|
1 ------------------------------------------------------------------- |
|
2 Wed May 4 10:27:43 UTC 2016 - wr@rosenauer.org |
|
3 |
|
4 - update to Firefox 46.0.1 |
|
5 Fixed: |
|
6 * Search plugin issue for various locales |
|
7 * Add-on signing certificate expiration |
|
8 * Service worker update issue |
|
9 * Build issue when jit is disabled |
|
10 * Limit Sync registration updates |
|
11 - removed now obsolete mozilla-jit_branch64.patch |
|
12 |
|
13 ------------------------------------------------------------------- |
|
14 Tue May 3 15:47:18 UTC 2016 - normand@linux.vnet.ibm.com |
|
15 |
|
16 - add mozilla-jit_branch64.patch to avoid PowerPC build failure |
|
17 (from bmo#1266366) |
|
18 |
|
19 ------------------------------------------------------------------- |
|
20 Wed Apr 27 08:39:28 UTC 2016 - badshah400@gmail.com |
|
21 |
|
22 - Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest |
|
23 version from Fedora). |
|
24 |
|
25 ------------------------------------------------------------------- |
|
26 Wed Apr 27 06:09:30 UTC 2016 - wr@rosenauer.org |
|
27 |
|
28 - update to Firefox 46.0 (boo#977333) |
|
29 * Improved security of the JavaScript Just In Time (JIT) Compiler |
|
30 * WebRTC fixes to improve performance and stability |
|
31 * Added support for document.elementsFromPoint |
|
32 * Added HKDF support for Web Crypto API |
|
33 * requires NSPR 4.12 and NSS 3.22.3 |
|
34 * added patch to fix unchecked return value |
|
35 mozilla-check_return.patch |
|
36 * Gtk3 builds not supported at the moment |
|
37 security fixes: |
|
38 * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807 |
|
39 (boo#977373, boo#977375, boo#977376) |
|
40 Miscellaneous memory safety hazards |
|
41 * MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377) |
|
42 Privilege escalation through file deletion by Maintenance Service updater |
|
43 (Windows only) |
|
44 * MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378) |
|
45 Content provider permission bypass allows malicious application |
|
46 to access data (Android only) |
|
47 * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 |
|
48 (bmo#1252330, bmo#1261776, boo#977379) |
|
49 Use-after-free and buffer overflow in Service Workers |
|
50 * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380) |
|
51 Disclosure of user actions through JavaScript with motion and |
|
52 orientation sensors (only affects mobile variants) |
|
53 * MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381) |
|
54 Buffer overflow in libstagefright with CENC offsets |
|
55 * MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382) |
|
56 CSP not applied to pages sent with multipart/x-mixed-replace |
|
57 * MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384) |
|
58 Elevation of privilege with chrome.tabs.update API in web extensions |
|
59 * MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386) |
|
60 Write to invalid HashMap entry through JavaScript.watch() |
|
61 * MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388) |
|
62 Firefox Health Reports could accept events from untrusted domains |
|
63 |
|
64 ------------------------------------------------------------------- |
|
65 Thu Apr 21 12:00:28 UTC 2016 - badshah400@gmail.com |
|
66 |
|
67 - Update mozilla-gtk3_20.patch to fix scrollbar appearance under |
|
68 gtk >= 3.20 (patch synced to Fedora's version). |
|
69 |
|
70 ------------------------------------------------------------------- |
|
71 Tue Apr 12 19:11:30 UTC 2016 - badshah400@gmail.com |
|
72 |
|
73 - Compile against gtk3 depending on whether the macro |
|
74 %firefox_use_gtk3 is defined or not (e.g., at the prjconf |
|
75 level); macro is undefined by default and so gtk2 is used as the |
|
76 default toolkit. |
|
77 - Add BuildRequires for additional packages needed when building |
|
78 against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0), |
|
79 pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0). |
|
80 - Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20; |
|
81 patch taken from Fedora (bmo#1230955). |
|
82 |
|
83 ------------------------------------------------------------------- |
|
84 Mon Apr 11 22:49:24 UTC 2016 - astieger@suse.com |
|
85 |
|
86 - Mozilla Firefox 45.0.2: |
|
87 * Fix an issue impacting the cookie header when third-party |
|
88 cookies are blocked (bmo#1257861) |
|
89 * Fix a web compatibility regression impacting the srcset |
|
90 attribute of the image tag (bmo#1259482) |
|
91 * Fix a crash impacting the video playback with Media Source |
|
92 Extension (bmo#1258562) |
|
93 * Fix a regression impacting some specific uploads (bmo#1255735) |
|
94 * Fix a regression with the copy and paste with some old versions |
|
95 of some Gecko applications like Thunderbird (bmo#1254980) |
|
96 |
|
97 ------------------------------------------------------------------- |
|
98 Fri Mar 18 08:52:58 UTC 2016 - astieger@suse.com |
|
99 |
|
100 - Mozilla Firefox 45.0.1: |
|
101 * Fix a regression causing search engine settings to be lost in |
|
102 some context (bmo#1254694) |
|
103 * Bring back non-standard jar: URIs to fix a regression in IBM |
|
104 iNotes (bmo#1255139) |
|
105 * XSLTProcessor.importStylesheet was failing when <import> was |
|
106 used (bmo#1249572) |
|
107 * Fix an issue which could cause the list of search provider to |
|
108 be empty (bmo#1255605) |
|
109 * Fix a regression when using the location bar (bmo#1254503) |
|
110 * Fix some loading issues when Accept third-party cookies: was |
|
111 set to Never (bmo#1254856) |
|
112 * Disabled Graphite font shaping library |
|
113 |
|
114 ------------------------------------------------------------------- |
|
115 Sun Mar 6 19:52:13 UTC 2016 - wr@rosenauer.org |
|
116 |
|
117 - update to Firefox 45.0 (boo#969894) |
|
118 * requires NSPR 4.12 / NSS 3.21.1 |
|
119 * Instant browser tab sharing through Hello |
|
120 * Synced Tabs button in button bar |
|
121 * Tabs synced via Firefox Accounts from other devices are now shown |
|
122 in dropdown area of Awesome Bar when searching |
|
123 * Introduce a new preference (network.dns.blockDotOnion) to allow |
|
124 blocking .onion at the DNS level |
|
125 * Tab Groups (Panorama) feature removed |
|
126 * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 |
|
127 Miscellaneous memory safety hazards |
|
128 * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) |
|
129 Local file overwriting and potential privilege escalation through |
|
130 CSP reports |
|
131 * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) |
|
132 CSP reports fail to strip location information for embedded iframe pages |
|
133 * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) |
|
134 Linux video memory DOS with Intel drivers |
|
135 * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) |
|
136 Memory leak in libstagefright when deleting an array during MP4 |
|
137 processing |
|
138 * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) |
|
139 Displayed page address can be overridden |
|
140 * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) |
|
141 Service Worker Manager out-of-bounds read in Service Worker Manager |
|
142 * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) |
|
143 Use-after-free in HTML5 string parser |
|
144 * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) |
|
145 Use-after-free in SetBody |
|
146 * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) |
|
147 Use-after-free when using multiple WebRTC data channels |
|
148 * MFSA 2016-26/CVE-2016-1963 (bmo#1238440) |
|
149 Memory corruption when modifying a file being read by FileReader |
|
150 * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) |
|
151 Use-after-free during XML transformations |
|
152 * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) |
|
153 Addressbar spoofing though history navigation and Location protocol |
|
154 property |
|
155 * MFSA 2016-29/CVE-2016-1967 (bmo#1246956) |
|
156 Same-origin policy violation using perfomance.getEntries and |
|
157 history navigation with session restore |
|
158 * MFSA 2016-30/CVE-2016-1968 (bmo#1246742) |
|
159 Buffer overflow in Brotli decompression |
|
160 * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) |
|
161 Memory corruption with malicious NPAPI plugin |
|
162 * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ |
|
163 CVE-2016-1976/CVE-2016-1972 |
|
164 WebRTC and LibVPX vulnerabilities found through code inspection |
|
165 * MFSA 2016-33/CVE-2016-1973 (bmo#1219339) |
|
166 Use-after-free in GetStaticInstance in WebRTC |
|
167 * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) |
|
168 Out-of-bounds read in HTML parser following a failed allocation |
|
169 * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) |
|
170 Buffer overflow during ASN.1 decoding in NSS |
|
171 (fixed by requiring 3.21.1) |
|
172 * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) |
|
173 Use-after-free during processing of DER encoded keys in NSS |
|
174 (fixed by requiring 3.21.1) |
|
175 * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ |
|
176 CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ |
|
177 CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ |
|
178 CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 |
|
179 Font vulnerabilities in the Graphite 2 library |
|
180 |
|
181 ------------------------------------------------------------------- |
|
182 Sat Mar 5 15:27:00 UTC 2016 - olaf@aepfle.de |
|
183 |
|
184 - Remove B_CNT from symbols.zip filename to reduce build-compare noise |
|
185 |
|
186 ------------------------------------------------------------------- |
|
187 Fri Feb 26 16:22:52 UTC 2016 - astieger@suse.com |
|
188 |
|
189 - fix build problems on i586, caused by too large unified compile |
|
190 units - adding mozilla-reduce-files-per-UnifiedBindings.patch |
|
191 |
|
192 ------------------------------------------------------------------- |
|
193 Thu Feb 11 07:51:34 UTC 2016 - wr@rosenauer.org |
|
194 |
|
195 - update to Firefox 44.0.2 |
|
196 * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) |
|
197 Same-origin-policy violation using Service Workers with plugins |
|
198 * Fix issue which could lead to the removal of stored passwords |
|
199 under certain circumstances (bmo#1242176) |
|
200 * Allows spaces in cookie names (bmo#1244505) |
|
201 * Disable opus/vorbis audio with H.264 (bmo#1245696) |
|
202 * Fix for graphics startup crash (GNU/Linux) (bmo#1222171) |
|
203 * Fix a crash in cache networking (bmo#1244076) |
|
204 * Fix using WebSockets in service worker controlled pages (bmo#1243942) |
|
205 |
|
206 ------------------------------------------------------------------- |
|
207 Sat Jan 30 08:28:17 UTC 2016 - dmueller@suse.com |
|
208 |
|
209 - build fixes for arm/aarch64: |
|
210 * disable webrtc for arm/aarch64 |
|
211 * switch away from openGL-ES backend to default for arm/aarch64 |
|
212 since it almost never builds |
|
213 * reenable neon |
|
214 - reenable webrtc for powerpc as it seems to build |
|
215 |
1 ------------------------------------------------------------------- |
216 ------------------------------------------------------------------- |
2 Sun Jan 24 09:33:15 UTC 2016 - wr@rosenauer.org |
217 Sun Jan 24 09:33:15 UTC 2016 - wr@rosenauer.org |
3 |
218 |
4 - update to Firefox 44.0b9 |
219 - update to Firefox 44.0 |
|
220 * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633 |
|
221 Miscellaneous memory safety hazards |
|
222 * MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634 |
|
223 Out of Memory crash when parsing GIF format images |
|
224 * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635 |
|
225 Buffer overflow in WebGL after out of memory allocation |
|
226 * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637 |
|
227 Firefox allows for control characters to be set in cookie names |
|
228 * MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641 |
|
229 Missing delay following user click events in protocol handler dialog |
|
230 * MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731 |
|
231 Errors in mp_div and mp_exptmod cryptographic functions in NSS |
|
232 (fixed by requiring NSS 3.21) |
|
233 * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590) |
|
234 Addressbar spoofing attacks boo#963643 |
|
235 * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946 |
|
236 (bmo#1186621, bmo#1214782, bmo#1232096) boo#963644 |
|
237 Unsafe memory manipulation found through code inspection |
|
238 * MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645 |
|
239 Application Reputation service disabled in Firefox 43 |
5 * requires NSPR 4.11 |
240 * requires NSPR 4.11 |
6 * requires NSS 3.21 |
241 * requires NSS 3.21 |
7 - prepare mozilla-kde.patch for Gtk3 builds |
242 - prepare mozilla-kde.patch for Gtk3 builds |
8 - rebased patches |
243 - rebased patches |
9 |
244 |