--- a/MozillaFirefox/MozillaFirefox.changes Sat Mar 12 08:51:29 2016 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Tue Apr 12 19:13:11 2016 +0200
@@ -1,7 +1,38 @@
-------------------------------------------------------------------
+Mon Apr 11 22:49:24 UTC 2016 - astieger@suse.com
+
+- Mozilla Firefox 45.0.2:
+ * Fix an issue impacting the cookie header when third-party
+ cookies are blocked (bmo#1257861)
+ * Fix a web compatibility regression impacting the srcset
+ attribute of the image tag (bmo#1259482)
+ * Fix a crash impacting the video playback with Media Source
+ Extension (bmo#1258562)
+ * Fix a regression impacting some specific uploads (bmo#1255735)
+ * Fix a regression with the copy and paste with some old versions
+ of some Gecko applications like Thunderbird (bmo#1254980)
+
+-------------------------------------------------------------------
+Fri Mar 18 08:52:58 UTC 2016 - astieger@suse.com
+
+- Mozilla Firefox 45.0.1:
+ * Fix a regression causing search engine settings to be lost in
+ some context (bmo#1254694)
+ * Bring back non-standard jar: URIs to fix a regression in IBM
+ iNotes (bmo#1255139)
+ * XSLTProcessor.importStylesheet was failing when <import> was
+ used (bmo#1249572)
+ * Fix an issue which could cause the list of search provider to
+ be empty (bmo#1255605)
+ * Fix a regression when using the location bar (bmo#1254503)
+ * Fix some loading issues when Accept third-party cookies: was
+ set to Never (bmo#1254856)
+ * Disabled Graphite font shaping library
+
+-------------------------------------------------------------------
Sun Mar 6 19:52:13 UTC 2016 - wr@rosenauer.org
-- update to Firefox 45.0
+- update to Firefox 45.0 (boo#969894)
* requires NSPR 4.12 / NSS 3.21.1
* Instant browser tab sharing through Hello
* Synced Tabs button in button bar
@@ -10,6 +41,60 @@
* Introduce a new preference (network.dns.blockDotOnion) to allow
blocking .onion at the DNS level
* Tab Groups (Panorama) feature removed
+ * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
+ Miscellaneous memory safety hazards
+ * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
+ Local file overwriting and potential privilege escalation through
+ CSP reports
+ * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
+ CSP reports fail to strip location information for embedded iframe pages
+ * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
+ Linux video memory DOS with Intel drivers
+ * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
+ Memory leak in libstagefright when deleting an array during MP4
+ processing
+ * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
+ Displayed page address can be overridden
+ * MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
+ Service Worker Manager out-of-bounds read in Service Worker Manager
+ * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
+ Use-after-free in HTML5 string parser
+ * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
+ Use-after-free in SetBody
+ * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
+ Use-after-free when using multiple WebRTC data channels
+ * MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
+ Memory corruption when modifying a file being read by FileReader
+ * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
+ Use-after-free during XML transformations
+ * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
+ Addressbar spoofing though history navigation and Location protocol
+ property
+ * MFSA 2016-29/CVE-2016-1967 (bmo#1246956)
+ Same-origin policy violation using perfomance.getEntries and
+ history navigation with session restore
+ * MFSA 2016-30/CVE-2016-1968 (bmo#1246742)
+ Buffer overflow in Brotli decompression
+ * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
+ Memory corruption with malicious NPAPI plugin
+ * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/
+ CVE-2016-1976/CVE-2016-1972
+ WebRTC and LibVPX vulnerabilities found through code inspection
+ * MFSA 2016-33/CVE-2016-1973 (bmo#1219339)
+ Use-after-free in GetStaticInstance in WebRTC
+ * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
+ Out-of-bounds read in HTML parser following a failed allocation
+ * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
+ Buffer overflow during ASN.1 decoding in NSS
+ (fixed by requiring 3.21.1)
+ * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
+ Use-after-free during processing of DER encoded keys in NSS
+ (fixed by requiring 3.21.1)
+ * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
+ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
+ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
+ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
+ Font vulnerabilities in the Graphite 2 library
-------------------------------------------------------------------
Sat Mar 5 15:27:00 UTC 2016 - olaf@aepfle.de
--- a/MozillaFirefox/MozillaFirefox.spec Sat Mar 12 08:51:29 2016 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec Tue Apr 12 19:13:11 2016 +0200
@@ -19,9 +19,9 @@
# changed with every update
%define major 45
-%define mainver %major.0
+%define mainver %major.0.2
%define update_channel release
-%define releasedate 2016030500
+%define releasedate 2016041100
# general build definitions
%if "%{update_channel}" != "aurora"
--- a/MozillaFirefox/create-tar.sh Sat Mar 12 08:51:29 2016 +0100
+++ b/MozillaFirefox/create-tar.sh Tue Apr 12 19:13:11 2016 +0200
@@ -2,8 +2,8 @@
CHANNEL="release"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_45_0_RELEASE"
-VERSION="45.0"
+RELEASE_TAG="FIREFOX_45_0_2_RELEASE"
+VERSION="45.0.2"
# mozilla
if [ -d mozilla ]; then