--- a/MozillaFirefox/MozillaFirefox.changes Sat Sep 19 22:04:22 2015 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Sat Oct 31 20:58:31 2015 +0100
@@ -1,11 +1,116 @@
-------------------------------------------------------------------
-Sun Sep 13 21:13:35 UTC 2015 - wr@rosenauer.org
-
-- update to Firefox 41.0b9
+Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 42.0 (bnc#952810)
+ * Private Browsing with Tracking Protection blocks certain Web
+ elements that could be used to record your behavior across sites
+ * Control Center that contains site security and privacy controls
+ * Login Manager improvements
+ * WebRTC improvements
+ * Indicator added to tabs that play audio with one-click muting
+ * Media Source Extension for HTML5 video available for all sites
+- requires NSPR 4.10.10 and NSS 3.19.4
+- removed obsolete patches
+ * mozilla-arm-disable-edsp.patch
+ * mozilla-icu-strncat.patch
+ * mozilla-skia-be-le.patch
+ * toolkit-download-folder.patch
+- fixed build with enable-libproxy (bmo#1220399)
+ * mozilla-libproxy.patch
+
+-------------------------------------------------------------------
+Thu Oct 15 08:25:54 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 41.0.2 (bnc#950686)
+ * MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669)
+ Cross-origin restriction bypass using Fetch
+- added explicit appdata provides (bnc#949983)
+
+-------------------------------------------------------------------
+Sun Oct 4 09:20:56 UTC 2015 - wr@rosenauer.org
+
+- do not build with --enable-stdcxx-compat
+ (this starts to fail build on various toolchain combinations
+ and is not required for openSUSE builds in general
+
+-------------------------------------------------------------------
+Thu Oct 1 09:49:57 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 41.0.1
+ * Fix a startup crash related to Yandex toolbar and Adblock Plus
+ (bmo#1209124)
+ * Fix potential hangs with Flash plugins (bmo#1185639)
+ * Fix a regression in the bookmark creation (bmo#1206376)
+ * Fix a startup crash with some Intel Media Accelerator 3150
+ graphic cards (bmo#1207665)
+ * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)
+
+-------------------------------------------------------------------
+Sat Sep 19 20:23:29 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 41.0 (bnc#947003)
+ * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
+ Miscellaneous memory safety hazards
+ * MFSA 2015-97/CVE-2015-4503 (bmo#994337)
+ Memory leak in mozTCPSocket to servers
+ * MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
+ Out of bounds read in QCMS library with ICC V4 profile attributes
+ * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
+ Site attribute spoofing on Android by pasting URL with unknown scheme
+ * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
+ Arbitrary file manipulation by local user through Mozilla updater
+ * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
+ Buffer overflow in libvpx while parsing vp9 format video
+ * MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
+ Crash when using debugger with SavedStacks in JavaScript
+ * MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
+ URL spoofing in reader mode
+ * MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
+ Use-after-free with shared workers and IndexedDB
+ * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
+ Buffer overflow while decoding WebM video
+ * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
+ Use-after-free while manipulating HTML media content
+ * MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
+ Out-of-bounds read during 2D canvas display on Linux 16-bit
+ color depth systems
+ * MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
+ Scripted proxies can access inner window
+ * MFSA 2015-109/CVE-2015-4516 (bmo#904886)
+ JavaScript immutable property enforcement can be bypassed
+ * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
+ Dragging and dropping images exposes final URL after redirects
+ * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
+ Errors in the handling of CORS preflight request headers
+ * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
+ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
+ CVE-2015-7180
+ Vulnerabilities found through code inspection
+ * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
+ bmo#1190526) (Windows only)
+ Memory safety errors in libGLES in the ANGLE graphics library
+ * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
+ Information disclosure via the High Resolution Time API
- rebased patches
- removed obsolete patches
* mozilla-arm64-libjpeg-turbo.patch
+------------------------------------------------------------------
+Thu Aug 27 06:03:51 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 40.0.3 (bnc#943550)
+ * Disable the asynchronous plugin initialization (bmo#1198590)
+ * Fix a segmentation fault in the GStreamer support (bmo#1145230)
+ * Fix a regression with some Japanese fonts used in the <input>
+ field (bmo#1194055)
+ * On some sites, the selection in a select combox box using the
+ mouse could be broken (bmo#1194733)
+ security fixes
+ * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
+ Use-after-free when resizing canvas element during restyling
+ * MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
+ Add-on notification bypass through data URLs
+
-------------------------------------------------------------------
Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org