------------------------------------------------------------------- Wed Aug 4 09:39:24 CEST 2010 - wr@rosenauer.org - honor LANGUAGE environment variable for UI locale (bmo#583793) ------------------------------------------------------------------- Wed Jul 28 07:32:50 CEST 2010 - wr@rosenauer.org - fixed sound notifications through libesd (bmo#579877) - updated libproxy implementation after upstream review (bmo#517655) ------------------------------------------------------------------- Tue Jul 27 17:04:41 CEST 2010 - meissner@suse.de - disable ipc and crashreport for ia64,ppc,ppc64,s390,s390x. ------------------------------------------------------------------- Sat Jul 24 12:42:58 CEST 2010 - wr@rosenauer.org - security update to 1.9.2.8 (bnc#622506) * MFSA 2010-48/CVE-2010-2755 (bmo#575836) Dangling pointer crash regression from plugin parameter array fix ------------------------------------------------------------------- Thu Jul 15 21:45:13 CEST 2010 - wr@rosenauer.org - security update to 1.9.2.7 (bnc#622506) * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212 Miscellaneous memory safety hazards * MFSA 2010-35/CVE-2010-1208 (bmo#572986) DOM attribute cloning remote code execution vulnerability * MFSA 2010-36/CVE-2010-1209 (bmo#552110) Use-after-free error in NodeIterator * MFSA 2010-37/CVE-2010-1214 (bmo#572985) Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability * MFSA 2010-38/CVE-2010-1215 (bmo#567069) Arbitrary code execution using SJOW and fast native function * MFSA 2010-39/CVE-2010-2752 (bmo#574059) nsCSSValue::Array index integer overflow * MFSA 2010-40/CVE-2010-2753 (bmo#571106) nsTreeSelection dangling pointer remote code execution vulnerability * MFSA 2010-41/CVE-2010-1205 (bmo#570451) Remote code execution using malformed PNG image * MFSA 2010-42/CVE-2010-1213 (bmo#568148) Cross-origin data disclosure via Web Workers and importScripts * MFSA 2010-43/CVE-2010-1207 (bmo#571287) Same-origin bypass using canvas context * MFSA 2010-44/CVE-2010-1210 (bmo#564679) Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957) Multiple location bar spoofing vulnerabilities * MFSA 2010-46/CVE-2010-0654 (bmo#524223) Cross-domain data theft using CSS * MFSA 2010-47/CVE-2010-2754 (bmo#568564) Cross-origin data leakage from script filename in error messages ------------------------------------------------------------------- Sun Jun 27 21:02:29 CEST 2010 - wr@rosenauer.org - update to 1.9.2.6 release * modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated. - require exact matching version of mozilla-js192 ------------------------------------------------------------------- Wed Jun 23 14:23:43 CEST 2010 - wr@rosenauer.org - update to final 1.9.2.4 release (bnc#603356) * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/ CVE-2010-1203 Crashes with evidence of memory corruption (rv:1.9.2.4) * MFSA 2010-28/CVE-2010-1198 (bmo#532246) Freed object reuse across plugin instances * MFSA 2010-29/CVE-2010-1196 (bmo#534666) Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal * MFSA 2010-30/CVE-2010-1199 (bmo#554255) Integer Overflow in XSLT Node Sorting * MFSA 2010-31/CVE-2010-1125 (bmo#552255) focus() behavior can be used to inject or steal keystrokes * MFSA 2010-32/CVE-2010-1197 (bmo#537120) Content-Disposition: attachment ignored if Content-Type: multipart also present * MFSA 2010-33/CVE-2008-5913 (bmo#475585) User tracking across sites using Math.random() ------------------------------------------------------------------- Mon Jun 7 06:51:23 CEST 2010 - wr@rosenauer.org - update to 1.9.2.4(build6) ------------------------------------------------------------------- Tue May 4 08:03:37 CEST 2010 - wr@rosenauer.org - security update to 1.9.2.4 (Lorentz) * enable crashreporter also for x86-64 * provide mozilla-runtime to host NPAPI out of process plugins - removed libproxy debug message (bnc#604711) ------------------------------------------------------------------- Mon Apr 26 07:18:09 CEST 2010 - wr@rosenauer.org - point alternatives link to the stable version to improve robustness (bnc#589037) ------------------------------------------------------------------- Sat Apr 24 11:38:24 UTC 2010 - coolo@novell.com - buildrequire pkg-config to fix provides ------------------------------------------------------------------- Thu Apr 1 11:15:38 UTC 2010 - wr@rosenauer.org - security update to 1.9.2.3 * MFSA 2010-25/CVE-2010-1121 (bmo#555109) Re-use of freed object due to scope confusion ------------------------------------------------------------------- Thu Mar 25 20:04:41 CET 2010 - wr@rosenauer.org - security update to 1.9.2.2 (bnc#586567) * MFSA 2010-08/CVE-2010-1028 WOFF heap corruption due to integer overflow * MFSA 2010-09/CVE-2010-0164 (bmo#547143) Deleted frame reuse in multipart/x-mixed-replace image * MFSA 2010-10/CVE-2010-0170 (bmo#541530) XSS via plugins and unprotected Location object * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167 Crashes with evidence of memory corruption * MFSA 2010-12/CVE-2010-0171 (bmo#531364) XSS using addEventListener and setTimeout on a wrapped object * MFSA 2010-13/CVE-2010-0168 (bmo#540642) Content policy bypass with image preloading * MFSA 2010-14/CVE-2010-0169 (bmo#535806) Browser chrome defacement via cached XUL stylesheets * MFSA 2010-15/CVE-2010-0172 (bmo#537862) Asynchronous Auth Prompt attaches to wrong window * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174 Crashes with evidence of memory corruption * MFSA 2010-18/CVE-2010-0176 (bmo#538308) Dangling pointer vulnerability in nsTreeContentView * MFSA 2010-19/CVE-2010-0177 (bmo#538310) Dangling pointer vulnerability in nsPluginArray * MFSA 2010-20/CVE-2010-0178 (bmo#546909) Chrome privilege escalation via forced URL drag and drop * MFSA 2010-22/CVE-2009-3555 (bmo#545755) Update NSS to support TLS renegotiation indication * MFSA 2010-23/CVE-2010-0181 (bmo#452093) Image src redirect to mailto: URL opens email editor * MFSA 2010-24/CVE-2010-0182 (bmo#490790) XMLDocument::load() doesn't check nsIContentPolicy - general.useragent.locale in profile overrides intl.locale.matchOS (bmo#542999) - split mozilla-js192 package which contains libmozjs only to allow its installation w/o all GUI dependencies ------------------------------------------------------------------- Mon Jan 18 09:28:56 CET 2010 - wr@rosenauer.org - update to 1.9.2rc2 - add update-alternatives %ghost file to filelist starting with 11.2 (%ghost files are conflicting in earlier versions) - fixed mozilla-plugin.pc (remove obsolete stable reference) ------------------------------------------------------------------- Wed Jan 6 14:10:25 CET 2010 - wr@rosenauer.org - update to 1.9.2rc1 * removed obsolete mozilla-breakpad.patch - expand -translations-* and -gnome filelists to clean up the filesystem for upgrades and removals correctly - enable crashreporter and create breakpad buildsymbols package for mozilla crashreporter (for ix86) - drop PreReq usage by cleaning up the different Requires tags ------------------------------------------------------------------- Thu Dec 24 14:21:02 CET 2009 - wr@rosenauer.org - update to 1.9.2b5 - removed upstreamed mozilla-abi.patch - integrated mozilla-kde.patch - use .autoreg file for autoregistration when needed (bnc#440872) - enable libproxy support from 11.2 on - renamed -gnomevfs subpackage to -gnome - readded lockdown patches and preferences - fix baselibs.conf ------------------------------------------------------------------- Tue Nov 10 14:48:39 CET 2009 - wr@rosenauer.org - update to 1.9.2b2 - merge from xulrunner191 package ------------------------------------------------------------------- Sun Nov 1 13:10:23 CET 2009 - wr@rosenauer.org - update to 1.9.2b1 - use newer internal cairo for 11.1 and older ------------------------------------------------------------------- Sun Oct 18 13:04:22 CEST 2009 - wr@rosenauer.org - reworked PreReq list ------------------------------------------------------------------- Fri Oct 16 09:14:47 CEST 2009 - wr@rosenauer.org - update to snapshot 1.9.2b2pre (20091015) (entering beta phase) ------------------------------------------------------------------- Mon Sep 21 16:43:18 CEST 2009 - wr@rosenauer.org - BuildRequire libiw-devel instead of wireless-tools from 11.2 on ------------------------------------------------------------------- Wed Sep 16 23:42:58 CEST 2009 - wr@rosenauer.org - new snapshot (20090916) ------------------------------------------------------------------- Mon Aug 24 17:37:06 CEST 2009 - wr@rosenauer.org - first alpha package of XULRunner 1.9.2