Mercurial Mercurial > hg > mozilla / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mozilla-xulrunner192/mozilla-xulrunner192.changes
author llunak@novell.com
Tue, 29 Mar 2011 09:35:30 +0200
branchmozilla-1.9.2
changeset 246 ea1f88b778f7
parent 243 357331cd000d
child 268 d4132e3628a5
permissions -rw-r--r--
fix 'save as' with KDE integration (bnc#557598)

-------------------------------------------------------------------
Mon Mar 28 16:25:25 UTC 2011 - llunak@novell.com

- fix 'save as' with KDE integration (bnc#557598)

-------------------------------------------------------------------
Sat Mar 19 22:11:41 UTC 2011 - wr@rosenauer.org

- security update to 1.9.2.16 (bnc#680771)
  * MFSA 2011-11
    Update HTTPS certificate blacklist (bmo#642395)

-------------------------------------------------------------------
Fri Mar  4 12:05:39 UTC 2011 - wr@rosenauer.org

- update to 1.9.2.15
  * fix a regression introduced with previous update affecting
    Java applet integration (bmo#629030)

-------------------------------------------------------------------
Wed Mar  2 10:33:25 UTC 2011 - pcerny@novell.com

- use full path to the ntlm_auth binary (bmo#634334)
  (mozilla-ntlm-full-path.patch)

-------------------------------------------------------------------
Tue Feb 22 07:47:01 UTC 2011 - wr@rosenauer.org

- security update to 1.9.2.14 (build3) (bnc#667155)
  * MFSA 2011-01/CVE-2011-0053/CVE-2011-0062
    Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
  * MFSA 2011-02/CVE-2011-0051 (bmo#616659)
    Recursive eval call causes confirm dialogs to evaluate to true
  * MFSA 2011-03/CVE-2011-0055 (bmo#616009, bmo#619255)
    Use-after-free error in JSON.stringify
  * MFSA 2011-04/CVE-2011-0054 (bmo#615657)
    Buffer overflow in JavaScript upvarMap
  * MFSA 2011-05/CVE-2011-0056 (bmo#622015)
    Buffer overflow in JavaScript atom map
  * MFSA 2011-06/CVE-2011-0057 (bmo#626631)
    Use-after-free error using Web Workers
  * MFSA 2011-08/CVE-2010-1585 (bmo#562547)
    ParanoidFragmentSink allows javascript: URLs in chrome documents
  * MFSA 2011-09/CVE-2011-0061 (bmo#610601)
    Crash caused by corrupted JPEG image
  * MFSA 2011-10/CVE-2011-0059 (bmo#573873)
    CSRF risk with plugins and 307 redirects

-------------------------------------------------------------------
Thu Nov 25 09:25:50 UTC 2010 - wr@rosenauer.org

- security update to 1.9.2.13 (bnc#657016)
  * MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778
    Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
  * MFSA 2010-75/CVE-2010-3769 (bmo#608336)
    Buffer overflow while line breaking after document.write with
    long string
  * MFSA 2010-76/CVE-2010-3771 (bmo#609437)
    Chrome privilege escalation with window.open and <isindex> element
  * MFSA 2010-77/CVE-2010-3772 (bmo#594547)
    Crash and remote code execution using HTML tags inside a XUL tree
  * MFSA 2010-78/CVE-2010-3768 (bmo#527276)
    Add support for OTS font sanitizer
  * MFSA 2010-79/CVE-2010-3775
    Java security bypass from LiveConnect loaded via data: URL
    meta refresh
  * MFSA 2010-80/CVE-2010-3766 (bmo#590771)
    Use-after-free error with nsDOMAttribute MutationObserver
  * MFSA 2010-81/CVE-2010-3767 (bmo#599468)
    Integer overflow vulnerability in NewIdArray
  * MFSA 2010-82/CVE-2010-3773 (bmo#554449)
    Incomplete fix for CVE-2010-0179
  * MFSA 2010-83/VE-2010-3774 (bmo#602780)
    Location bar SSL spoofing using network error page
  * MFSA 2010-84/CVE-2010-3770 (bmo#601429)
    XSS hazard in multiple character encodings

-------------------------------------------------------------------
Wed Oct 27 07:12:14 CEST 2010 - wr@rosenauer.org

- security update to 1.9.2.12 (bnc#649492)
  * MFSA 2010-73/CVE-2010-3765 (bmo#607222)
    Heap buffer overflow mixing document.write and DOM insertion
- ignore empty LANGUAGE environment variable (bnc#648854)

-------------------------------------------------------------------
Wed Oct  6 07:13:34 CEST 2010 - wr@rosenauer.org

- security update to 1.9.2.11 (bnc#645315)
  * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
    Miscellaneous memory safety hazards
  * MFSA 2010-65/CVE-2010-3179 (bmo#583077)
    Buffer overflow and memory corruption using document.write
  * MFSA 2010-66/CVE-2010-3180 (bmo#588929)
    Use-after-free error in nsBarProp
  * MFSA 2010-67/CVE-2010-3183 (bmo#598669)
    Dangling pointer vulnerability in LookupGetterOrSetter
  * MFSA 2010-68/CVE-2010-3177 (bmo#556734)
    XSS in gopher parser when parsing hrefs
  * MFSA 2010-69/CVE-2010-3178 (bmo#576616)
    Cross-site information disclosure via modal calls
  * MFSA 2010-70/CVE-2010-3170 (bmo#578697)
    SSL wildcard certificate matching IP addresses
  * MFSA 2010-71/CVE-2010-3182 (bmo#590753)
    Unsafe library loading vulnerabilities
  * MFSA 2010-72/CVE-2010-3173
    Insecure Diffie-Hellman key exchange
- removed upstreamed patches:
  * mozilla-esd.patch
  * mozilla-helper-app.patch
- build and runtime requirement is NSS 3.12.8

-------------------------------------------------------------------
Wed Sep 15 07:39:22 CEST 2010 - wr@rosenauer.org

- update to 1.9.2.10
  * fixing startup topcrash (bmo#594699)

-------------------------------------------------------------------
Mon Aug 30 17:34:28 CEST 2010 - wr@rosenauer.org

- security update to 1.9.2.9 (bnc#637303)
  * MFSA 2010-49/CVE-2010-3169
    Miscellaneous memory safety hazards
  * MFSA 2010-50/CVE-2010-2765 (bmo#576447)
    Frameset integer overflow vulnerability
  * MFSA 2010-51/CVE-2010-2767 (bmo#584512)
    Dangling pointer vulnerability using DOM plugin array
  * MFSA 2010-53/CVE-2010-3166 (bmo#579655)
    Heap buffer overflow in nsTextFrameUtils::TransformText
  * MFSA 2010-54/CVE-2010-2760 (bmo#585815)
    Dangling pointer vulnerability in nsTreeSelection
  * MFSA 2010-55/CVE-2010-3168 (bmo#576075)
    XUL tree removal crash and remote code execution
  * MFSA 2010-56/CVE-2010-3167 (bmo#576070)
    Dangling pointer vulnerability in nsTreeContentView
  * MFSA 2010-57/CVE-2010-2766 (bmo#580445)
    Crash and remote code execution in normalizeDocument
  * MFSA 2010-59/CVE-2010-2762 (bmo#584180)
    SJOW creates scope chains ending in outer object
  * MFSA 2010-61/CVE-2010-2768 (bmo#579744)
    UTF-7 XSS by overriding document charset using <object> type 
    attribute
  * MFSA 2010-62/CVE-2010-2769 (bmo#520189)
    Copy-and-paste or drag-and-drop into designMode document allows 
    XSS
  * MFSA 2010-63/CVE-2010-2764 (bmo#552090)
    Information leak via XMLHttpRequest statusText
- honor LANGUAGE environment variable for UI locale (bmo#583793)
- fixed compilation against NSPR < 4.8.6 (mozilla-prlog.patch)
  (bmo#567620)

-------------------------------------------------------------------
Mon Aug 30 17:32:20 CEST 2010 - wr@rosenauer.org

- fixed build with latest Gnome in Factory
  (mozilla-gdk-pixbuf.patch

-------------------------------------------------------------------
Wed Jul 28 07:32:50 CEST 2010 - wr@rosenauer.org

- fixed sound notifications through libesd (bmo#579877)
- updated libproxy implementation after upstream review (bmo#517655)
- added lcd filter patch for internal cairo

-------------------------------------------------------------------
Tue Jul 27 17:04:41 CEST 2010 - meissner@suse.de

- disable ipc and crashreport for ia64,ppc,ppc64,s390,s390x.

-------------------------------------------------------------------
Sat Jul 24 12:42:58 CEST 2010 - wr@rosenauer.org

- security update to 1.9.2.8 (bnc#622506)
  * MFSA 2010-48/CVE-2010-2755 (bmo#575836)
    Dangling pointer crash regression from plugin parameter array 
    fix

-------------------------------------------------------------------
Thu Jul 15 21:45:13 CEST 2010 - wr@rosenauer.org

- security update to 1.9.2.7 (bnc#622506)
  * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
    Miscellaneous memory safety hazards
  * MFSA 2010-35/CVE-2010-1208 (bmo#572986)
    DOM attribute cloning remote code execution vulnerability
  * MFSA 2010-36/CVE-2010-1209 (bmo#552110)
    Use-after-free error in NodeIterator
  * MFSA 2010-37/CVE-2010-1214 (bmo#572985)
    Plugin parameter EnsureCachedAttrParamArrays remote code 
    execution vulnerability
  * MFSA 2010-38/CVE-2010-1215 (bmo#567069)
    Arbitrary code execution using SJOW and fast native function
  * MFSA 2010-39/CVE-2010-2752 (bmo#574059)
    nsCSSValue::Array index integer overflow
  * MFSA 2010-40/CVE-2010-2753 (bmo#571106)
    nsTreeSelection dangling pointer remote code execution 
    vulnerability
  * MFSA 2010-41/CVE-2010-1205 (bmo#570451)
    Remote code execution using malformed PNG image
  * MFSA 2010-42/CVE-2010-1213 (bmo#568148)
    Cross-origin data disclosure via Web Workers and importScripts
  * MFSA 2010-43/CVE-2010-1207 (bmo#571287)
    Same-origin bypass using canvas context
  * MFSA 2010-44/CVE-2010-1210 (bmo#564679)
    Characters mapped to U+FFFD in 8 bit encodings cause subsequent 
    character to vanish
  * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
    Multiple location bar spoofing vulnerabilities
  * MFSA 2010-46/CVE-2010-0654 (bmo#524223)
    Cross-domain data theft using CSS
  * MFSA 2010-47/CVE-2010-2754 (bmo#568564)
    Cross-origin data leakage from script filename in error messages

-------------------------------------------------------------------
Sun Jun 27 21:02:29 CEST 2010 - wr@rosenauer.org

- update to 1.9.2.6 release
  * modifies the crash protection feature to increase the amount
    of time that plugins are allowed to be non-responsive before
    being terminated.
- require exact matching version of mozilla-js192

-------------------------------------------------------------------
Wed Jun 23 14:23:43 CEST 2010 - wr@rosenauer.org

- update to final 1.9.2.4 release (bnc#603356)
  * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
    CVE-2010-1203
    Crashes with evidence of memory corruption (rv:1.9.2.4)
  * MFSA 2010-28/CVE-2010-1198 (bmo#532246)
    Freed object reuse across plugin instances
  * MFSA 2010-29/CVE-2010-1196 (bmo#534666)
    Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
  * MFSA 2010-30/CVE-2010-1199 (bmo#554255)
    Integer Overflow in XSLT Node Sorting
  * MFSA 2010-31/CVE-2010-1125 (bmo#552255)
    focus() behavior can be used to inject or steal keystrokes
  * MFSA 2010-32/CVE-2010-1197 (bmo#537120)
    Content-Disposition: attachment ignored if
    Content-Type: multipart also present
  * MFSA 2010-33/CVE-2008-5913 (bmo#475585)
    User tracking across sites using Math.random()

-------------------------------------------------------------------
Mon Jun  7 06:51:23 CEST 2010 - wr@rosenauer.org

- update to 1.9.2.4(build6)

-------------------------------------------------------------------
Tue May  4 08:03:37 CEST 2010 - wr@rosenauer.org

- security update to 1.9.2.4 (Lorentz)
  * enable crashreporter also for x86-64
  * provide mozilla-runtime to host NPAPI out of process plugins
- removed libproxy debug message (bnc#604711)

-------------------------------------------------------------------
Mon Apr 26 07:18:09 CEST 2010 - wr@rosenauer.org

- point alternatives link to the stable version to improve
  robustness (bnc#589037)

-------------------------------------------------------------------
Sat Apr 24 11:38:24 UTC 2010 - coolo@novell.com

- buildrequire pkg-config to fix provides

-------------------------------------------------------------------
Thu Apr  1 11:15:38 UTC 2010 - wr@rosenauer.org

- security update to 1.9.2.3
  * MFSA 2010-25/CVE-2010-1121 (bmo#555109)
    Re-use of freed object due to scope confusion

-------------------------------------------------------------------
Thu Mar 25 20:04:41 CET 2010 - wr@rosenauer.org

- security update to 1.9.2.2 (bnc#586567)
  * MFSA 2010-08/CVE-2010-1028
    WOFF heap corruption due to integer overflow
  * MFSA 2010-09/CVE-2010-0164 (bmo#547143)
    Deleted frame reuse in multipart/x-mixed-replace image
  * MFSA 2010-10/CVE-2010-0170 (bmo#541530)
    XSS via plugins and unprotected Location object
  * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167
    Crashes with evidence of memory corruption
  * MFSA 2010-12/CVE-2010-0171 (bmo#531364)
    XSS using addEventListener and setTimeout on a wrapped object
  * MFSA 2010-13/CVE-2010-0168 (bmo#540642)
    Content policy bypass with image preloading
  * MFSA 2010-14/CVE-2010-0169 (bmo#535806)
    Browser chrome defacement via cached XUL stylesheets
  * MFSA 2010-15/CVE-2010-0172 (bmo#537862)
    Asynchronous Auth Prompt attaches to wrong window
  * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
    Crashes with evidence of memory corruption
  * MFSA 2010-18/CVE-2010-0176 (bmo#538308)
    Dangling pointer vulnerability in nsTreeContentView
  * MFSA 2010-19/CVE-2010-0177 (bmo#538310)
    Dangling pointer vulnerability in nsPluginArray
  * MFSA 2010-20/CVE-2010-0178 (bmo#546909)
    Chrome privilege escalation via forced URL drag and drop
  * MFSA 2010-22/CVE-2009-3555 (bmo#545755)
    Update NSS to support TLS renegotiation indication
  * MFSA 2010-23/CVE-2010-0181 (bmo#452093)
    Image src redirect to mailto: URL opens email editor
  * MFSA 2010-24/CVE-2010-0182 (bmo#490790)
    XMLDocument::load() doesn't check nsIContentPolicy
- general.useragent.locale in profile overrides 
  intl.locale.matchOS (bmo#542999)
- split mozilla-js192 package which contains libmozjs only
  to allow its installation w/o all GUI dependencies

-------------------------------------------------------------------
Mon Jan 18 09:28:56 CET 2010 - wr@rosenauer.org

- update to 1.9.2rc2
- add update-alternatives %ghost file to filelist starting
  with 11.2 (%ghost files are conflicting in earlier versions)
- fixed mozilla-plugin.pc (remove obsolete stable reference)

-------------------------------------------------------------------
Wed Jan  6 14:10:25 CET 2010 - wr@rosenauer.org

- update to 1.9.2rc1
  * removed obsolete mozilla-breakpad.patch
- expand -translations-* and -gnome filelists to clean up the 
  filesystem for upgrades and removals correctly
- enable crashreporter and create breakpad buildsymbols package
  for mozilla crashreporter (for ix86)
- drop PreReq usage by cleaning up the different Requires tags

-------------------------------------------------------------------
Thu Dec 24 14:21:02 CET 2009 - wr@rosenauer.org

- update to 1.9.2b5
- removed upstreamed mozilla-abi.patch
- integrated mozilla-kde.patch
- use .autoreg file for autoregistration when needed (bnc#440872)
- enable libproxy support from 11.2 on
- renamed -gnomevfs subpackage to -gnome
- readded lockdown patches and preferences
- fix baselibs.conf

-------------------------------------------------------------------
Tue Nov 10 14:48:39 CET 2009 - wr@rosenauer.org

- update to 1.9.2b2
- merge from xulrunner191 package

-------------------------------------------------------------------
Sun Nov  1 13:10:23 CET 2009 - wr@rosenauer.org

- update to 1.9.2b1
- use newer internal cairo for 11.1 and older

-------------------------------------------------------------------
Sun Oct 18 13:04:22 CEST 2009 - wr@rosenauer.org

- reworked PreReq list

-------------------------------------------------------------------
Fri Oct 16 09:14:47 CEST 2009 - wr@rosenauer.org

- update to snapshot 1.9.2b2pre (20091015)
  (entering beta phase)

-------------------------------------------------------------------
Mon Sep 21 16:43:18 CEST 2009 - wr@rosenauer.org

- BuildRequire libiw-devel instead of wireless-tools from 11.2 on

-------------------------------------------------------------------
Wed Sep 16 23:42:58 CEST 2009 - wr@rosenauer.org

- new snapshot (20090916)

-------------------------------------------------------------------
Mon Aug 24 17:37:06 CEST 2009 - wr@rosenauer.org

- first alpha package of XULRunner 1.9.2
mozilla