@rosenauer.org |
|
6411 |
|
6412 - update to 3.6.6 release |
|
6413 * modifies the crash protection feature to increase the amount |
|
6414 of time that plugins are allowed to be non-responsive before |
|
6415 being terminated. |
|
6416 |
|
6417 ------------------------------------------------------------------- |
|
6418 Wed Jun 23 14:40:35 CEST 2010 - wr@rosenauer.org |
|
6419 |
|
6420 - update to final 3.6.4 release (bnc#603356) |
|
6421 * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/ |
|
6422 CVE-2010-1203 |
|
6423 Crashes with evidence of memory corruption (rv:1.9.2.4) |
|
6424 * MFSA 2010-28/CVE-2010-1198 (bmo#532246) |
|
6425 Freed object reuse across plugin instances |
|
6426 * MFSA 2010-29/CVE-2010-1196 (bmo#534666) |
|
6427 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal |
|
6428 * MFSA 2010-30/CVE-2010-1199 (bmo#554255) |
|
6429 Integer Overflow in XSLT Node Sorting |
|
6430 * MFSA 2010-31/CVE-2010-1125 (bmo#552255) |
|
6431 focus() behavior can be used to inject or steal keystrokes |
|
6432 * MFSA 2010-32/CVE-2010-1197 (bmo#537120) |
|
6433 Content-Disposition: attachment ignored if |
|
6434 Content-Type: multipart also present |
|
6435 * MFSA 2010-33/CVE-2008-5913 (bmo#475585) |
|
6436 User tracking across sites using Math.random() |
|
6437 |
|
6438 ------------------------------------------------------------------- |
|
6439 Mon Jun 7 07:07:33 CEST 2010 - wr@rosenauer.org |
|
6440 |
|
6441 - update to 3.6.4(build6) |
|
6442 |
|
6443 ------------------------------------------------------------------- |
|
6444 Sun Apr 18 09:42:40 CEST 2010 - wr@rosenauer.org |
|
6445 |
|
6446 - security update to 3.6.4 (Lorentz) |
|
6447 * enable crashreporter also for x86-64 |
|
6448 * Flash runs in a separate process to avoid crashing Firefox |
|
6449 (ix86 only; x86-64 still uses nspluginwrapper) |
|
6450 |
|
6451 ------------------------------------------------------------------- |
|
6452 Thu Apr 1 11:15:38 UTC 2010 - wr@rosenauer.org |
|
6453 |
|
6454 - security update to 3.6.3 |
|
6455 * MFSA 2010-25/CVE-2010-1121 (bmo#555109) |
|
6456 Re-use of freed object due to scope confusion |
|
6457 |
|
6458 ------------------------------------------------------------------- |
|
6459 Thu Mar 18 06:43:33 CET 2010 - wr@rosenauer.org |
|
6460 |
|
6461 - security update to version 3.6.2 (bnc#586567) |
|
6462 * MFSA 2010-08/CVE-2010-1028 |
|
6463 WOFF heap corruption due to integer overflow |
|
6464 * MFSA 2010-09/CVE-2010-0164 (bmo#547143) |
|
6465 Deleted frame reuse in multipart/x-mixed-replace image |
|
6466 * MFSA 2010-10/CVE-2010-0170 (bmo#541530) |
|
6467 XSS via plugins and unprotected Location object |
|
6468 * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167 |
|
6469 Crashes with evidence of memory corruption |
|
6470 * MFSA 2010-12/CVE-2010-0171 (bmo#531364) |
|
6471 XSS using addEventListener and setTimeout on a wrapped object |
|
6472 * MFSA 2010-13/CVE-2010-0168 (bmo#540642) |
|
6473 Content policy bypass with image preloading |
|
6474 * MFSA 2010-14/CVE-2010-0169 (bmo#535806) |
|
6475 Browser chrome defacement via cached XUL stylesheets |
|
6476 * MFSA 2010-15/CVE-2010-0172 (bmo#537862) |
|
6477 Asynchronous Auth Prompt attaches to wrong window |
|
6478 * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174 |
|
6479 Crashes with evidence of memory corruption |
|
6480 * MFSA 2010-18/CVE-2010-0176 (bmo#538308) |
|
6481 Dangling pointer vulnerability in nsTreeContentView |
|
6482 * MFSA 2010-19/CVE-2010-0177 (bmo#538310) |
|
6483 Dangling pointer vulnerability in nsPluginArray |
|
6484 * MFSA 2010-20/CVE-2010-0178 (bmo#546909) |
|
6485 Chrome privilege escalation via forced URL drag and drop |
|
6486 * MFSA 2010-22/CVE-2009-3555 (bmo#545755) |
|
6487 Update NSS to support TLS renegotiation indication |
|
6488 * MFSA 2010-23/CVE-2010-0181 (bmo#452093) |
|
6489 Image src redirect to mailto: URL opens email editor |
|
6490 * MFSA 2010-24/CVE-2010-0182 (bmo#490790) |
|
6491 XMLDocument::load() doesn't check nsIContentPolicy |
|
6492 |
|
6493 ------------------------------------------------------------------- |
|
6494 Mon Jan 18 09:42:50 CET 2010 - wr@rosenauer.org |
|
6495 |
|
6496 - update to 3.6rc2 (already named 3.6.0) |
|
6497 - removed obsolete orbit-devel build requirement |
|
6498 |
|
6499 ------------------------------------------------------------------- |
|
6500 Wed Jan 6 17:15:40 CET 2010 - wr@rosenauer.org |
|
6501 |
|
6502 - major update to 3.6rc1 |
|
6503 |
|
6504 ------------------------------------------------------------------- |
|
6505 Fri Dec 25 09:39:42 CET 2009 - wr@rosenauer.org |
|
6506 |
|
6507 - update to version 3.5.7 (bnc#568011) |
|
6508 * DNS resolution in MakeSN of nsAuthSSPI causing issues for |
|
6509 proxy servers that support NTLM auth (bmo#535193) |
|
6510 - added missing lockdown preferences (bnc#567131) |
|
6511 |
|
6512 ------------------------------------------------------------------- |
|
6513 Thu Dec 17 20:06:38 CET 2009 - wr@rosenauer.org |
|
6514 |
|
6515 - readded firefox-ui-lockdown.patch (bnc#546158) |
|
6516 |
|
6517 ------------------------------------------------------------------- |
|
6518 Thu Dec 3 21:53:59 CET 2009 - wr@rosenauer.org |
|
6519 |
|
6520 - security update to version 3.5.6 (bnc#559807) |
|
6521 * MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982 |
|
6522 Crashes with evidence of memory corruption (rv:1.9.1.6) |
|
6523 * MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816) |
|
6524 Memory safety fixes in liboggplay media library |
|
6525 * MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613) |
|
6526 Integer overflow, crash in libtheora video library |
|
6527 * MFSA 2009-68/CVE-2009-3983 (bmo#487872) |
|
6528 NTLM reflection vulnerability |
|
6529 * MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) |
|
6530 Location bar spoofing vulnerabilities |
|
6531 * MFSA 2009-70/VE-2009-3986 (bmo#522430) |
|
6532 Privilege escalation via chrome window.opener |
|
6533 - fixed firefox-browser-css.patch (bnc#561027) |
|
6534 |
|
6535 ------------------------------------------------------------------- |
|
6536 Mon Nov 23 22:31:21 CET 2009 - wr@rosenauer.org |
|
6537 |
|
6538 - rebased patches for fuzz=0 |
|
6539 |
|
6540 ------------------------------------------------------------------- |
|
6541 Thu Nov 5 19:49:33 UTC 2009 - wr@rosenauer.org |
|
6542 |
|
6543 - update to version 3.5.5 (bnc#553172) |
|
6544 |
|
6545 ------------------------------------------------------------------- |
|
6546 Sat Oct 17 23:19:23 CEST 2009 - wr@rosenauer.org |
|
6547 |
|
6548 - security update to version 3.5.4 (bnc#545277) |
|
6549 * MFSA 2009-52/CVE-2009-3370 (bmo#511615) |
|
6550 Form history vulnerable to stealing |
|
6551 * MFSA 2009-53/CVE-2009-3274 (bmo#514823) |
|
6552 Local downloaded file tampering |
|
6553 * MFSA 2009-54/CVE-2009-3371 (bmo#514554) |
|
6554 Crash with recursive web-worker calls |
|
6555 * MFSA 2009-55/CVE-2009-3372 (bmo#500644) |
|
6556 Crash in proxy auto-configuration regexp parsing |
|
6557 * MFSA 2009-56/CVE-2009-3373 (bmo#511689) |
|
6558 Heap buffer overflow in GIF color map parser |
|
6559 * MFSA 2009-57/CVE-2009-3374 (bmo#505988) |
|
6560 Chrome privilege escalation in XPCVariant::VariantDataToJS() |
|
6561 * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862) |
|
6562 Heap buffer overflow in string to number conversion |
|
6563 * MFSA 2009-61/CVE-2009-3375 (bmo#503226) |
|
6564 Cross-origin data theft through document.getSelection() |
|
6565 * MFSA 2009-62/CVE-2009-3376 (bmo#511521) |
|
6566 Download filename spoofing with RTL override |
|
6567 * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378 |
|
6568 Upgrade media libraries to fix memory safety bugs |
|
6569 * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383 |
|
6570 Crashes with evidence of memory corruption |
|
6571 - removed upstreamed patch |
|
6572 * firefox-bug506901.patch |
|
6573 |
|
6574 ------------------------------------------------------------------- |
|
6575 Wed Oct 7 20:11:24 CEST 2009 - llunak@novell.com |
|
6576 |
|
6577 - fix KDE button order in one more place (bnc#170055) |
|
6578 |
|
6579 ------------------------------------------------------------------- |
|
6580 Fri Oct 2 20:26:49 CEST 2009 - wr@rosenauer.org |
|
6581 |
|
6582 - improve UI colors to be usable with dark themes at all |
|
6583 (firefox-browser-css.patch) (bnc#503351) |
|
6584 - extend list of supported architectures as ABI identifier |
|
6585 (mozilla-abi.patch) (bnc#543460) |
|
6586 |
|
6587 ------------------------------------------------------------------- |
|
6588 Mon Sep 14 00:07:55 CEST 2009 - wr@rosenauer.org |
|
6589 |
|
6590 - added KDE integration patch from llunak@novell.com |
|
6591 (firefox-kde.patch) |
|
6592 * support for knotify, making -kde4-addon obsolete |
|
6593 * KDE-specific support functional (bnc#170055) |
|
6594 - do not build libnkgnomevfs (bmo#512671) (firefox-no-gnomevfs) |
|
6595 |
|
6596 ------------------------------------------------------------------- |
|
6597 Thu Sep 10 09:34:26 CEST 2009 - wr@rosenauer.org |
|
6598 |
|
6599 - security update to version 3.5.3 (bnc#534458) |
|
6600 * MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/ |
|
6601 CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075 |
|
6602 Crashes with evidence of memory corruption |
|
6603 * MFSA 2009-49/CVE-2009-3077 (bmo#506871) |
|
6604 TreeColumns dangling pointer vulnerability |
|
6605 * MFSA 2009-50/CVE-2009-3078 (bmo#453827) |
|
6606 Location bar spoofing via tall line-height Unicode characters |
|
6607 * MFSA 2009-51/CVE-2009-3079 (bmo#454363) |
|
6608 Chrome privilege escalation with FeedWriter |
|
6609 |
|
6610 ------------------------------------------------------------------- |
|
6611 Wed Aug 19 22:14:07 CEST 2009 - wr@rosenauer.org |
|
6612 |
|
6613 - renamed patch firefox-contextmenu-gnome to firefox-cross-desktop |
|
6614 as it contains more tweaks to handle non-Gnome environments and |
|
6615 especially KDE integration: |
|
6616 * added the ability to set the KDE default browser |
|
6617 (still part of bnc#170055) |
|
6618 |
|
6619 ------------------------------------------------------------------- |
|
6620 Sat Aug 8 00:14:18 CEST 2009 - wr@rosenauer.org |
|
6621 |
|
6622 - split -translations package into -common and -other |
|
6623 (bnc#529180) |
|
6624 - remove "set as background" from context menu if not running in |
|
6625 Gnome (part of bnc#170055) |
|
6626 |
|
6627 ------------------------------------------------------------------- |
|
6628 Fri Jul 31 09:01:57 CEST 2009 - wr@rosenauer.org |
|
6629 |
|
6630 - security update to version 3.5.2 |
|
6631 * MFSA 2009-38/CVE-2009-2470 (bmo#459524) |
|
6632 Data corruption with SOCKS5 reply containing DNS name longer |
|
6633 than 15 characters |
|
6634 * MFSA 2009-44/CVE-2009-2654 (bmo#451898) |
|
6635 Location bar and SSL indicator spoofing via window.open() on |
|
6636 invalid URL |
|
6637 * MFSA 2009-45 |
|
6638 Crashes with evidence of memory corruption |
|
6639 * MFSA 2009-46 (bmo#498897) |
|
6640 Chrome privilege escalation due to incorrectly cached wrapper |
|
6641 * various other stability fixes |
|
6642 - export MOZ_APP_LAUNCHER in the startscript (bmo#453689) |
|
6643 |
|
6644 ------------------------------------------------------------------- |
|
6645 Tue Jul 28 14:54:46 CEST 2009 - wr@rosenauer.org |
|
6646 |
|
6647 - fixed %exclude usage |
|
6648 - fixed preferences' advanced pane for fresh profiles (bmo#506901) |
|
6649 |
|
6650 ------------------------------------------------------------------- |
|
6651 Wed Jul 15 20:13:19 CEST 2009 - wr@rosenauer.org |
|
6652 |
|
6653 - security update to version 3.5.1 |
|
6654 * MFSA 2009-41 |
|
6655 Corrupt JIT state after deep return from native function |
|
6656 |
|
6657 ------------------------------------------------------------------- |
|
6658 Mon Jul 6 12:33:47 CEST 2009 - wr@rosenauer.org |
|
6659 |
|
6660 - added mozilla-linkorder.patch to fix build with --as-needed |
|
6661 |
|
6662 ------------------------------------------------------------------- |
|
6663 Tue Jun 30 08:52:00 CEST 2009 - wr@rosenauer.org |
|
6664 |
|
6665 - update to final version 3.5 (20090623) |
|
6666 |
|
6667 ------------------------------------------------------------------- |
|
6668 Tue Jun 23 09:39:50 CEST 2009 - wr@rosenauer.org |
|
6669 |
|
6670 - fixed build by linking to a real file |
|
6671 |
|
6672 ------------------------------------------------------------------- |
|
6673 Thu Jun 18 10:19:40 CEST 2009 - wr@rosenauer.org |
|
6674 |
|
6675 - update to version 3.5rc2 (20090617) |
|
6676 - BuildRequire mozilla-xulrunner191 = 1.9.1.0 |
|
6677 |
|
6678 ------------------------------------------------------------------- |
|
6679 Sat Jun 6 15:59:02 CEST 2009 - wr@rosenauer.org |
|
6680 |
|
6681 - update to version 3.5b99 (20090604) |
|
6682 - BuildRequire mozilla-xulrunner191 = 1.9.1b99 |
|
6683 |
|
6684 ------------------------------------------------------------------- |
|
6685 Wed May 27 08:03:16 CEST 2009 - wr@rosenauer.org |
|
6686 |
|
6687 - fixed typos in improved xulrunner dependencies |
|
6688 |
|
6689 ------------------------------------------------------------------- |
|
6690 Mon May 11 18:25:12 CEST 2009 - wr@rosenauer.org |
|
6691 |
|
6692 - use non-localized Downloads folder (bnc#501724) |
|
6693 |
|
6694 ------------------------------------------------------------------- |
|
6695 Mon May 4 07:57:50 CEST 2009 - wr@rosenauer.org |
|
6696 |
|
6697 - update to new major version 3.5b4 |
|
6698 * based on Gecko 1.9.1 (mozilla-xulrunner191) |
|
6699 * Private Browsing Mode |
|
6700 * TraceMonkey JavaScript engine |
|
6701 * Geolocation support |
|
6702 * native JSON and web worker threads support |
|
6703 * speculative parsing for faster content rendering |
|
6704 * Some HTML5 support |
|
6705 - updated firefox.schemas |
|
6706 - improved firefox-no-update.patch |
|
6707 |
|
6708 ------------------------------------------------------------------- |
|
6709 Tue Apr 28 10:47:54 CEST 2009 - wr@rosenauer.org |
|
6710 |
|
6711 - security update to 3.0.10 |
|
6712 * MFSA 2009-23/CVE-2009-1313 (bmo#489647) |
|
6713 Crash in nsTextFrame::ClearTextRun() |
|
6714 |
|
6715 ------------------------------------------------------------------- |
|
6716 Thu Apr 16 13:52:21 CEST 2009 - wr@rosenauer.org |
|
6717 |
|
6718 - security update to 3.0.9 (bnc#495473) |
|
6719 * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305 |
|
6720 Crashes with evidence of memory corruption (rv:1.9.0.9) |
|
6721 * MFSA 2009-15/CVE-2009-0652 (bmo#479336) |
|
6722 URL spoofing with box drawing character |
|
6723 * MFSA 2009-16/CVE-2009-1306 (bmo#474536) |
|
6724 jar: scheme ignores the content-disposition: header on the |
|
6725 inner URI |
|
6726 * MFSA 2009-17/CVE-2009-1307 (bmo#481342) |
|
6727 Same-origin violations when Adobe Flash loaded via |
|
6728 view-source: scheme |
|
6729 * MFSA 2009-18/CVE-2009-1308 (bmo#481558) |
|
6730 XSS hazard using third-party stylesheets and XBL bindings |
|
6731 * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433) |
|
6732 Same-origin violations in XMLHttpRequest and |
|
6733 XPCNativeWrapper.toString |
|
6734 * MFSA 2009-20/CVE-2009-1310 (bmo#483086) |
|
6735 Malicious search plugins can inject code into arbitrary sites |
|
6736 * MFSA 2009-21/CVE-2009-1311 (bmo#471962) |
|
6737 POST data sent to wrong site when saving web page with |
|
6738 embedded frame |
|
6739 * MFSA 2009-22/CVE-2009-1312 (bmo#475636) |
|
6740 Firefox allows Refresh header to redirect to javascript: URIs |
|
6741 |
|
6742 ------------------------------------------------------------------- |
|
6743 Fri Mar 27 09:43:43 CET 2009 - wr@rosenauer.org |
|
6744 |
|
6745 - security update to 1.9.0.8 (bnc#488955,489411) |
|
6746 * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) |
|
6747 Crash and remote code execution in XSL transformation |
|
6748 * MFSA 2009-13/CVE-2009-1044 (bmo#484320) |
|
6749 Arbitrary code execution via XUL tree moveToEdgeShift |
|
6750 - allow RPM provides for stuff besides shared libraries |
|
6751 (e.g. mime-types) |
|
6752 |
|
6753 ------------------------------------------------------------------- |
|
6754 Sun Mar 1 11:08:58 CET 2009 - wr@rosenauer.org |
|
6755 |
|
6756 - security update to 3.0.7 (bnc#478625) |
|
6757 * MFSA 2009-07 - Crashes with evidence of memory corruption |
|
6758 CVE-2009-0771 - Layout Engine Crashes |
|
6759 CVE-2009-0772 - Layout Engine Crashes |
|
6760 CVE-2009-0773 - crashes in the JavaScript engine |
|
6761 CVE-2009-0774 - Layout Engine Crashes |
|
6762 * MFSA 2009-08/CVE-2009-0775 - (bmo#474456) |
|
6763 Mozilla Firefox XUL Linked Clones Double Free Vulnerability |
|
6764 * MFSA 2009-09/CVE-2009-0776 (bmo#414540) |
|
6765 XML data theft via RDFXMLDataSource and cross-domain redirect |
|
6766 * MFSA 2009-10/CVE-2009-0040 (bmo#478901) |
|
6767 Upgrade PNG library to fix memory safety hazards |
|
6768 * MFSA 2009-11/CVE-2009-0777 (bmo#452979) |
|
6769 URL spoofing with invisible control characters |
|
6770 |
|
6771 ------------------------------------------------------------------- |
|
6772 Wed Feb 4 18:58:59 EST 2009 - hfiguiere@suse.de |
|
6773 |
|
6774 - Review and approve changes. |
|
6775 |
|
6776 ------------------------------------------------------------------- |
|
6777 Wed Jan 28 13:48:00 CET 2009 - wr@rosenauer.org |
|
6778 |
|
6779 - security update to 3.0.6 (bnc#470074) |
|
6780 * MFSA 2009-06/CVE-2009-0358: Directives to not cache pages ignored |
|
6781 (bmo#441751) |
|
6782 * MFSA 2009-05/CVE-2009-0357: XMLHttpRequest allows reading |
|
6783 HTTPOnly cookies (bmo#380418) |
|
6784 * MFSA 2009-04/CVE-2009-0356: Chrome privilege escalation via |
|
6785 local .desktop files (bmo#460425) |
|
6786 * MFSA 2009-03/CVE-2009-0355: Local file stealing with SessionStore |
|
6787 (bmo#466937) |
|
6788 * MFSA 2009-02/CVE-2009-0354: XSS using a chrome XBL method |
|
6789 and window.eval (bmo#468581) |
|
6790 * MFSA 2009-01/CVE-2009-0352 - CVE-2009-0353: Crashes with |
|
6791 evidence of memory corruption (rv:1.9.0.6) (bmo#452913, |
|
6792 bmo#449006, bmo#331088, bmo#401042, bmo#416461, bmo#422283, |
|
6793 bmo#422301, bmo#431705, bmo#437142, bmo#421839, bmo#420697, |
|
6794 bmo#461027) |
|
6795 * (non security) added lv locale |
|
6796 |
|
6797 ------------------------------------------------------------------- |
|
6798 Thu Jan 22 11:09:42 EST 2009 - hfiguiere@suse.de |
|
6799 |
|
6800 - Fix the wrapper script for PowerPC 64-bits (bnc#464753) |
|
6801 |
|
6802 ------------------------------------------------------------------- |
|
6803 Wed Dec 17 13:13:25 EST 2008 - hfiguiere@suse.de |
|
6804 |
|
6805 - Review and approve changes. |
|
6806 |
|
6807 ------------------------------------------------------------------- |
|
6808 Mon Dec 15 16:41:57 CET 2008 - wr@rosenauer.org |
|
6809 |
|
6810 - security update to 1.9.0.5 (bnc#455804) |
|
6811 for details |
|
6812 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html |
|
6813 * removed aboutRights workaround again |
|
6814 * added et locale |
|
6815 |
|
6816 ------------------------------------------------------------------- |
|
6817 Tue Nov 25 10:14:45 EST 2008 - hfiguiere@suse.de |
|
6818 |
|
6819 - Review and approve changes. |
|
6820 |
|
6821 ------------------------------------------------------------------- |
|
6822 Sat Nov 22 13:26:03 CET 2008 - wr@rosenauer.org |
|
6823 |
|
6824 - replace license agreement with about:rights toolbar |
|
6825 (backported from upcoming FF 3.0.5) (bnc#436054, bmo#456439) |
|
6826 (it's always displayed in en-US) |
|
6827 |
|
6828 ------------------------------------------------------------------- |
|
6829 Fri Nov 21 03:11:41 EST 2008 - hfiguiere@suse.de |
|
6830 |
|
6831 - Update firefox-lockdown-ui.patch |
|
6832 * Print Setup is now properly locked down. bnc#431028 |
|
6833 * Bookmark editing it now properly locked down. bnc#439335 |
|
6834 * Bookmars are properly hidden. |
|
6835 * History is properly locked down. bnc#439343 |
|
6836 * Make sure the search bar is not put back when resetting the |
|
6837 toolbar. bnc#439358 |
|
6838 |
|
6839 ------------------------------------------------------------------- |
|
6840 Thu Nov 20 18:49:19 CST 2008 - maw@suse.de |
|
6841 |
|
6842 - Review and approve changes. |
|
6843 |
|
6844 ------------------------------------------------------------------- |
|
6845 Thu Nov 13 08:22:13 CET 2008 - wr@rosenauer.org |
|
6846 |
|
6847 - lockdown cleanup |
|
6848 * removed gecko-lockdown.patch from Firefox (it's in xulrunner) |
|
6849 * stripped out some toolkit stuff from firefox-ui-lockdown |
|
6850 * added extra default preferences for lockdown |
|
6851 |
|
6852 ------------------------------------------------------------------- |
|
6853 Wed Nov 12 17:55:19 CST 2008 - maw@suse.de |
|
6854 |
|
6855 - Review and approve changes. |
|
6856 |
|
6857 ------------------------------------------------------------------- |
|
6858 Tue Nov 11 09:15:59 CET 2008 - wr@rosenauer.org |
|
6859 |
|
6860 - update to security/maintenance release 3.0.4 (bnc#439841) |
|
6861 * support additional locales (bg, cy, eo, oc) |
|
6862 - removed obsolete configure option (enable-gconf) |
|
6863 |
|
6864 ------------------------------------------------------------------- |
|
6865 Fri Nov 7 15:39:54 CST 2008 - maw@suse.de |
|
6866 |
|
6867 - Review and approve changes. |
|
6868 |
|
6869 ------------------------------------------------------------------- |
|
6870 Tue Nov 4 23:27:03 CET 2008 - wr@rosenauer.org |
|
6871 |
|
6872 - moved gconf schema into branding packages (bnc#441646) |
|
6873 |
|
6874 ------------------------------------------------------------------- |
|
6875 Tue Oct 28 16:16:14 EDT 2008 - hfiguiere@suse.de |
|
6876 |
|
6877 - Fix missing %endif (for fix for bnc#434283) |
|
6878 |
|
6879 ------------------------------------------------------------------- |
|
6880 Mon Oct 27 17:05:02 EDT 2008 - hfiguiere@suse.de |
|
6881 |
|
6882 - Add disable_show_passwords to firefox.schemas. (FATE #301534) |
|
6883 |
|
6884 ------------------------------------------------------------------- |
|
6885 Mon Oct 27 11:57:29 CET 2008 - wr@rosenauer.org |
|
6886 |
|
6887 - make biarch dependencies work correctly (bnc#434283) |
|
6888 |
|
6889 ------------------------------------------------------------------- |
|
6890 Thu Oct 23 10:14:22 EDT 2008 - hfiguiere@suse.de |
|
6891 |
|
6892 - Added firefox-ui-lockdown.patch and gecko-lockdown.patch |
|
6893 * Lockdown: FATE#302023, FATE#302024 |
|
6894 |
|
6895 ------------------------------------------------------------------- |
|
6896 Mon Oct 6 14:55:48 CEST 2008 - sbrabec@suse.cz |
|
6897 |
|
6898 - Conflict with other branding providers (FATE#304881). |
|
6899 |
|
6900 ------------------------------------------------------------------- |
|
6901 Mon Sep 29 12:27:43 CDT 2008 - maw@suse.de |
|
6902 |
|
6903 - Review and approve changes. |
|
6904 |
|
6905 ------------------------------------------------------------------- |
|
6906 Mon Sep 29 11:36:30 CDT 2008 - maw@suse.de |
|
6907 |
|
6908 - Remove a reference to a stale patch. |
|
6909 |
|
6910 ------------------------------------------------------------------- |
|
6911 Sun Sep 28 18:19:26 CEST 2008 - wr@rosenauer.org |
|
6912 |
|
6913 - update to regression fix release 3.0.3 |
|
6914 * Fixed a problem where users were unable to retrieve saved |
|
6915 passwords or save new passwords (bmo#454708, bnc#429179#c20, |
|
6916 CVE-2008-4063, CVE-2008-4064, CVE-2008-3836, andCVE-2008-4070) |
|
6917 |
|
6918 ------------------------------------------------------------------- |
|
6919 Thu Sep 25 14:47:13 CDT 2008 - maw@suse.de |
|
6920 |
|
6921 - Review and approve changes. |
|
6922 |
|
6923 ------------------------------------------------------------------- |
|
6924 Mon Sep 15 13:45:16 CEST 2008 - wr@rosenauer.org |
|
6925 |
|
6926 - update to security/maintenance release 3.0.2 (bnc#429179) |
|
6927 - removed unused files from sources |
|
6928 - fix more rpmlint complaints and provide a config file to filter |
|
6929 false positives |
|
6930 - disable Gnome crashreporter as it has no value |
|
6931 - brought man-page up to date for the firefox stub |
|
6932 (removing firefox-bin reference) |
|
6933 - en-US locale not longer packaged in translations subpackage |
|
6934 |
|
6935 ------------------------------------------------------------------- |
|
6936 Fri Aug 15 18:56:26 CDT 2008 - maw@novell.com |
|
6937 |
|
6938 - Review and approve changes. |
|
6939 |
|
6940 ------------------------------------------------------------------- |
|
6941 Mon Aug 4 09:26:05 CEST 2008 - wr@rosenauer.org |
|
6942 |
|
6943 - Tweak branding split |
|
6944 |
|
6945 ------------------------------------------------------------------- |
|
6946 Tue Jul 29 15:02:47 CEST 2008 - vuntz@novell.com |
|
6947 |
|
6948 - Create branding package (bnc#390752): |
|
6949 + search-addons.tar.bz2, bookmarks.html.suse and |
|
6950 firefox-suse-default-prefs.js will be moved to |
|
6951 MozillaFirefox-branding-openSUSE |
|
6952 + create a MozillaFirefox-branding-upstream package |
|
6953 |
|
6954 ------------------------------------------------------------------- |
|
6955 Mon Jul 28 20:54:22 CEST 2008 - mauro@suse.de |
|
6956 |
|
6957 - Update to stability/security release 3.0.1 (bnc#407573) |
|
6958 (thanks, Wolfgang) |
|
6959 + MFSA 2008-36 Crash with malformed GIF file on Mac OS X |
|
6960 + MFSA 2008-35 Command-line URLs launch multiple tabs when |
|
6961 Firefox not running |
|
6962 + MFSA 2008-34 Remote code execution by overflowing CSS reference counter |
|
6963 - Set browser.shell.checkDefaultBrowser to true (bnc#404119) |
|
6964 |
|
6965 ------------------------------------------------------------------- |
|
6966 Tue Jun 17 18:49:33 CEST 2008 - maw@suse.de |
|
6967 |
|
6968 - Merge changes from the build service (thanks, Wolfgang) |
|
6969 (bnc#400001 and SWAMP#18164). |
|
6970 |
|
6971 ------------------------------------------------------------------- |
|
6972 Tue Jun 17 14:40:04 CEST 2008 - wr@rosenauer.org |
|
6973 |
|
6974 - update to version 3.0 |
|
6975 - fixed double entry in bookmarks for www.opensuse.org (bnc#396980 |
|
6976 |
|
6977 ------------------------------------------------------------------- |
|
6978 Thu May 15 13:45:51 CEST 2008 - aj@suse.de |
|
6979 |
|
6980 - Add Planet SUSE, forums.o.o and How to participate to default |
|
6981 URLs. |
|
6982 |
|
6983 ------------------------------------------------------------------- |
|
6984 Fri May 2 16:25:24 CEST 2008 - maw@suse.de |
|
6985 |
|
6986 - network.protocol-handler.app.* prefs are no longer supported; |
|
6987 remove references to them from firefox-suse-default-prefs.js |
|
6988 (bnc#383697). |
|
6989 |
|
6990 ------------------------------------------------------------------- |
|
6991 Thu Apr 3 01:42:34 CEST 2008 - maw@suse.de |
|
6992 |
|
6993 - Update to Firefox 3.0b5 (2.9.95) (thanks, Wolfgang). |
|
6994 |
|
6995 ------------------------------------------------------------------- |
|
6996 Wed Mar 26 01:05:18 CET 2008 - maw@suse.de |
|
6997 |
|
6998 - Merge changes from the build service (thanks, Wolfgang) |
|
6999 - Update to the fourth Firefox 3.0 Beta (2.9.94): |
|
7000 + Based upon the Gecko 1.9 Web rendering platform, which improves |
|
7001 performance, stability, and rendering correctness; it also |
|
7002 boasts a considerable simplification in its code |
|
7003 + Security improvements: |
|
7004 * One-click site info |
|
7005 * Malware Protection |
|
7006 * New Web Forgery Protection page |
|
7007 * New SSL error pages |
|
7008 * Add-ons and Plugin version check |
|
7009 * Secure add-on updates |
|
7010 * Effective top-level domain (eTLD) service to better restrict |
|
7011 cookies and other restricted content to a single domain |
|
7012 * Better protection against cross-site JSON data leaks |
|
7013 + Usability improvements: |
|
7014 * Easier password management |
|
7015 * Simplified add-on installation |
|
7016 * New Download Manager |
|
7017 * Resumable downloading |
|
7018 * Full page zoom |
|
7019 * Podcasts and Videocasts can be associated with your media |
|
7020 playback tools |
|
7021 * Tab scrolling and quickmenu |
|
7022 * Save what you were doing: Firefox will prompt users to save |
|
7023 tabs on exit |
|
7024 * Optimized Open in Tabs behavior |
|
7025 * Location and Search bar size can now be customized with a |
|
7026 simple resizer item |
|
7027 * Text selection improvements |
|
7028 * Find toolbar |
|
7029 * Improved integration with Linux: Firefox's default icons, |
|
7030 buttons, and menu styles now use the native GTK theme |
|
7031 + Personalization improvements: |
|
7032 * Star button: quickly add bookmarks from the location bar |
|
7033 with a single click; a second click lets you file and tag them |
|
7034 * Tags: associate keywords with your bookmarks to sort them |
|
7035 by topic |
|
7036 * Location bar & auto-complete |
|
7037 * Smart Bookmarks Folder |
|
7038 * Places Organizer: view, organize and search through all |
|
7039 of your bookmarks, tags, and browsing history with multiple |
|
7040 views and smart folders to store your frequent searches |
|
7041 * Web-based protocol handlers |
|
7042 * Download & Install Add-ons |
|
7043 * Easy to use Download Actions |
|
7044 + Improved platform for web developers: |
|
7045 * New graphics and font handling: new graphics and text |
|
7046 rendering architectures in Gecko 1.9 provides rendering |
|
7047 improvements in CSS, SVG as well as improved display of |
|
7048 fonts with ligatures and complex scripts |
|
7049 * Color management: (set gfx.color_management.enabled on |
|
7050 in about:config and restart the browser to enable.); |
|
7051 Firefox can now adjust images with embedded color profiles |
|
7052 * Offline support: enables web applications to provide |
|
7053 offline functionality (website authors must add support |
|
7054 for offline browsing to their site for this feature |
|
7055 to be available to users) |
|
7056 + Improved performance: |
|
7057 * Speed: improvements to the JavaScript engine as well as |
|
7058 profile guided optimizations have resulted in significant |
|
7059 improvements in performance; compared to Firefox 2, |
|
7060 web applications like Google Mail and Zoho Office run |
|
7061 twice as fast in Firefox 3 Beta 4, and the popular |
|
7062 SunSpider test from Apple shows improvements over |
|
7063 previous releases |
|
7064 * Memory usage: Several new technologies work together to |
|
7065 reduce the amount of memory used by Firefox 3 Beta 4 |
|
7066 over a web browsing session; memory cycles are broken |
|
7067 and collected by an automated cycle collector, a new |
|
7068 memory allocator reduces fragmentation, hundreds of leaks |
|
7069 have been fixed, and caching strategies have been tuned |
|
7070 * Reliability: A user's bookmarks, history, cookies, and |
|
7071 preferences are now stored in a transactionally secure |
|
7072 database format which will prevent data loss even if their |
|
7073 system crashes |
|
7074 - This version depends upon the mozilla-xulrunner190 package |
|
7075 - Drop various stale packages, respin several that have been |
|
7076 kept around, and add a few new ones. |
|
7077 |
|
7078 ------------------------------------------------------------------- |
|
7079 Mon Feb 11 18:18:14 CET 2008 - maw@suse.de |
|
7080 |
|
7081 - Security update to version 2.0.0.12 (bnc#354469): |
|
7082 + MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div |
|
7083 overlay |
|
7084 + MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet |
|
7085 redirect |
|
7086 + MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain |
|
7087 text files |
|
7088 + MFSA 2008-08/CVE-2008-0591 File action dialog tampering |
|
7089 + MFSA 2008-06/CVE-2008-0419 Web browsing history and forward |
|
7090 navigation stealing |
|
7091 + MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome: URI |
|
7092 + MFSA 2008-04/CVE-2008-0417 Stored password corruption |
|
7093 + MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote |
|
7094 Code Execution |
|
7095 + MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing |
|
7096 vulnerabilities |
|
7097 + MFSA 2008-01/CVE-2008-0412 Crashes with evidence of memory |
|
7098 corruption (rv:1.8.1.12) |
|
7099 - Reference libaoss.so in start script (bnc#117079) |
|
7100 - Remove mozilla-canvas-1.8.1.10.patch, as it has been upstreamed |
|
7101 - Update firefox-ui-lockdown.patch (FATE#301534, FATE#302023, and |
|
7102 FATE#302024) |
|
7103 - Add application/x-xpinstall mime type to MozillaFirefox.desktop |
|
7104 - Add MozillaFirefox.xml to bind .xpi to application/x-xpinstall |
|
7105 in desktop. |
|
7106 |
|
7107 ------------------------------------------------------------------- |
|
7108 Thu Jan 17 17:52:47 CET 2008 - maw@suse.de |
|
7109 |
|
7110 - Add mozilla-maxpathlen.patch (#354150 and bmo #412610). |
|
7111 |
|
7112 ------------------------------------------------------------------- |
|
7113 Fri Dec 21 18:46:50 CET 2007 - maw@suse.de |
|
7114 |
|
7115 - Add firefox-348446-empty-lists.patch (bnc#348446). |
|
7116 |
|
7117 ------------------------------------------------------------------- |
|
7118 Wed Dec 5 02:21:26 CET 2007 - maw@suse.de |
|
7119 |
|
7120 - Respin proxy-dev.patch (bnc#340678) -- thanks, Anders! |
|
7121 |
|
7122 ------------------------------------------------------------------- |
|
7123 Tue Nov 27 18:25:25 CET 2007 - maw@suse.de |
|
7124 |
|
7125 - Security update to version 2.0.0.10 (#341905, #341591): |
|
7126 + MFSA 2007-39 Referer-spoofing via window.location race condition |
|
7127 + MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10) |
|
7128 + MFSA 2007-37 jar: URI scheme XSS hazard |
|
7129 + Fixes for regressions introduced in 2.0.0.8 |
|
7130 + Updated dbus.patch, startup.patch, misc.dif, and configure.patch |
|
7131 - Add mozilla-gcc4.3-fixes.patch |
|
7132 - Add mozilla-canvas-1.8.1.10.patch (#341591#c10). |
|
7133 |
|
7134 ------------------------------------------------------------------- |
|
7135 Mon Nov 26 18:27:25 CET 2007 - maw@suse.de |
|
7136 |
|
7137 - Build with -ftree-vrp -fwrapv, per advice in #342603#c17. |
|
7138 |
|
7139 ------------------------------------------------------------------- |
|
7140 Tue Nov 13 17:49:01 CET 2007 - maw@suse.de |
|
7141 |
|
7142 - Add firefox-gcc4.3-fixes.patch. |
|
7143 |
|
7144 ------------------------------------------------------------------- |
|
7145 Fri Oct 19 02:04:45 CEST 2007 - maw@suse.de |
|
7146 |
|
7147 - Security update to version 2.0.0.8 (#332512) (thanks, Wolfgang) |
|
7148 * MFSA 2007-29 Crashes with evidence of memory corruption |
|
7149 * MFSA 2007-30 onUnload Tailgating |
|
7150 * MFSA 2007-31 Digest authentication request splitting |
|
7151 * MFSA 2007-32 File input focus stealing vulnerability |
|
7152 * MFSA 2007-33 XUL pages can hide the window titlebar |
|
7153 * MFSA 2007-34 Possible file stealing through sftp protocol |
|
7154 * MFSA 2007-35 XPCNativeWraper pollution using Script object |
|
7155 complete advisories on |
|
7156 http://www.mozilla.org/projects/security/known-vulnerabilities.html |
|
7157 |
|
7158 ------------------------------------------------------------------- |
|
7159 Sun Sep 23 19:49:12 CEST 2007 - maw@suse.de |
|
7160 |
|
7161 - Don't explicitly require libaoss.so (#326751). |
|
7162 |
|
7163 ------------------------------------------------------------------- |
|
7164 Fri Sep 14 23:13:06 CEST 2007 - maw@suse.de |
|
7165 |
|
7166 - Update the Novell Support search plugin in search-addons.tar.bz2 |
|
7167 (#297261) |
|
7168 - Set the browser.tabs.loadFolderAndReplace preference to false |
|
7169 by default (#230759). |
|
7170 |
|
7171 ------------------------------------------------------------------- |
|
7172 Wed Sep 12 15:21:06 CEST 2007 - dmueller@suse.de |
|
7173 |
|
7174 - fix hardlinks accross partitions |
|
7175 |
|
7176 ------------------------------------------------------------------- |
|
7177 Thu Sep 6 16:07:12 CEST 2007 - maw@suse.de |
|
7178 |
|
7179 - Add http://software.opensuse.org/search?baseproject=openSUSE:10.3 |
|
7180 to the default bookmarks (#308223). |
|
7181 |
|
7182 ------------------------------------------------------------------- |
|
7183 Mon Sep 3 22:33:09 CEST 2007 - ro@suse.de |
|
7184 |
|
7185 - move last change a bit further in specfile |
|
7186 |
|
7187 ------------------------------------------------------------------- |
|
7188 Fri Aug 31 18:36:16 CEST 2007 - maw@suse.de |
|
7189 |
|
7190 - Mark a .png file as nonexecutable. |
|
7191 |
|
7192 ------------------------------------------------------------------- |
|
7193 Tue Aug 28 16:44:08 CEST 2007 - maw@suse.de |
|
7194 |
|
7195 - Minor .spec update (#305193) |
|
7196 + Remove two obsolete patches |
|
7197 + Correct releasedate |
|
7198 + Include only the officially supported locales. |
|
7199 |
|
7200 ------------------------------------------------------------------- |
|
7201 Wed Aug 22 17:53:03 CEST 2007 - maw@suse.de |
|
7202 |
|
7203 - Merge changes from the build service (thanks, Wolfgang): |
|
7204 + Provide locale dependency information (#302288) |
|
7205 + Add x11-session.patch, supporting X11 session management |
|
7206 (#227047) |
|
7207 + Update to version 2.0.0.6 |
|
7208 * MFSA 2007-26 Privilege escalation through chrome-loaded |
|
7209 about:blank windows |
|
7210 * MFSA 2007-27 Unescaped URIs passed to external programs |
|
7211 (only relevant on Windows) |
|
7212 - Use %fdupes. |
|
7213 |
|
7214 ------------------------------------------------------------------- |
|
7215 Tue Aug 21 09:45:35 CEST 2007 - aj@suse.de |
|
7216 |
|
7217 - Adjust bookmarks: Add news.opensuse.org, use new software.o.o |
|
7218 page. |
|
7219 |
|
7220 ------------------------------------------------------------------- |
|
7221 Thu Aug 16 14:57:27 CEST 2007 - mauro@suse.de |
|
7222 |
|
7223 - Revert previous change. |
|
7224 |
|
7225 ------------------------------------------------------------------- |
|
7226 Tue Aug 14 11:58:23 CEST 2007 - mauro@suse.de |
|
7227 |
|
7228 - Added support for ymp in the mimetypes.rdf |
|
7229 - Added OneClickInstallUrlHandler for handing the actual call from firefox. |
|
7230 - Fixes bnc #295677 |
|
7231 |
|
7232 ------------------------------------------------------------------- |
|
7233 Mon Jul 23 18:57:07 CEST 2007 - maw@suse.de |
|
7234 |
|
7235 - Security update to version 2.0.0.5 (#288115) which has fixes for: |
|
7236 MFSA 2007-18 |
|
7237 CVE-2007-3734 - Browser flaws |
|
7238 CVE-2007-3735 - Javascript flaws |
|
7239 |
|
7240 MFSA 2007-19 |
|
7241 CVE-2007-3736 |
|
7242 |
|
7243 MFSA 2007-20 |
|
7244 CVE-2007-3089 |
|
7245 |
|
7246 MFSA 2007-21 |
|
7247 CVE-2007-3737 |
|
7248 |
|
7249 MFSA 2007-22 |
|
7250 CVE-2007-3285 |
|
7251 |
|
7252 MFSA 2007-23 |
|
7253 CVE-2007-3670 |
|
7254 |
|
7255 MFSA 2007-24 |
|
7256 CVE-2007-3656 |
|
7257 |
|
7258 MFSA 2007-25 |
|
7259 CVE-2007-3738 |
|
7260 |
|
7261 ------------------------------------------------------------------- |
|
7262 Thu Jun 21 15:59:01 CEST 2007 - adrian@suse.de |
|
7263 |
|
7264 - fix changelog entry order |
|
7265 |
|
7266 ------------------------------------------------------------------- |
|
7267 Mon Jun 18 13:22:42 CDT 2007 - maw@suse.de |
|
7268 |
|
7269 - Use mozilla.sh.in from the build service (#230681). |
|
7270 |
|
7271 ------------------------------------------------------------------- |
|
7272 Tue Jun 5 15:55:08 CEST 2007 - sbrabec@suse.cz |
|
7273 |
|
7274 - Removed invalid desktop category "Application" (#254654). |
|
7275 |
|
7276 ------------------------------------------------------------------- |
|
7277 Mon Jun 4 19:53:35 CDT 2007 - maw@suse.de |
|
7278 |
|
7279 - Security update to version 2.0.0.4 |
|
7280 - Refresh configure.patch, startup.patch, and visibility.patch |
|
7281 - Now use l10n-%{version}.tar.bz2 instead of l10n.tar.bz2. |
|
7282 |
|
7283 ------------------------------------------------------------------- |
|
7284 Mon Apr 30 16:49:55 CEST 2007 - ro@suse.de |
|
7285 |
|
7286 - added unzip to BuildRequires |
|
7287 |
|
7288 ------------------------------------------------------------------- |
|
7289 Wed Apr 18 14:16:44 CEST 2007 - mfabian@suse.de |
|
7290 |
|
7291 - add Japanese to the languages which get PANGO enabled in the |
|
7292 start script to support the Japanese combining characters |
|
7293 U+3099 U+309A (see bugzilla #262718 comment #29). |
|
7294 |
|
7295 ------------------------------------------------------------------- |
|
7296 Mon Mar 12 11:06:10 CST 2007 - maw@suse.de |
|
7297 |
|
7298 - Package gconf stuff. |
|
7299 |
|
7300 ------------------------------------------------------------------- |
|
7301 Wed Feb 21 16:37:25 CST 2007 - maw@suse.de |
|
7302 |
|
7303 - Security update to 2.0.0.2 (#244923), which covers: |
|
7304 + mfsa2007-01 |
|
7305 * CVE-2007-0775 - layout engine crashes |
|
7306 * CVE-2007-0776 - SVG |
|
7307 * CVE-2007-0777 - javascript engine corruption |
|
7308 + mfsa2007-02 |
|
7309 * CVE-2007-0995 - Invalid trailing characters in HTML tag attributes |
|
7310 * CVE-2007-0996 - Child frame character set inheritance |
|
7311 * CVE-2006-6077 - Injected password forms |
|
7312 + mfsa2007-02 |
|
7313 + mfsa2007-03 |
|
7314 * CVE-2007-0078 |
|
7315 + mfsa2007-04 |
|
7316 * CVE-2007-0079 |
|
7317 + mfsa2007-05 |
|
7318 * CVE-2007-0780 |
|
7319 * CVE-2007-0800 |
|
7320 + mfsa2007-06 |
|
7321 * CVE-2007-0008 - client flaw |
|
7322 * CVE-2007-0009 - server flaw |
|
7323 + mfsa2007-07 |
|
7324 * CVE-2007-0981 |
|
7325 - Updates mozilla.sh.in (#230681) |
|
7326 - Fixes #232209 |
|
7327 - Updates the man page (#243037) |
|
7328 - Properly propagates exit codes (#241492) |
|
7329 - Adds em-356370.patch (#217374) |
|
7330 |
|
7331 ------------------------------------------------------------------- |
|
7332 Thu Jan 25 10:16:56 CST 2007 - maw@suse.de |
|
7333 |
|
7334 - Fixup the Gnome paths, keeping in closer sync with the |
|
7335 buildservice. |
|
7336 |
|
7337 ------------------------------------------------------------------- |
|
7338 Thu Jan 18 09:27:54 CST 2007 - maw@suse.de |
|
7339 |
|
7340 - Gnome is now in /usr, so remove references to /opt/gnome |
|
7341 - Install firefox.png with the executable bit not set. |
|
7342 |
|
7343 ------------------------------------------------------------------- |
|
7344 Wed Jan 10 12:57:39 CET 2007 - meissner@suse.de |
|
7345 |
|
7346 - readd MozillaFirebird provides (was incorrect in removing it). |
|
7347 |
|
7348 ------------------------------------------------------------------- |
|
7349 Mon Jan 8 11:16:08 CET 2007 - meissner@suse.de |
|
7350 |
|
7351 - Do not provide MozillaFirebird, just obsolete it. |
|
7352 |
|
7353 ------------------------------------------------------------------- |
|
7354 Fri Dec 1 02:22:49 CET 2006 - maw@suse.de |
|
7355 |
|
7356 - Update gecko-lockdown.patch (#220616). |
|
7357 |
|
7358 ------------------------------------------------------------------- |
|
7359 Thu Nov 30 19:02:54 CET 2006 - maw@suse.de |
|
7360 |
|
7361 - Update firefox-suse-default-prefs.js, adding |
|
7362 'pref("browser.backspace_action", 2);' (#217374) |
|
7363 |
|
7364 ------------------------------------------------------------------- |
|
7365 Thu Nov 30 08:17:28 CET 2006 - aj@suse.de |
|
7366 |
|
7367 - Fix last change (#224431). |
|
7368 |
|
7369 ------------------------------------------------------------------- |
|
7370 Wed Nov 29 11:45:47 CET 2006 - aj@suse.de |
|
7371 |
|
7372 - Change download bookmark (#224431). |
|
7373 - Rename bookmark folder to openSUSE. |
|
7374 |
|
7375 ------------------------------------------------------------------- |
|
7376 Tue Nov 28 08:09:48 CET 2006 - aj@suse.de |
|
7377 |
|
7378 - Sync from Buildservice with following critical fixes (thanks |
|
7379 Wolfgang Rosenauer!): |
|
7380 * fixed system-proxies.patch to actually work (#223881). |
|
7381 * Rearrange Bookmarks to pass trademark review. |
|
7382 |
|
7383 ------------------------------------------------------------------- |
|
7384 Mon Nov 27 19:40:44 CET 2006 - aj@suse.de |
|
7385 |
|
7386 - Fix tango theme (#223796). |
|
7387 |
|
7388 ------------------------------------------------------------------- |
|
7389 Mon Nov 27 17:40:50 CET 2006 - aj@suse.de |
|
7390 |
|
7391 - Use www.opensuse.org as home page. |
|
7392 |
|
7393 ------------------------------------------------------------------- |
|
7394 Sun Nov 12 11:28:00 CET 2006 - aj@suse.de |
|
7395 |
|
7396 - Set novell.com as home page. |
|
7397 - Update from BuildService (thanks Wolfgang!): |
|
7398 - fixed crash in htmlparser (#217257, bmo #358797) |
|
7399 - added gconf2 as PreReq (#212505) |
|
7400 - added 32bit libaoss.so as requirement (#216266) |
|
7401 - Removed SUSE searchplugin (Portal not available anymore) |
|
7402 (#216054) |
|
7403 - Removed obsolete xul-picker.patch and system-nspr.patch |
|
7404 - Fixed building on 10.1 and 10.0 (dbus) |
|
7405 - Removed obsolete throbber preference |
|
7406 |
|
7407 ------------------------------------------------------------------- |
|
7408 Thu Nov 9 19:09:46 CET 2006 - jhargadon@suse.de |
|
7409 |
|
7410 - updated tango theme |
|
7411 |
|
7412 ------------------------------------------------------------------- |
|
7413 Sun Oct 29 12:05:46 CET 2006 - aj@suse.de |
|
7414 |
|
7415 - Another fix for 214125, patch by Wolfgang Rosenauer. |
|
7416 |
|
7417 ------------------------------------------------------------------- |
|
7418 Thu Oct 26 06:58:59 CEST 2006 - aj@suse.de |
|
7419 |
|
7420 - Fix gcc warnings about undefined operations, patch by |
|
7421 Robert O'Callahan. |
|
7422 - Update system-proxies.patch to fix error box (214125), patch by |
|
7423 Robert O'Callahan. |
|
7424 |
|
7425 ------------------------------------------------------------------- |
|
7426 Mon Oct 23 21:54:54 CEST 2006 - aj@suse.de |
|
7427 |
|
7428 - Update to current CVS version of 2.0. |
|
7429 - Use www.opensuse.org as default home page for now (#203547). |
|
7430 |
|
7431 ------------------------------------------------------------------- |
|
7432 Sat Oct 21 08:53:50 CEST 2006 - aj@suse.de |
|
7433 |
|
7434 - Disable non-working plasticfox and tango themes. |
|
7435 |
|
7436 ------------------------------------------------------------------- |
|
7437 Fri Oct 20 20:16:29 CEST 2006 - aj@suse.de |
|
7438 |
|
7439 - Fix building of locales. |
|
7440 |
|
7441 ------------------------------------------------------------------- |
|
7442 Fri Oct 20 11:27:23 CEST 2006 - mkoenig@suse.de |
|
7443 |
|
7444 - update to version 2.0rc3: |
|
7445 * New features: Visual Refresh, Built-in phishing protection, |
|
7446 Enhanced search capabilities, Improved tabbed browsing, |
|
7447 Resuming your browsing session, Previewing and subscribing |
|
7448 to Web feeds, Inline spell checking, Live Titles, |
|
7449 Improved Add-ons manager, JavaScript 1.7, Extended search |
|
7450 plugin format, Updates to the extension system, |
|
7451 Client-side session and persistent storage, SVG text |
|
7452 |
|
7453 ------------------------------------------------------------------- |
|
7454 Tue Oct 17 11:26:44 CEST 2006 - meissner@suse.de |
|
7455 |
|
7456 - disabled debugging. |
|
7457 |
|
7458 ------------------------------------------------------------------- |
|
7459 Tue Sep 12 20:27:02 CEST 2006 - stark@suse.de |
|
7460 |
|
7461 - security update to version 1.5.0.7 |
|
7462 |
|
7463 ------------------------------------------------------------------- |
|
7464 Mon Aug 21 12:53:50 CEST 2006 - stark@suse.de |
|
7465 |
|
7466 - added greasemonkey helper change (#199920) |
|
7467 - fixed packager.mk for new make version |
|
7468 |
|
7469 ------------------------------------------------------------------- |
|
7470 Fri Aug 11 20:51:48 CEST 2006 - stark@suse.de |
|
7471 |
|
7472 - fixed crash in dbus component (patch by thoenig #197928) |
|
7473 - use external adresses for PAC configuration (#196506) |
|
7474 |
|
7475 ------------------------------------------------------------------- |
|
7476 Mon Aug 7 09:26:58 CEST 2006 - stark@suse.de |
|
7477 |
|
7478 - added symlink for Firefox 1.0.x compatibility |
|
7479 |
|
7480 ------------------------------------------------------------------- |
|
7481 Sat Jul 29 08:48:53 CEST 2006 - stark@suse.de |
|
7482 |
|
7483 - update to regression release 1.5.0.6 (#195043) |
|
7484 |
|
7485 ------------------------------------------------------------------- |
|
7486 Thu Jul 27 06:20:36 CEST 2006 - stark@suse.de |
|
7487 |
|
7488 - security update to version 1.5.0.5 (#195043) |
|
7489 * observer-lock.patch integrated now |
|
7490 - fixed leak in JS' liveconnect (#186066) |
|
7491 - fixed desktop file for old distributions |
|
7492 (StartupNotify=false) |
|
7493 |
|
7494 ------------------------------------------------------------------- |
|
7495 Thu Jun 29 20:13:28 CEST 2006 - stark@suse.de |
|
7496 |
|
7497 - fixed printing crash if the last used printer is not available |
|
7498 anymore (#187013) |
|
7499 |
|
7500 ------------------------------------------------------------------- |
|
7501 Fri Jun 16 22:11:22 CEST 2006 - stark@suse.de |
|
7502 |
|
7503 - added 48x48 icon (#185777) |
|
7504 |
|
7505 ------------------------------------------------------------------- |
|
7506 Mon Jun 12 20:20:02 CEST 2006 - stark@suse.de |
|
7507 |
|
7508 - fix overwrite confirmation for GTK filesaver (#179531) |
|
7509 - get network.negotiate-auth.trusted-uris and |
|
7510 network.negotiate-auth.delegation-uris from gconf if |
|
7511 system-settings are enabled (#184489) |
|
7512 |
|
7513 ------------------------------------------------------------------- |
|
7514 Thu Jun 1 20:34:43 CEST 2006 - stark@suse.de |
|
7515 |
|
7516 - update to security/stability release 1.5.0.4 (#179011) |
|
7517 - moved locale-global prefs to browserconfig.properties (#177881) |
|
7518 |
|
7519 ------------------------------------------------------------------- |
|
7520 Tue May 23 21:11:11 CEST 2006 - stark@suse.de |
|
7521 |
|
7522 - complete implementation of startup-notification (#115417) |
|
7523 (including autoconf and remote support) |
|
7524 - different home-pages for SLE10 and SL (#177881) |
|
7525 |
|
7526 ------------------------------------------------------------------- |
|
7527 Tue May 16 06:27:26 CEST 2006 - stark@suse.de |
|
7528 |
|
7529 - fixed potential deadlock in nsObserverList::RemoveObserver |
|
7530 (#173986, bmo #338069) |
|
7531 - base startup notification on libstartup-notification (#115417) |
|
7532 |
|
7533 ------------------------------------------------------------------- |
|
7534 Thu May 11 09:39:27 CEST 2006 - stark@suse.de |
|
7535 |
|
7536 - save printer settings properly (#174082, bmo #324072) |
|
7537 - added startup notification support for showing load activity |
|
7538 in Gnome and to avoid focus stealing prevention (#115417) |
|
7539 - added StartupNotify=true to desktop file (#115417) |
|
7540 - provide legacy symlink for NLD9 update compatibility (#173138) |
|
7541 - fixed system-proxies patch to avoid unwanted wpad requests |
|
7542 (#171743, #167613) |
|
7543 |
|
7544 ------------------------------------------------------------------- |
|
7545 Mon May 8 14:55:52 CEST 2006 - stark@suse.de |
|
7546 |
|
7547 - preconfigure the theme according to the used desktop (#151163) |
|
7548 |
|
7549 ------------------------------------------------------------------- |
|
7550 Thu Apr 27 10:24:07 CEST 2006 - stark@suse.de |
|
7551 |
|
7552 - last minute change for 1.5.0.3 |
|
7553 |
|
7554 ------------------------------------------------------------------- |
|
7555 Wed Apr 26 14:23:33 CEST 2006 - stark@suse.de |
|
7556 |
|
7557 - security update to 1.5.0.3 |
|
7558 - fix for typo in postscript.patch |
|
7559 |
|
7560 ------------------------------------------------------------------- |
|
7561 Tue Apr 25 14:14:51 CEST 2006 - stark@suse.de |
|
7562 |
|
7563 - fixed iframe crash (#169039, bmo #334515) |
|
7564 - fixed img tag misuse (#168710, bmo #334341) |
|
7565 |
|
7566 ------------------------------------------------------------------- |
|
7567 Mon Apr 24 08:04:16 CEST 2006 - stark@suse.de |
|
7568 |
|
7569 - improved postscript output (bmo #334485) |
|
7570 - changed defaults for printer properties (#6534) |
|
7571 - overwrite gnome-vfs' file protocol by providing "desktop-launch" |
|
7572 (#131501) |
|
7573 - get available paper sizes from CUPS (#65482) |
|
7574 - replaced/removed complicated gconfd reload in %post (#167989) |
|
7575 - fixed memory leak in clipboard caching (bmo #289897) |
|
7576 |
|
7577 ------------------------------------------------------------------- |
|
7578 Tue Apr 11 08:35:53 CEST 2006 - stark@suse.de |
|
7579 |
|
7580 - added (optional) plastikfox theme (#151163) |
|
7581 - get some more security related patches (#148876) |
|
7582 - finally fixed the default proxy configuration by adding a new |
|
7583 UI option (#132398) |
|
7584 |
|
7585 ------------------------------------------------------------------- |
|
7586 Mon Apr 3 11:41:13 CEST 2006 - stark@suse.de |
|
7587 |
|
7588 - fixed keyword fixup patch (#162532) |
|
7589 |
|
7590 ------------------------------------------------------------------- |
|
7591 Tue Mar 28 07:17:04 CEST 2006 - stark@suse.de |
|
7592 |
|
7593 - don't use keyword fixup for pasted text (#160034, bmo #331522) |
|
7594 |
|
7595 ------------------------------------------------------------------- |
|
7596 Mon Mar 20 09:28:58 CET 2006 - stark@suse.de |
|
7597 |
|
7598 - added Tango theme |
|
7599 - fixed reading proxies from gconf (#132398) |
|
7600 |
|
7601 ------------------------------------------------------------------- |
|
7602 Sun Mar 12 09:04:05 CET 2006 - stark@suse.de |
|
7603 |
|
7604 - tweaked bookmarks (fixed URLs) |
|
7605 - added Khmer (km-*) to pango locales (#157397) |
|
7606 |
|
7607 ------------------------------------------------------------------- |
|
7608 Sat Mar 4 21:08:45 CET 2006 - stark@suse.de |
|
7609 |
|
7610 - fixed crash with multipart JPEGs (bmo #328684) (#140416) |
|
7611 - got latest security fixes from upstream (#148876) |
|
7612 |
|
7613 ------------------------------------------------------------------- |
|
7614 Wed Feb 22 13:24:58 CET 2006 - stark@suse.de |
|
7615 |
|
7616 - fixed plugin loading when launched from Thunderbird (#151614) |
|
7617 - merged dbus reconnection patch (#150042) |
|
7618 - default to autodetect proxy (network.proxy.type=4) (#151811) |
|
7619 - added GTK category to desktop file |
|
7620 |
|
7621 ------------------------------------------------------------------- |
|
7622 Tue Feb 14 06:45:24 CET 2006 - stark@suse.de |
|
7623 |
|
7624 - modified lockdown patches (#67281, #67282) |
|
7625 - applied set of security patches (#148876) |
|
7626 bmo bugs: 282105, 307989, 315625, 320459, 323634, 325403, 325947 |
|
7627 |
|
7628 ------------------------------------------------------------------- |
|
7629 Tue Feb 7 20:09:43 CET 2006 - stark@suse.de |
|
7630 |
|
7631 - fixed disabling of Pango (#148788) |
|
7632 |
|
7633 ------------------------------------------------------------------- |
|
7634 Thu Feb 2 21:51:30 CET 2006 - stark@suse.de |
|
7635 |
|
7636 - define gssapi lib explicitely (#147670) |
|
7637 - use only official Firefox-Icon |
|
7638 - changed home-download patch |
|
7639 |
|
7640 ------------------------------------------------------------------- |
|
7641 Sun Jan 29 09:54:49 CET 2006 - stark@suse.de |
|
7642 |
|
7643 - throbber URL is default again |
|
7644 - removed firefox-showpass patch |
|
7645 - removed additional CA certs from builtin NSS |
|
7646 |
|
7647 ------------------------------------------------------------------- |
|
7648 Fri Jan 27 17:55:21 CET 2006 - stark@suse.de |
|
7649 |
|
7650 - got some l10n changes from 1.8.0 branch |
|
7651 |
|
7652 ------------------------------------------------------------------- |
|
7653 Fri Jan 27 08:15:09 CET 2006 - stark@suse.de |
|
7654 |
|
7655 - final 1.5.0.1 version |
|
7656 - make it possible to choose $HOME as download directory |
|
7657 (#144894, bmo #300856) |
|
7658 |
|
7659 ------------------------------------------------------------------- |
|
7660 Wed Jan 25 21:33:43 CET 2006 - mls@suse.de |
|
7661 |
|
7662 - converted neededforbuild to BuildRequires |
|
7663 |
|
7664 ------------------------------------------------------------------- |
|
7665 Sun Jan 22 17:06:57 CET 2006 - stark@suse.de |
|
7666 |
|
7667 - disable Pango if MOZ_ENABLE_PANGO is not set |
|
7668 and no typical language which needs Pango is used (#143428) |
|
7669 |
|
7670 ------------------------------------------------------------------- |
|
7671 Wed Jan 18 10:27:30 CET 2006 - stark@suse.de |
|
7672 |
|
7673 - fixed DumpStackToFile() for glibc 2.4 |
|
7674 - added default (font) settings |
|
7675 |
|
7676 ------------------------------------------------------------------- |
|
7677 Thu Jan 12 10:23:58 CET 2006 - stark@suse.de |
|
7678 |
|
7679 - update to 1.5.0.1pre (20060111) |
|
7680 - updated man-page |
|
7681 - fixed hovered tab close button |
|
7682 - only Requires mozilla-nspr instead of PreReq since |
|
7683 there is no postinstall registration necessary anymore |
|
7684 - use system NSS from CODE10 on |
|
7685 - use -fstack-protector where available |
|
7686 - changed unixproxy component to work on older distributions |
|
7687 |
|
7688 ------------------------------------------------------------------- |
|
7689 Mon Jan 2 13:39:09 CET 2006 - stark@suse.de |
|
7690 |
|
7691 - added unixproxy component written by Robert O'Callahan (#132398) |
|
7692 (bmo #66057) |
|
7693 - added official translations |
|
7694 - preload libaoss for plugin sound (#117079) |
|
7695 |
|
7696 ------------------------------------------------------------------- |
|
7697 Wed Dec 28 08:16:03 CET 2005 - stark@suse.de |
|
7698 |
|
7699 - get some patches from 1.8.0 branch |
|
7700 - readded modification to gconf-backend (bmo #321315) |
|
7701 - readded lockdown stuff |
|
7702 - enable additional extension install directory (#120329) |
|
7703 (/usr/lib/browser-extensions/firefox) |
|
7704 - added patch to make the XUL filechooser optional |
|
7705 (MOZ_XUL_PICKER) |
|
7706 |
|
7707 ------------------------------------------------------------------- |
|
7708 Wed Dec 14 16:08:12 CET 2005 - stark@suse.de |
|
7709 |
|
7710 - fixed patch for parsing -remote parameter |
|
7711 - removed default-plugin patch (not needed anymore) |
|
7712 |
|
7713 ------------------------------------------------------------------- |
|
7714 Fri Dec 9 17:21:29 CET 2005 - stark@suse.de |
|
7715 |
|
7716 - fix to ignore X composite extension (#135373) |
|
7717 - fixed parsing of -remote parameters (#134396) |
|
7718 - activated locales as released |
|
7719 |
|
7720 ------------------------------------------------------------------- |
|
7721 Tue Nov 29 21:33:13 CET 2005 - stark@suse.de |
|
7722 |
|
7723 - update to 1.5 (20051128) |
|
7724 - don't override startup URL when changing Gecko versions (#135314) |
|
7725 - added patch for GTK2 handling (#134831) |
|
7726 - readded add-plugins stuff for compatibility |
|
7727 |
|
7728 ------------------------------------------------------------------- |
|
7729 Fri Nov 18 07:41:41 CET 2005 - stark@suse.de |
|
7730 |
|
7731 - update to 1.5rc3 (20051117) |
|
7732 |
|
7733 ------------------------------------------------------------------- |
|
7734 Mon Oct 31 08:58:14 CET 2005 - stark@suse.de |
|
7735 |
|
7736 - updated l10n archive (20051030) |
|
7737 - fixed postinstall script to copy plugin links instead of files |
|
7738 |
|
7739 ------------------------------------------------------------------- |
|
7740 Fri Oct 28 06:43:27 CEST 2005 - stark@suse.de |
|
7741 |
|
7742 - update to 1.5rc1 (20051027) |
|
7743 - fixed profile locking on FAT partitions (bmo #313360) |
|
7744 - introduced an rpath again |
|
7745 |
|
7746 ------------------------------------------------------------------- |
|
7747 Wed Oct 19 20:03:48 CEST 2005 - stark@suse.de |
|
7748 |
|
7749 - update to snapshot 1.5 (20051019) |
|
7750 - moved installation to /usr/%{_lib}/firefox |
|
7751 - added dbus component to be able to get network status from |
|
7752 NetworkManager (bmo #312793) |
|
7753 - remove all update UI for application |
|
7754 - removed diable-gconf (no registration at build time anymore) |
|
7755 - removed rebuild-databases.sh (no system registration anymore) |
|
7756 - open links in new windows (#128087) |
|
7757 |
|
7758 ------------------------------------------------------------------- |
|
7759 Thu Oct 6 20:44:53 CEST 2005 - stark@suse.de |
|
7760 |
|
7761 - update to Firefox 1.5b2 (20051005) |
|
7762 - added supported translations |
|
7763 |
|
7764 ------------------------------------------------------------------- |
|
7765 Sat Oct 1 15:09:18 CEST 2005 - stark@suse.de |
|
7766 |
|
7767 - update to Firefox 1.5b1 (20050930) RPM version 1.4.1 |
|
7768 - removed rebuild-databases.sh calls |
|
7769 - removed add-plugins.sh calls and corresponding triggers |
|
7770 - enabled SVG and Canvas support |
|
7771 - fixed gconf urlhandler registration |
|
7772 |
|
7773 ------------------------------------------------------------------- |
|
7774 Tue Sep 20 10:24:16 CEST 2005 - stark@suse.de |
|
7775 |
|
7776 - security update to 1.0.7 (#117619) |
|
7777 * MFSA 2005-57: IDN heap overrun using soft-hyphens (bmo #307259) |
|
7778 (enabled IDN pref again) |
|
7779 * MFSA 2005-58: |
|
7780 CAN-2005-2701 Heap overrun in XBM image processing |
|
7781 CAN-2005-2702 Crash on "zero-width non-joiner" sequence |
|
7782 CAN-2005-2703 XMLHttpRequest header spoofing |
|
7783 CAN-2005-2704 Object spoofing using XBL <implements> |
|
7784 CAN-2005-2705 JavaScript integer overflow |
|
7785 CAN-2005-2706 Privilege escalation using about: scheme |
|
7786 CAN-2005-2707 Chrome window spoofing |
|
7787 Regression fixes |
|
7788 - register beagle extension if it gets installed (#116787) |
|
7789 |
|
7790 ------------------------------------------------------------------- |
|
7791 Tue Sep 13 15:41:37 CEST 2005 - aj@suse.de |
|
7792 |
|
7793 - Change SUSE bookmarks. |
|
7794 |
|
7795 ------------------------------------------------------------------- |
|
7796 Sun Sep 11 17:05:07 CEST 2005 - stark@suse.de |
|
7797 |
|
7798 - disable IDN per default (#116070) |
|
7799 - unlocalize bookmarks (#114279) |
|
7800 |
|
7801 ------------------------------------------------------------------- |
|
7802 Thu Sep 8 08:52:13 CEST 2005 - stark@suse.de |
|
7803 |
|
7804 - fixed some filemodes (#114849) |
|
7805 |
|
7806 ------------------------------------------------------------------- |
|
7807 Sun Sep 4 00:03:53 CEST 2005 - stark@suse.de |
|
7808 |
|
7809 - fixed gconf-backend patch to be able to use |
|
7810 system prefs (#114054) |
|
7811 |
|
7812 ------------------------------------------------------------------- |
|
7813 Thu Sep 1 13:22:17 CEST 2005 - stark@suse.de |
|
7814 |
|
7815 - changed default font to sans-serif (#114464) |
|
7816 - removed de-de parts of the bookmark-links (#114279) |
|
7817 |
|
7818 ------------------------------------------------------------------- |
|
7819 Mon Aug 22 06:10:12 CEST 2005 - stark@suse.de |
|
7820 |
|
7821 - install gconf schema for lockdown also on non-NLD |
|
7822 - added backports (firefox-backports.patch) |
|
7823 * gtk_im_context_set_cursor_location() is not used (bmo #281339) |
|
7824 * fixed crash in imgCacheValidator::OnStartRequest() |
|
7825 (bmo #293307) |
|
7826 - workaround for linking with pangoxft and pangox |
|
7827 (broken by gtk 2.8 update) (#105764) |
|
7828 - remove extensions on deinstallation |
|
7829 - include dragonegg (kparts) plugin (#105468) |
|
7830 |
|
7831 ------------------------------------------------------------------- |
|
7832 Thu Aug 18 13:08:55 CEST 2005 - stark@suse.de |
|
7833 |
|
7834 - fixed regression in profile locking change (bmo #303633) |
|
7835 - added rtsp handler to global config (#104434) |
|
7836 - don't blacklist help: protocol (bmo #304833) |
|
7837 - fixed Gdk-WARNING at startup (gtk.patch) |
|
7838 - fixed crash with gtk 2.7 (bmo #300226, bnc #104586) |
|
7839 - fixed installation of the beagle plugin |
|
7840 - update industrial theme to 1.0.11 (#104564) |
|
7841 - included lockdownV2 (removed obsolete gconf.diff) |
|
7842 - linked firefox-bin with rpath to progdir |
|
7843 |
|
7844 ------------------------------------------------------------------- |
|
7845 Fri Aug 5 09:51:26 CEST 2005 - stark@suse.de |
|
7846 |
|
7847 - fixed profile locking (bmo #151188) |
|
7848 - install beagle extension globally |
|
7849 |
|
7850 ------------------------------------------------------------------- |
|
7851 Fri Jul 29 06:58:24 CEST 2005 - stark@suse.de |
|
7852 |
|
7853 - don't require and provide NSS libs (#98002) |
|
7854 - fixed printing error 'You cannot print while in print preview' |
|
7855 (#96991, bmo #302445) |
|
7856 |
|
7857 ------------------------------------------------------------------- |
|
7858 Wed Jul 27 09:34:12 CEST 2005 - stark@suse.de |
|
7859 |
|
7860 - fixed Firefox on ppc (stack-direction.patch) (#97359) |
|
7861 - removed open-pref from startscript as it is done |
|
7862 automatically now (#73042) |
|
7863 - updated Novell searchplugins |
|
7864 |
|
7865 ------------------------------------------------------------------- |
|
7866 Mon Jul 25 12:32:13 CEST 2005 - stark@suse.de |
|
7867 |
|
7868 - GTK filechooser is now modal (#8533) |
|
7869 - backed out patch to add tooltips to print-preview |
|
7870 because it breaks localization |
|
7871 |
|
7872 ------------------------------------------------------------------- |
|
7873 Fri Jul 22 10:54:39 CEST 2005 - stark@suse.de |
|
7874 |
|
7875 - fixed another problem in printing patch |
|
7876 |
|
7877 ------------------------------------------------------------------- |
|
7878 Tue Jul 19 10:44:59 CEST 2005 - stark@suse.de |
|
7879 |
|
7880 - fixed error in ft-xft-ps2.patch |
|
7881 - disabled stripping in spec instead of patch |
|
7882 - added NSPR to PreReq |
|
7883 |
|
7884 ------------------------------------------------------------------- |
|
7885 Mon Jul 18 08:43:24 CEST 2005 - stark@suse.de |
|
7886 |
|
7887 - fixed some more regressions with final 1.0.6 |
|
7888 - fixed width calculation in Postscript module (bmo #290292) |
|
7889 - fixed plugin event starvation (bnc #94749, #94751, bmo #301161) |
|
7890 |
|
7891 ------------------------------------------------------------------- |
|
7892 Fri Jul 15 11:24:47 CEST 2005 - stark@suse.de |
|
7893 |
|
7894 - searchplugins can now be installed per profile (#8176) |
|
7895 |
|
7896 ------------------------------------------------------------------- |
|
7897 Fri Jul 15 06:54:02 CEST 2005 - stark@suse.de |
|
7898 |
|
7899 - update to 1.0.6 which restores API compatibility |
|
7900 |
|
7901 ------------------------------------------------------------------- |
|
7902 Tue Jul 12 06:20:37 CEST 2005 - stark@suse.de |
|
7903 |
|
7904 - update to 1.0.5 final (#88509) |
|
7905 - don't strip explicitely |
|
7906 - don't ship beagle.xpi |
|
7907 |
|
7908 ------------------------------------------------------------------- |
|
7909 Wed Jul 6 14:13:09 CEST 2005 - stark@suse.de |
|
7910 |
|
7911 - update to 1.0.5-pre (20050705) |
|
7912 - use RPM_OPT_FLAGS for NSS component |
|
7913 - fixed implicit declarations and uninitialized used variables |
|
7914 - added patch for bmo #87969 |
|
7915 |
|
7916 ------------------------------------------------------------------- |
|
7917 Tue Jul 5 10:17:16 CEST 2005 - stark@suse.de |
|
7918 |
|
7919 - fixed regression from security update (#95069, bmo #298478) |
|
7920 |
|
7921 ------------------------------------------------------------------- |
|
7922 Mon Jun 27 21:46:58 CEST 2005 - stark@suse.de |
|
7923 |
|
7924 - don't use system-prefs by default on NLD |
|
7925 - removed basic lockdown stuff for SUSE Linux |
|
7926 (it's not needed and caused problems: bnc #75418) |
|
7927 - fixed NLD lockdown patch (bnc #75418) |
|
7928 - don't write prefs back to gconf for now |
|
7929 |
|
7930 ------------------------------------------------------------------- |
|
7931 Wed Jun 22 07:32:42 CEST 2005 - stark@suse.de |
|
7932 |
|
7933 - new NLD lockdown patch which is syncing user prefs to gconf |
|
7934 - update to 1.0.5pre security-release |
|
7935 |
|
7936 ------------------------------------------------------------------- |
|
7937 Thu Jun 9 06:56:02 CEST 2005 - stark@suse.de |
|
7938 |
|
7939 - new revision of NLD lockdown patch |
|
7940 - fixed remote usage behaviour in start script (bnc #41903) |
|
7941 - got more bugfixes from the branch |
|
7942 |
|
7943 ------------------------------------------------------------------- |
|
7944 Thu Jun 2 10:31:48 CEST 2005 - stark@suse.de |
|
7945 |
|
7946 - fixed neededforbuild |
|
7947 |
|
7948 ------------------------------------------------------------------- |
|
7949 Wed Jun 1 20:15:25 CEST 2005 - stark@suse.de |
|
7950 |
|
7951 - fixed IDN for 64bit platforms (bmo #236425, bnc #46268) |
|
7952 |
|
7953 ------------------------------------------------------------------- |
|
7954 Fri May 20 15:12:06 CEST 2005 - stark@suse.de |
|
7955 |
|
7956 - fixed keybinding for KP separator (bnc #84147) |
|
7957 - pulled security related patch from upstream branch |
|
7958 - update plastikfox theme to version 1.6 |
|
7959 |
|
7960 ------------------------------------------------------------------- |
|
7961 Thu May 12 06:16:25 CEST 2005 - stark@suse.de |
|
7962 |
|
7963 - update to final 1.0.4 release |
|
7964 |
|
7965 ------------------------------------------------------------------- |
|
7966 Tue May 10 06:38:05 CEST 2005 - stark@suse.de |
|
7967 |
|
7968 - update to 1.0.4 security release |
|
7969 - removed s390(x) patches (upstream) |
|
7970 - made two more files %verify (81692) |
|
7971 - updated NLD lockdown patch (81304) |
|
7972 |
|
7973 ------------------------------------------------------------------- |
|
7974 Thu Apr 28 09:45:53 CEST 2005 - stark@suse.de |
|
7975 |
|
7976 - use static NSPR libs from new location |
|
7977 |
|
7978 ------------------------------------------------------------------- |
|
7979 Sat Apr 23 15:56:08 CEST 2005 - stark@suse.de |
|
7980 |
|
7981 - activate usage of system NSPR for distributions after 9.3 |
|
7982 - add patch to be able to use systen NSPR at all |
|
7983 |
|
7984 ------------------------------------------------------------------- |
|
7985 Fri Apr 22 02:06:06 CEST 2005 - ro@suse.de |
|
7986 |
|
7987 - use mozilla-gcc4.patch |
|
7988 |
|
7989 ------------------------------------------------------------------- |
|
7990 Thu Apr 21 12:51:19 CEST 2005 - stark@suse.de |
|
7991 |
|
7992 - don't execute gconf magic within build environment |
|
7993 |
|
7994 ------------------------------------------------------------------- |
|
7995 Sat Apr 16 13:05:37 CEST 2005 - stark@suse.de |
|
7996 |
|
7997 - update to final 1.0.3 release |
|
7998 |
|
7999 ------------------------------------------------------------------- |
|
8000 Fri Apr 15 00:10:54 CEST 2005 - ro@suse.de |
|
8001 |
|
8002 - fix problem in postinstall script |
|
8003 |
|
8004 ------------------------------------------------------------------- |
|
8005 Wed Apr 14 09:20:02 CEST 2005 - stark@suse.de |
|
8006 |
|
8007 - included fixed lockdown patch for NLD |
|
8008 - linked proxies within Firefox with gnome settings (NLD) |
|
8009 - added gconfd restart procedure to install script |
|
8010 (only needed if gconf changes are done) (#76852) |
|
8011 |
|
8012 ------------------------------------------------------------------- |
|
8013 Sat Apr 2 21:03:11 CEST 2005 - stark@suse.de |
|
8014 |
|
8015 - update to security pre-release 1.0.3 (#75692) |
|
8016 * Manual plug-in install, javascript vulnerability (bmo #288556) |
|
8017 * Access memory vulnerability (bmo #288688) |
|
8018 |
|
8019 ------------------------------------------------------------------- |
|
8020 Fri Apr 1 11:32:44 CEST 2005 - stark@suse.de |
|
8021 |
|
8022 - added advanced lockdown features for ZLM integration (NLD-only) |
|
8023 |
|
8024 ------------------------------------------------------------------- |
|
8025 Tue Mar 22 12:33:15 CET 2005 - stark@suse.de |
|
8026 |
|
8027 - update to final 1.0.2 |
|
8028 - use new theme handling on NLD |
|
8029 - added default-plugin-less-annoying from mozilla |
|
8030 - use GTK2 for Flash |
|
8031 - use system NSPR on SUSE releases after 9.3 |
|
8032 - made startscript PIS aware |
|
8033 - set g-application-name correctly (bmo #281979) |
|
8034 - added man-page |
|
8035 - use GTK system colors |
|
8036 - modify useragent string and add vendor id |
|
8037 - activate smooth-scrolling by default (#74310) |
|
8038 |
|
8039 ------------------------------------------------------------------- |
|
8040 Tue Mar 22 08:59:06 CET 2005 - stark@suse.de |
|
8041 |
|
8042 - don't register beagle automatically (#74062) |
|
8043 - added default bookmarks for SUSE LINUX |
|
8044 |
|
8045 ------------------------------------------------------------------- |
|
8046 Mon Mar 21 18:20:39 CET 2005 - max@suse.de |
|
8047 |
|
8048 - Fixed a typo in the shell code that handles inclusion of the |
|
8049 Acrobat Reader plugin (#70861). |
|
8050 |
|
8051 ------------------------------------------------------------------- |
|
8052 Thu Mar 17 21:01:11 CET 2005 - stark@suse.de |
|
8053 |
|
8054 - updates from upcoming 1.0.2 |
|
8055 - added again logic to use Adobe Reader 7 (#70861) |
|
8056 - fixed crash in ICO decoding (#67142, bmo #245631) |
|
8057 - preinstall beagle extension (#72920) |
|
8058 - bugfixes in trigger scripts |
|
8059 - fixed industrial theming for Gnome (#72918) |
|
8060 |
|
8061 ------------------------------------------------------------------- |
|
8062 Sat Mar 12 12:42:16 CET 2005 - stark@suse.de |
|
8063 |
|
8064 - fixed more security related bugs |
|
8065 (bmo #284551, #284627, #285595) |
|
8066 |
|
8067 ------------------------------------------------------------------- |
|
8068 Wed Mar 9 21:42:05 CET 2005 - stark@suse.de |
|
8069 |
|
8070 - update also GNOME desktop file (#71810) |
|
8071 - added firefox-gnome.png to filelist |
|
8072 - use correct Firefox icon |
|
8073 |
|
8074 ------------------------------------------------------------------- |
|
8075 Mon Mar 7 20:47:00 CET 2005 - stark@suse.de |
|
8076 |
|
8077 - disable inclusion of acrobat plugin again (#70861) |
|
8078 - don't use gconfd in registration phase (#66381) |
|
8079 |
|
8080 ------------------------------------------------------------------- |
|
8081 Mon Mar 7 16:13:29 CET 2005 - adrian@suse.de |
|
8082 |
|
8083 - use standard icon again for the default desktop file and |
|
8084 add a Gnome-only desktop file for the Gnome icon |
|
8085 - add plastikfox chrome theme to fix button order within KDE |
|
8086 - add patch for automatic theme selection for KDE and Gnome |
|
8087 - do register extensions in rebuild-databases.sh instead of %install, |
|
8088 to fix needed timestamps |
|
8089 |
|
8090 ------------------------------------------------------------------- |
|
8091 Fri Mar 4 07:54:47 CET 2005 - stark@suse.de |
|
8092 |
|
8093 - extend add-plugins to recognize Java 1.5 (#66909) |
|
8094 - changed comment in desktop-file (#66867) |
|
8095 |
|
8096 ------------------------------------------------------------------- |
|
8097 Tue Feb 22 09:33:44 CET 2005 - stark@suse.de |
|
8098 |
|
8099 - make --display parameter working in all cases (bnc #66043) |
|
8100 - revised postscript patch |
|
8101 - final 1.0.1 codebase |
|
8102 |
|
8103 ------------------------------------------------------------------- |
|
8104 Mon Feb 21 13:09:30 CET 2005 - stark@suse.de |
|
8105 |
|
8106 - added patch to create Postscript level 2 (instead of 3) |
|
8107 (special thanks to Jungshik Shin) |
|
8108 - disabled freetype explicitly to be able to use the above patch |
|
8109 (freetype wasn't used anymore since some time anyway) |
|
8110 |
|
8111 ------------------------------------------------------------------- |
|
8112 Fri Feb 18 09:10:10 CET 2005 - stark@suse.de |
|
8113 |
|
8114 - got more patches from branch to get another IDN fix and to |
|
8115 fix bug #51019 |
|
8116 - enabled IDN again |
|
8117 |
|
8118 ------------------------------------------------------------------- |
|
8119 Wed Feb 16 09:20:39 CET 2005 - stark@suse.de |
|
8120 |
|
8121 - bumped version number to 1.0.1 |
|
8122 |
|
8123 ------------------------------------------------------------------- |
|
8124 Tue Feb 15 10:26:04 CET 2005 - stark@suse.de |
|
8125 |
|
8126 - got updates from 1.0.1 branch |
|
8127 |
|
8128 ------------------------------------------------------------------- |
|
8129 Thu Feb 10 06:57:33 CET 2005 - stark@suse.de |
|
8130 |
|
8131 - additional fireflashing fix (#50635, bmo #280664) |
|
8132 - some more security related fixes |
|
8133 (bmo #268483, #273498, #277322) |
|
8134 - fire up GTK2 filepicker if GNOME is running |
|
8135 |
|
8136 ------------------------------------------------------------------- |
|
8137 Tue Feb 8 07:51:13 CET 2005 - stark@suse.de |
|
8138 |
|
8139 - some prefs are ignored (bmo #261934) |
|
8140 - disabled default IDN (#50566) |
|
8141 - fixed some more bugzilla.mozilla.org bugs: |
|
8142 #276482, #280056, #280603 |
|
8143 |
|
8144 ------------------------------------------------------------------- |
|
8145 Sun Feb 6 13:10:12 CET 2005 - stark@suse.de |
|
8146 |
|
8147 - use same desktop categories for Professional and NLD |
|
8148 - added some lockdown stuff for printing and page saving |
|
8149 (bmo #280488) |
|
8150 |
|
8151 ------------------------------------------------------------------- |
|
8152 Wed Feb 2 13:58:53 CET 2005 - stark@suse.de |
|
8153 |
|
8154 - modified gconf.diff to honor ignore_hosts (bmo #280742) |
|
8155 - added a JS crasher fix (bmo #268535) |
|
8156 - added more fixes (bmo #255441, #273024, #275405, #275634) |
|
8157 |
|
8158 ------------------------------------------------------------------- |
|
8159 Fri Jan 28 12:39:37 CET 2005 - stark@suse.de |
|
8160 |
|
8161 - added gplflash inclusion |
|
8162 - improved JRE inclusion |
|
8163 - reactivated usage of Acrobat Reader plugin |
|
8164 (ready for acroread 7) |
|
8165 |
|
8166 ------------------------------------------------------------------- |
|
8167 Sat Jan 22 13:16:47 CET 2005 - stark@suse.de |
|
8168 |
|
8169 - added some backported bugfixes |
|
8170 |
|
8171 ------------------------------------------------------------------- |
|
8172 Sat Dec 18 10:30:11 CET 2004 - stark@suse.de |
|
8173 |
|
8174 - updated industrial theme to 1.0.9 |
|
8175 - use slightly changed icon for menu-entry (bnc #275) |
|
8176 - use original desktop file for NLD again |
|
8177 |
|
8178 ------------------------------------------------------------------- |
|
8179 Thu Dec 16 19:37:48 CET 2004 - stark@suse.de |
|
8180 |
|
8181 - newer patch for GNOME associations (bnc #362) |
|
8182 - fix overwriting of files with GTK picker (Ximian #65068) |
|
8183 - readded the industrial default theme patch for NLD |
|
8184 |
|
8185 ------------------------------------------------------------------- |
|
8186 Wed Dec 15 11:50:56 CET 2004 - stark@suse.de |
|
8187 |
|
8188 - activate GTK filepicker for NLD again |
|
8189 - fix for GNOME helper applications with parameters |
|
8190 - make GNOME associations the default on NLD |
|
8191 |
|
8192 ------------------------------------------------------------------- |
|
8193 Sat Dec 4 16:11:01 CET 2004 - stark@suse.de |
|
8194 |
|
8195 - fixed build on s390/s390x |
|
8196 - added patch to be able to install-global without running X |
|
8197 (bmo #265859) |
|
8198 |
|
8199 ------------------------------------------------------------------- |
|
8200 Thu Nov 18 21:48:05 CET 2004 - stark@suse.de |
|
8201 |
|
8202 - update industrial theme to 1.0.8 (still not activated) |
|
8203 - added patch to make home-directory the default download dir |
|
8204 (on NLD is still used Desktop) |
|
8205 |
|
8206 ------------------------------------------------------------------- |
|
8207 Thu Nov 11 09:01:58 CET 2004 - stark@suse.de |
|
8208 |
|
8209 - made initial window height smaller again |
|
8210 |
|
8211 ------------------------------------------------------------------- |
|
8212 Tue Nov 9 09:09:06 CET 2004 - stark@suse.de |
|
8213 |
|
8214 - update to final 1.0 release (20041109) |
|
8215 |
|
8216 ------------------------------------------------------------------- |
|
8217 Thu Nov 4 08:22:36 CET 2004 - stark@suse.de |
|
8218 |
|
8219 - update to 1.0rc2 |
|
8220 |
|
8221 ------------------------------------------------------------------- |
|
8222 Sat Oct 30 21:27:29 CEST 2004 - stark@suse.de |
|
8223 |
|
8224 - added missing s390(x) patch |
|
8225 |
|
8226 ------------------------------------------------------------------- |
|
8227 Wed Oct 27 07:26:25 CEST 2004 - stark@suse.de |
|
8228 |
|
8229 - update to 1.0rc1 codebase |
|
8230 - printing via XFT/fontconfig |
|
8231 - freetype changes to avoid API conflicts with newer freetype2 |
|
8232 - fixed build for s390/s390x |
|
8233 - removed AMD64 patch (included upstream) |
|
8234 - added translations sub-package |
|
8235 - removed "Show folder" patch for NLD (resolved upstream) |
|
8236 - don't use gnome-filepicker patch for NLD for now |
|
8237 - removed hppa buildfix (included upstream) |
|
8238 - removed untitled.patch (bmo #24068) resolved by (bmo #262478) |
|
8239 - use make -C browser/installer now to prepare installation |
|
8240 - don't check for default browser at startup (#47587) |
|
8241 - updated industrial.jar (0.99.13) (disabled) |
|
8242 |
|
8243 ------------------------------------------------------------------- |
|
8244 Fri Oct 15 13:51:54 CEST 2004 - stark@suse.de |
|
8245 |
|
8246 - inherit locale from system |
|
8247 - fixed chrome registration |
|
8248 |
|
8249 ------------------------------------------------------------------- |
|
8250 Wed Oct 6 23:11:01 CEST 2004 - joeshaw@suse.de |
|
8251 |
|
8252 - disable gconf settings as default (Ximian #67718) |
|
8253 |
|
8254 ------------------------------------------------------------------- |
|
8255 Wed Oct 6 07:04:05 CEST 2004 - stark@suse.de |
|
8256 |
|
8257 - fixed inclusion of RealPlayer plugin again |
|
8258 |
|
8259 ------------------------------------------------------------------- |
|
8260 Tue Oct 5 10:09:04 CEST 2004 - stark@suse.de |
|
8261 |
|
8262 - small important fix in firefox-download.patch (Ximian #65472) |
|
8263 |
|
8264 ------------------------------------------------------------------- |
|
8265 Sun Oct 3 00:02:09 CEST 2004 - stark@suse.de |
|
8266 |
|
8267 - added security-fix from 0.10.1 (mozilla.org #259708) (#46687) |
|
8268 |
|
8269 ------------------------------------------------------------------- |
|
8270 Fri Oct 1 12:49:38 CEST 2004 - stark@suse.de |
|
8271 |
|
8272 - final fix for downloading to Desktop folder (Ximian #65756) |
|
8273 - remove Postscript from printer names (Ximian #65560) |
|
8274 |
|
8275 ------------------------------------------------------------------- |
|
8276 Thu Sep 30 16:14:10 CEST 2004 - shprasad@suse.de |
|
8277 |
|
8278 - Modified the MozillaFirefox.desktop file. |
|
8279 Changed the name 'Firefox' to 'Firefox Web Browser'. |
|
8280 Also changed it for all languages. |
|
8281 |
|
8282 ------------------------------------------------------------------- |
|
8283 Wed Sep 29 15:54:46 CEST 2004 - stark@suse.de |
|
8284 |
|
8285 - fix inclusion of RealPlayer plugin (Ximian #65711) |
|
8286 |
|
8287 ------------------------------------------------------------------- |
|
8288 Mon Sep 27 17:51:24 CEST 2004 - joeshaw@suse.de |
|
8289 |
|
8290 - Update the industrial default patch, for some reason it didn't |
|
8291 take before. |
|
8292 |
|
8293 ------------------------------------------------------------------- |
|
8294 Fri Sep 24 07:34:48 CEST 2004 - stark@suse.de |
|
8295 |
|
8296 - fix for Ximian #65176 (mozilla.org #240068) |
|
8297 - revised patch for update function (Ximian #65615) |
|
8298 |
|
8299 ------------------------------------------------------------------- |
|
8300 Thu Sep 23 20:21:39 CEST 2004 - joeshaw@suse.de |
|
8301 |
|
8302 - Uncomment the patch which tells the UI that industrial is the |
|
8303 default. |
|
8304 |
|
8305 ------------------------------------------------------------------- |
|
8306 Thu Sep 23 12:38:06 CEST 2004 - stark@suse.de |
|
8307 |
|
8308 - open Nautilus on NLD for 'Show folder' in download settings |
|
8309 (Ximian #65472) by sragavan@novell.com |
|
8310 - save to Desktop folder if selected (Ximian #65756) |
|
8311 by sragavan@novell.com |
|
8312 |
|
8313 ------------------------------------------------------------------- |
|
8314 Wed Sep 22 10:23:01 CEST 2004 - stark@suse.de |
|
8315 |
|
8316 - synced NLD package with 9.2 version |
|
8317 - GTK2 filepicker does now ask for confirmation when overwriting |
|
8318 files (Ximian #65068) by sagarwala@novell.com |
|
8319 - no direct update function (Ximian #65615) by rganesan@novell.com |
|
8320 - throbber linked to Novell (Ximian #66283) by rganesan@novell.com |
|
8321 - make industrial the default theme for NLD |
|
8322 (Ximian #65542) by joeshaw@suse.de |
|
8323 |
|
8324 ------------------------------------------------------------------- |
|
8325 Mon Sep 20 22:00:55 CEST 2004 - joeshaw@suse.de |
|
8326 |
|
8327 - Add default bookmarks. Ximian #65546. |
|
8328 - Add the industrial theme, but it's not the default yet. |
|
8329 - Remove acroread from add-plugins because it's badly behaved. |
|
8330 Ximian #65499. |
|
8331 |
|
8332 ------------------------------------------------------------------- |
|
8333 Mon Sep 20 17:57:38 CEST 2004 - federico@ximian.com |
|
8334 |
|
8335 - Added MozillaFirefox-toplevel-window-height.diff for |
|
8336 http://bugzilla.ximian.com/show_bug.cgi?id=65543 |
|
8337 |
|
8338 ------------------------------------------------------------------- |
|
8339 Sun Sep 19 15:42:30 CEST 2004 - stark@suse.de |
|
8340 |
|
8341 - use GNOME system prefs only for NLD by default |
|
8342 (fixes bug #45575) |
|
8343 |
|
8344 ------------------------------------------------------------------- |
|
8345 Fri Sep 17 08:59:32 CEST 2004 - stark@suse.de |
|
8346 |
|
8347 - joeshaw@suse.de: Update GConf patch so that proxy settings work |
|
8348 correctly (Ximian #64461) |
|
8349 - don't search Java on every path (Ximian #65383) |
|
8350 - added some missing fixes for official release |
|
8351 - added new java package name for triggers (#45257) |
|
8352 |
|
8353 ------------------------------------------------------------------- |
|
8354 Sat Sep 11 13:25:41 CEST 2004 - stark@suse.de |
|
8355 |
|
8356 - update to official 1.0PR (0.10) |
|
8357 - adopted gnome-filepicker patch |
|
8358 - removed obsolete CUPS hack from start-script |
|
8359 (Ximian #65635, #65560) |
|
8360 |
|
8361 ------------------------------------------------------------------- |
|
8362 Thu Sep 9 21:35:42 CEST 2004 - stark@suse.de |
|
8363 |
|
8364 - fixed endianess on AMD64 in JS component (#34743) |
|
8365 |
|
8366 ------------------------------------------------------------------- |
|
8367 Mon Sep 6 17:33:07 CEST 2004 - stark@suse.de |
|
8368 |
|
8369 - fixed filelist |
|
8370 |
|
8371 ------------------------------------------------------------------- |
|
8372 Mon Sep 6 13:48:03 CEST 2004 - stark@suse.de |
|
8373 |
|
8374 - update to 1.0PR (aka 0.10) |
|
8375 |
|
8376 ------------------------------------------------------------------- |
|
8377 Fri Sep 3 21:35:47 CEST 2004 - stark@suse.de |
|
8378 |
|
8379 - added ppc64 patch |
|
8380 |
|
8381 ------------------------------------------------------------------- |
|
8382 Thu Sep 2 03:08:59 CEST 2004 - dave@suse.de |
|
8383 |
|
8384 - Fixed up the .desktop installation on nld |
|
8385 |
|
8386 ------------------------------------------------------------------- |
|
8387 Wed Sep 1 15:05:48 CEST 2004 - shprasad@suse.de |
|
8388 |
|
8389 - Doesn't ask to set Firefox as default web-browser. |
|
8390 |
|
8391 ------------------------------------------------------------------- |
|
8392 Tue Aug 31 14:01:18 CEST 2004 - stark@suse.de |
|
8393 |
|
8394 - next new version for filepicker stuff |
|
8395 - deactivated native filepicker for NLD |
|
8396 - update to snapshot (20040831) |
|
8397 |
|
8398 ------------------------------------------------------------------- |
|
8399 Tue Aug 24 17:35:52 CEST 2004 - stark@suse.de |
|
8400 |
|
8401 - new version of gnome-filepicker patch |
|
8402 - added patch for config |
|
8403 |
|
8404 ------------------------------------------------------------------- |
|
8405 Fri Aug 20 17:12:48 CEST 2004 - stark@suse.de |
|
8406 |
|
8407 - update to snapshot (20040820) |
|
8408 |
|
8409 ------------------------------------------------------------------- |
|
8410 Thu Aug 19 08:46:42 CEST 2004 - stark@suse.de |
|
8411 |
|
8412 - added workaround for mozilla bug #246313 |
|
8413 (Firefox does not start: getting "cannot open display" error) |
|
8414 |
|
8415 ------------------------------------------------------------------- |
|
8416 Wed Aug 18 15:07:22 CEST 2004 - stark@suse.de |
|
8417 |
|
8418 - added some patches from Ximian |
|
8419 - use GNOME filepicker |
|
8420 - use more gconf settings |
|
8421 - set startup homepage to Novell |
|
8422 |
|
8423 ------------------------------------------------------------------- |
|
8424 Tue Aug 17 13:12:35 CEST 2004 - stark@suse.de |
|
8425 |
|
8426 - update to pre-1.0.0 (20040817) |
|
8427 |
|
8428 ------------------------------------------------------------------- |
|
8429 Thu Aug 5 06:27:41 CEST 2004 - stark@suse.de |
|
8430 |
|
8431 - security update to 0.9.3 |
|
8432 (including #43312 and others) |
|
8433 - handle RealPlayer 9 plugin |
|
8434 |
|
8435 ------------------------------------------------------------------- |
|
8436 Mon Aug 2 15:11:51 CEST 2004 - ro@suse.de |
|
8437 |
|
8438 - recode desktop file to utf-8 |
|
8439 |
|
8440 ------------------------------------------------------------------- |
|
8441 Wed Jul 28 08:46:31 CEST 2004 - stark@suse.de |
|
8442 |
|
8443 - added fix against certificate spoofing (#43312) |
|
8444 |
|
8445 ------------------------------------------------------------------- |
|
8446 Fri Jul 23 06:31:41 CEST 2004 - stark@suse.de |
|
8447 |
|
8448 - update to 0.9.2 |
|
8449 - added workaround for extension registry |
|
8450 - removed old (incompatible) mozex extension |
|
8451 |
|
8452 ------------------------------------------------------------------- |
|
8453 Tue Jun 29 06:27:59 CEST 2004 - stark@suse.de |
|
8454 |
|
8455 - update to 0.9.1 |
|
8456 - added hint to run as root first |
|
8457 |
|
8458 ------------------------------------------------------------------- |
|
8459 Tue Jun 15 12:42:28 CEST 2004 - stark@suse.de |
|
8460 |
|
8461 - update to 0.9 |
|
8462 - added patch for newer freetype |
|
8463 |
|
8464 ------------------------------------------------------------------- |
|
8465 Fri Apr 2 10:31:45 CEST 2004 - stark@suse.de |
|
8466 |
|
8467 - removing relocation of TEMP directory (#34391) |
|
8468 |
|
8469 ------------------------------------------------------------------- |
|
8470 Mon Mar 29 11:43:51 CEST 2004 - stark@suse.de |
|
8471 |
|
8472 - update to 0.8.0+ (20040503) |
|
8473 - removed firefox logos and activate official branding for |
|
8474 milestone builds |
|
8475 - changed profile-dir to .firefox |
|
8476 - added some needed files |
|
8477 - enabled gnomevfs extension |
|
8478 |
|
8479 ------------------------------------------------------------------- |
|
8480 Fri Mar 26 18:09:34 CET 2004 - uli@suse.de |
|
8481 |
|
8482 - fixed hang during build on s390* (bug #35440) |
|
8483 |
|
8484 ------------------------------------------------------------------- |
|
8485 Wed Mar 3 06:52:00 CET 2004 - stark@suse.de |
|
8486 |
|
8487 - removed unused patches for GTK2 build |
|
8488 - more fixes for (#35179) |
|
8489 |
|
8490 ------------------------------------------------------------------- |
|
8491 Mon Mar 1 07:32:52 CET 2004 - stark@suse.de |
|
8492 |
|
8493 - improved start-script to interact with thunderbird (#35179) |
|
8494 |
|
8495 ------------------------------------------------------------------- |
|
8496 Thu Feb 26 06:57:05 CET 2004 - stark@suse.de |
|
8497 |
|
8498 - use official releasedate |
|
8499 - added official (trademarked) artwork |
|
8500 - added firefox icon to /usr/share/pixmaps |
|
8501 - cleaned up spec-file (there will be no GTK1 version) |
|
8502 |
|
8503 ------------------------------------------------------------------- |
|
8504 Tue Feb 24 16:43:17 CET 2004 - stark@suse.de |
|
8505 |
|
8506 - fixed optimization for non-x86 archs |
|
8507 |
|
8508 ------------------------------------------------------------------- |
|
8509 Tue Feb 24 07:43:35 CET 2004 - stark@suse.de |
|
8510 |
|
8511 - adopted file-list and build options to original distribution |
|
8512 - added prdtoa fix (#32963) |
|
8513 - added hook for static firefox build to rebuild-databases.sh |
|
8514 - added compiler flags for security/ (nss-opt.patch) |
|
8515 - included mozex (mozex.mozdev.org) |
|
8516 - added -Os as optimization flag |
|
8517 |
|
8518 ------------------------------------------------------------------- |
|
8519 Mon Feb 9 21:59:37 CET 2004 - stark@suse.de |
|
8520 |
|
8521 - renamed to MozillaFirefox |
|
8522 - update to final version 0.8 |
|
8523 |
|
8524 ------------------------------------------------------------------- |
|
8525 Fri Feb 6 08:39:15 CET 2004 - stark@suse.de |
|
8526 |
|
8527 - update to Firebird 0.8 (20040205) |
|
8528 - added mips build fix |
|
8529 - set PS printer list in MozillaFirebird.sh |
|
8530 - use lib64 again for biarch platforms |
|
8531 |
|
8532 ------------------------------------------------------------------- |
|
8533 Sat Jan 10 10:33:54 CET 2004 - adrian@suse.de |
|
8534 |
|
8535 - build as user |
|
8536 |
|
8537 ------------------------------------------------------------------- |
|
8538 Fri Aug 22 11:32:07 CEST 2003 - stark@suse.de |
|
8539 |
|
8540 - upstream sync for 0.6.1post |
|
8541 |
|
8542 ------------------------------------------------------------------- |
|
8543 Sun Aug 10 22:01:12 CEST 2003 - stark@suse.de |
|
8544 |
|
8545 - removed dmoz from searchplugins-filelist |
|
8546 |
|
8547 ------------------------------------------------------------------- |
|
8548 Fri Aug 8 10:30:50 CEST 2003 - stark@suse.de |
|
8549 |
|
8550 - update to 0.6.1post (TRUNK) |
|
8551 - use -fno-strict-aliasing |
|
8552 |
|
8553 ------------------------------------------------------------------- |
|
8554 Thu Jul 31 11:25:39 CEST 2003 - stark@suse.de |
|
8555 |
|
8556 - update to 0.6.1 (MOZILLA_1_4_BRANCH) |
|
8557 - synchronized with mozilla-source |
|
8558 - created file-list |
|
8559 |
|
8560 ------------------------------------------------------------------- |
|
8561 Thu Jul 10 09:45:49 CEST 2003 - stark@suse.de |
|
8562 |
|
8563 - update to snapshot 20030709 |
|
8564 - fixed generation of symlink MozillaFirebird-xremote-client |
|
8565 |
|
8566 ------------------------------------------------------------------- |
|
8567 Fri Jun 20 06:53:08 CEST 2003 - stark@suse.de |
|
8568 |
|
8569 - update to snapshot 20030622 (0.7pre) |
|
8570 |
|
8571 ------------------------------------------------------------------- |
|
8572 Mon May 19 08:54:46 CEST 2003 - stark@suse.de |
|
8573 |
|
8574 - update to snapshot 20030518 (0.6) |
|
8575 |
|
8576 ------------------------------------------------------------------- |
|
8577 Sun May 7 10:11:16 CEST 2003 - stark@suse.de |
|
8578 |
|
8579 - update to snapshot 20030507 |
|
8580 |
|
8581 ------------------------------------------------------------------- |
|
8582 Wed Apr 30 13:26:43 CEST 2003 - stark@suse.de |
|
8583 |
|
8584 - initial SuSE package |
|
8585 |