Mercurial Mercurial > hg > mozilla / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
41.0 release and changelogs firefox41
authorWolfgang Rosenauer <wr@rosenauer.org>
Wed, 23 Sep 2015 07:44:44 +0200
branchfirefox41
changeset 883 7aa7715fdc8f
parent 882 82af81b0a6c7
child 884 d9d863421693
41.0 release and changelogs
MozillaFirefox/MozillaFirefox.changes file | annotate | diff | comparison | revisions
MozillaFirefox/MozillaFirefox.spec file | annotate | diff | comparison | revisions
MozillaFirefox/create-tar.sh file | annotate | diff | comparison | revisions 
--- a/MozillaFirefox/MozillaFirefox.changes	Sat Sep 19 22:04:22 2015 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Wed Sep 23 07:44:44 2015 +0200
@@ -1,11 +1,69 @@
 -------------------------------------------------------------------
-Sun Sep 13 21:13:35 UTC 2015 - wr@rosenauer.org
-
-- update to Firefox 41.0b9
+Sat Sep 19 20:23:29 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 41.0 (bnc#947003)
+  * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
+    Miscellaneous memory safety hazards
+  * MFSA 2015-97/CVE-2015-4503 (bmo#994337)
+    Memory leak in mozTCPSocket to servers
+  * MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
+    Out of bounds read in QCMS library with ICC V4 profile attributes
+  * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
+    Site attribute spoofing on Android by pasting URL with unknown scheme
+  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
+    Arbitrary file manipulation by local user through Mozilla updater
+  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
+    Buffer overflow in libvpx while parsing vp9 format video
+  * MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
+    Crash when using debugger with SavedStacks in JavaScript
+  * MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
+    URL spoofing in reader mode
+  * MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
+    Use-after-free with shared workers and IndexedDB
+  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
+    Buffer overflow while decoding WebM video
+  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
+    Use-after-free while manipulating HTML media content
+  * MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
+    Out-of-bounds read during 2D canvas display on Linux 16-bit
+    color depth systems
+  * MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
+    Scripted proxies can access inner window
+  * MFSA 2015-109/CVE-2015-4516 (bmo#904886)
+    JavaScript immutable property enforcement can be bypassed
+  * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
+    Dragging and dropping images exposes final URL after redirects
+  * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
+    Errors in the handling of CORS preflight request headers
+  * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
+    CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
+    CVE-2015-7180
+    Vulnerabilities found through code inspection
+  * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
+    bmo#1190526) (Windows only)
+    Memory safety errors in libGLES in the ANGLE graphics library
+  * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
+    Information disclosure via the High Resolution Time API
 - rebased patches
 - removed obsolete patches
   * mozilla-arm64-libjpeg-turbo.patch
 
+------------------------------------------------------------------
+Thu Aug 27 06:03:51 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 40.0.3 (bnc#943550)
+  * Disable the asynchronous plugin initialization (bmo#1198590)
+  * Fix a segmentation fault in the GStreamer support (bmo#1145230)
+  * Fix a regression with some Japanese fonts used in the <input>
+    field (bmo#1194055)
+  * On some sites, the selection in a select combox box using the
+    mouse could be broken (bmo#1194733)
+  security fixes
+  * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
+    Use-after-free when resizing canvas element during restyling
+  * MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
+    Add-on notification bypass through data URLs
+
 -------------------------------------------------------------------
 Fri Aug  7 07:49:49 UTC 2015 - wr@rosenauer.org
 
--- a/MozillaFirefox/MozillaFirefox.spec	Sat Sep 19 22:04:22 2015 +0200
+++ b/MozillaFirefox/MozillaFirefox.spec	Wed Sep 23 07:44:44 2015 +0200
@@ -18,10 +18,10 @@
 
 
 # changed with every update
-%define major 40
-%define mainver %major.99
-%define update_channel beta
-%define releasedate 2015091100
+%define major 41
+%define mainver %major.0
+%define update_channel release
+%define releasedate 2015091800
 
 # general build definitions
 %if "%{update_channel}" != "aurora"
--- a/MozillaFirefox/create-tar.sh	Sat Sep 19 22:04:22 2015 +0200
+++ b/MozillaFirefox/create-tar.sh	Wed Sep 23 07:44:44 2015 +0200
@@ -1,9 +1,9 @@
 #!/bin/bash
 
-CHANNEL="beta"
+CHANNEL="release"
 BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_41_0b9_RELEASE"
-VERSION="40.99"
+RELEASE_TAG="FIREFOX_41_0_RELEASE"
+VERSION="41.0"
 
 # mozilla
 if [ -d mozilla ]; then
mozilla