--- a/MozillaFirefox/MozillaFirefox.changes Sun Mar 22 14:02:18 2015 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Wed Apr 08 00:59:13 2015 +0200
@@ -1,12 +1,73 @@
-------------------------------------------------------------------
-Sun Mar 22 13:00:28 UTC 2015 - wr@rosenauer.org
-
-- update to Firefox 37.0b7
-- removed obsolete patch
+Tue Apr 7 22:57:36 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.0b2
+- requires NSS 3.18
+
+-------------------------------------------------------------------
+Fri Apr 3 08:27:24 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 37.0.1 (bnc#926166)
+ * MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only)
+ Loading privileged content through Reader mode
+ * MFSA 2015-44/CVE-2015-0799 (bmo#1148328)
+ Certificate verification bypass through the HTTP/2 Alt-Svc header
+
+-------------------------------------------------------------------
+Sat Mar 28 09:46:48 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 37.0 (bnc#925368)
+ * Heartbeat user rating system
+ * Yandex set as default search provider for the Turkish locale
+ * Bing search now uses HTTPS for secure searching
+ * Improved protection against site impersonation via OneCRL
+ centralized certificate revocation
+ * Opportunistically encrypt HTTP traffic where the server supports
+ HTTP/2 AltSvc
+ * some more behaviour changes for TLS
+ security fixes:
+ * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
+ Miscellaneous memory safety hazards
+ * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
+ Use-after-free when using the Fluendo MP3 GStreamer plugin
+ * MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
+ Add-on lightweight theme installation approval bypassed through
+ MITM attack
+ * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
+ resource:// documents can load privileged pages
+ * MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
+ Out of bounds read in QCMS library
+ * MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
+ Cursor clickjacking with flash and images (OS X only)
+ * MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
+ Incorrect memory management for simple-type arrays in WebRTC
+ * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
+ CORS requests should not follow 30x redirections after preflight
+ * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
+ Memory corruption crashes in Off Main Thread Compositing
+ * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)
+ Use-after-free due to type confusion flaws
+ * MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
+ Same-origin bypass through anchor navigation
+ * MFSA-2015-41/CVE-2015-0800/CVE-2012-2808
+ PRNG weakness allows for DNS poisoning on Android (only)
+ * MFSA-2015-42/CVE-2015-0802 (bmo#1124898)
+ Windows can retain access to privileged content on navigation
+ to unprivileged pages
+- removed obsolete patches
* mozilla-bmo1088588.patch
+ * mozilla-bmo1108834.patch
- requires NSPR 4.10.8
-------------------------------------------------------------------
+Tue Mar 24 15:35:24 UTC 2015 - dvaleev@suse.com
+
+- Fix builds with skia on Power
+ mozilla-skia-be-le.patch (patch from #bmo1136958)
+ mozilla-bmo1108834.patch
+ mozilla-bmo1005535.patch
+
+-------------------------------------------------------------------
Sat Mar 21 09:03:12 UTC 2015 - wr@rosenauer.org
- update to Firefox 36.0.4 (bnc#923534)