--- a/MozillaFirefox/MozillaFirefox.changes Sun Jan 24 13:40:23 2016 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Thu Apr 28 17:08:03 2016 +0200
@@ -1,7 +1,222 @@
-------------------------------------------------------------------
+Wed Apr 27 08:39:28 UTC 2016 - badshah400@gmail.com
+
+- Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest
+ version from Fedora).
+
+-------------------------------------------------------------------
+Wed Apr 27 06:09:30 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 46.0 (boo#977333)
+ * Improved security of the JavaScript Just In Time (JIT) Compiler
+ * WebRTC fixes to improve performance and stability
+ * Added support for document.elementsFromPoint
+ * Added HKDF support for Web Crypto API
+ * requires NSPR 4.12 and NSS 3.22.3
+ * added patch to fix unchecked return value
+ mozilla-check_return.patch
+ * Gtk3 builds not supported at the moment
+ security fixes:
+ * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807
+ Miscellaneous memory safety hazards
+ * MFSA 2016-40/CVE-2016-2809 (bmo#1212939)
+ Privilege escalation through file deletion by Maintenance Service updater
+ (Windows only)
+ * MFSA 2016-41/CVE-2016-2810 (bmo#1229681)
+ Content provider permission bypass allows malicious application
+ to access data (Android only)
+ * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 (bmo#1252330, bmo#1261776)
+ Use-after-free and buffer overflow in Service Workers
+ * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650)
+ Disclosure of user actions through JavaScript with motion and
+ orientation sensors (only affects mobile variants)
+ * MFSA 2016-44/CVE-2016-2814 (bmo#1254721)
+ Buffer overflow in libstagefright with CENC offsets
+ * MFSA 2016-45/CVE-2016-2816 (bmo#1223743)
+ CSP not applied to pages sent with multipart/x-mixed-replace
+ * MFSA 2016-46/CVE-2016-2817 (bmo#1227462)
+ Elevation of privilege with chrome.tabs.update API in web extensions
+ * MFSA 2016-47/CVE-2016-2808 (bmo#1246061)
+ Write to invalid HashMap entry through JavaScript.watch()
+ * MFSA 2016-48/CVE-2016-2820 (bmo#870870)
+ Firefox Health Reports could accept events from untrusted domains
+
+-------------------------------------------------------------------
+Thu Apr 21 12:00:28 UTC 2016 - badshah400@gmail.com
+
+- Update mozilla-gtk3_20.patch to fix scrollbar appearance under
+ gtk >= 3.20 (patch synced to Fedora's version).
+
+-------------------------------------------------------------------
+Tue Apr 12 19:11:30 UTC 2016 - badshah400@gmail.com
+
+- Compile against gtk3 depending on whether the macro
+ %firefox_use_gtk3 is defined or not (e.g., at the prjconf
+ level); macro is undefined by default and so gtk2 is used as the
+ default toolkit.
+- Add BuildRequires for additional packages needed when building
+ against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0),
+ pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0).
+- Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20;
+ patch taken from Fedora (bmo#1230955).
+
+-------------------------------------------------------------------
+Mon Apr 11 22:49:24 UTC 2016 - astieger@suse.com
+
+- Mozilla Firefox 45.0.2:
+ * Fix an issue impacting the cookie header when third-party
+ cookies are blocked (bmo#1257861)
+ * Fix a web compatibility regression impacting the srcset
+ attribute of the image tag (bmo#1259482)
+ * Fix a crash impacting the video playback with Media Source
+ Extension (bmo#1258562)
+ * Fix a regression impacting some specific uploads (bmo#1255735)
+ * Fix a regression with the copy and paste with some old versions
+ of some Gecko applications like Thunderbird (bmo#1254980)
+
+-------------------------------------------------------------------
+Fri Mar 18 08:52:58 UTC 2016 - astieger@suse.com
+
+- Mozilla Firefox 45.0.1:
+ * Fix a regression causing search engine settings to be lost in
+ some context (bmo#1254694)
+ * Bring back non-standard jar: URIs to fix a regression in IBM
+ iNotes (bmo#1255139)
+ * XSLTProcessor.importStylesheet was failing when <import> was
+ used (bmo#1249572)
+ * Fix an issue which could cause the list of search provider to
+ be empty (bmo#1255605)
+ * Fix a regression when using the location bar (bmo#1254503)
+ * Fix some loading issues when Accept third-party cookies: was
+ set to Never (bmo#1254856)
+ * Disabled Graphite font shaping library
+
+-------------------------------------------------------------------
+Sun Mar 6 19:52:13 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 45.0 (boo#969894)
+ * requires NSPR 4.12 / NSS 3.21.1
+ * Instant browser tab sharing through Hello
+ * Synced Tabs button in button bar
+ * Tabs synced via Firefox Accounts from other devices are now shown
+ in dropdown area of Awesome Bar when searching
+ * Introduce a new preference (network.dns.blockDotOnion) to allow
+ blocking .onion at the DNS level
+ * Tab Groups (Panorama) feature removed
+ * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
+ Miscellaneous memory safety hazards
+ * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
+ Local file overwriting and potential privilege escalation through
+ CSP reports
+ * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
+ CSP reports fail to strip location information for embedded iframe pages
+ * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
+ Linux video memory DOS with Intel drivers
+ * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
+ Memory leak in libstagefright when deleting an array during MP4
+ processing
+ * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
+ Displayed page address can be overridden
+ * MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
+ Service Worker Manager out-of-bounds read in Service Worker Manager
+ * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
+ Use-after-free in HTML5 string parser
+ * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
+ Use-after-free in SetBody
+ * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
+ Use-after-free when using multiple WebRTC data channels
+ * MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
+ Memory corruption when modifying a file being read by FileReader
+ * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
+ Use-after-free during XML transformations
+ * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
+ Addressbar spoofing though history navigation and Location protocol
+ property
+ * MFSA 2016-29/CVE-2016-1967 (bmo#1246956)
+ Same-origin policy violation using perfomance.getEntries and
+ history navigation with session restore
+ * MFSA 2016-30/CVE-2016-1968 (bmo#1246742)
+ Buffer overflow in Brotli decompression
+ * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
+ Memory corruption with malicious NPAPI plugin
+ * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/
+ CVE-2016-1976/CVE-2016-1972
+ WebRTC and LibVPX vulnerabilities found through code inspection
+ * MFSA 2016-33/CVE-2016-1973 (bmo#1219339)
+ Use-after-free in GetStaticInstance in WebRTC
+ * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
+ Out-of-bounds read in HTML parser following a failed allocation
+ * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
+ Buffer overflow during ASN.1 decoding in NSS
+ (fixed by requiring 3.21.1)
+ * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
+ Use-after-free during processing of DER encoded keys in NSS
+ (fixed by requiring 3.21.1)
+ * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
+ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
+ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
+ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
+ Font vulnerabilities in the Graphite 2 library
+
+-------------------------------------------------------------------
+Sat Mar 5 15:27:00 UTC 2016 - olaf@aepfle.de
+
+- Remove B_CNT from symbols.zip filename to reduce build-compare noise
+
+-------------------------------------------------------------------
+Fri Feb 26 16:22:52 UTC 2016 - astieger@suse.com
+
+- fix build problems on i586, caused by too large unified compile
+ units - adding mozilla-reduce-files-per-UnifiedBindings.patch
+
+-------------------------------------------------------------------
+Thu Feb 11 07:51:34 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 44.0.2
+ * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438)
+ Same-origin-policy violation using Service Workers with plugins
+ * Fix issue which could lead to the removal of stored passwords
+ under certain circumstances (bmo#1242176)
+ * Allows spaces in cookie names (bmo#1244505)
+ * Disable opus/vorbis audio with H.264 (bmo#1245696)
+ * Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
+ * Fix a crash in cache networking (bmo#1244076)
+ * Fix using WebSockets in service worker controlled pages (bmo#1243942)
+
+-------------------------------------------------------------------
+Sat Jan 30 08:28:17 UTC 2016 - dmueller@suse.com
+
+- build fixes for arm/aarch64:
+ * disable webrtc for arm/aarch64
+ * switch away from openGL-ES backend to default for arm/aarch64
+ since it almost never builds
+ * reenable neon
+- reenable webrtc for powerpc as it seems to build
+
+-------------------------------------------------------------------
Sun Jan 24 09:33:15 UTC 2016 - wr@rosenauer.org
-- update to Firefox 44.0b9
+- update to Firefox 44.0
+ * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633
+ Miscellaneous memory safety hazards
+ * MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634
+ Out of Memory crash when parsing GIF format images
+ * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635
+ Buffer overflow in WebGL after out of memory allocation
+ * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637
+ Firefox allows for control characters to be set in cookie names
+ * MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641
+ Missing delay following user click events in protocol handler dialog
+ * MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731
+ Errors in mp_div and mp_exptmod cryptographic functions in NSS
+ (fixed by requiring NSS 3.21)
+ * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)
+ Addressbar spoofing attacks boo#963643
+ * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
+ (bmo#1186621, bmo#1214782, bmo#1232096) boo#963644
+ Unsafe memory manipulation found through code inspection
+ * MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645
+ Application Reputation service disabled in Firefox 43
* requires NSPR 4.11
* requires NSS 3.21
- prepare mozilla-kde.patch for Gtk3 builds