1f8e55111d- mozilla-binutils-visibility.patch to fix build issues with gcc/binutils combination used in Leap 42.2
Wolfgang Rosenauer
2016-06-15 07:55:15 +00:00
7441e7733c* add patch mozilla-aarch64-48bit-va.patch
Wolfgang Rosenauer
2016-06-14 20:12:53 +00:00
9fdd4cf285Accepting request 402022 from home:badshah400:firefox-gtk3
Wolfgang Rosenauer
2016-06-14 20:07:58 +00:00
0f3c39840cAccepting request 401909 from home:algraf:branches:mozilla:Factory
Wolfgang Rosenauer
2016-06-14 19:48:50 +00:00
011d6fac17Accepting request 400713 from mozilla:Factory
Dominique Leuenberger
2016-06-12 16:51:47 +00:00
b9792ce771- update to Firefox 47.0 (boo#983549) * Enable VP9 video codec for users with fast machines * Embedded YouTube videos now play with HTML5 video if Flash is not installed * View and search open tabs from your smartphone or another computer in a sidebar * Allow no-cache on back/forward navigations for https resources security fixes: * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818 (boo#983638) (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743, bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493, bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752, bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130, bmo#1269729, bmo#1273202, bmo#1273701) Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381) Buffer overflow parsing HTML5 fragments * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460) Use-after-free deleting tables from a contenteditable document * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129) Addressbar spoofing though the SELECT element * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580) Out-of-bounds write with WebGL shader * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093) Partial same-origin-policy through setting location.host through data URI * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810) Use-after-free when textures are used in WebGL operations after recycle pool destruction
Wolfgang Rosenauer
2016-06-08 12:26:29 +00:00
d8d76869acAccepting request 398146 from mozilla:Factory
Dominique Leuenberger
2016-05-31 10:11:27 +00:00
424ee97030Accepting request 398058 from home:badshah400:branches:mozilla:Factory
Wolfgang Rosenauer
2016-05-26 05:57:29 +00:00
a5bfddd988Accepting request 397775 from home:badshah400:branches:openSUSE:Factory:Rings:2-TestDVD
Wolfgang Rosenauer
2016-05-25 07:27:59 +00:00
2e80572c8bAccepting request 397000 from mozilla:Factory
Dominique Leuenberger
2016-05-23 15:30:30 +00:00
44ae32c807Accepting request 396840 from home:dsterba:branches:mozilla:Factory
Wolfgang Rosenauer
2016-05-20 11:04:12 +00:00
b3c2b79b4aAccepting request 395587 from mozilla:Factory
Dominique Leuenberger
2016-05-20 09:54:30 +00:00
97bd16c7cb- update to Firefox 46.0 (boo#977333) * Improved security of the JavaScript Just In Time (JIT) Compiler * WebRTC fixes to improve performance and stability * Added support for document.elementsFromPoint * Added HKDF support for Web Crypto API * requires NSPR 4.12 and NSS 3.22.3 * added patch to fix unchecked return value mozilla-check_return.patch * Gtk3 builds not supported at the moment security fixes: * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807 Miscellaneous memory safety hazards * MFSA 2016-40/CVE-2016-2809 (bmo#1212939) Privilege escalation through file deletion by Maintenance Service updater (Windows only) * MFSA 2016-41/CVE-2016-2810 (bmo#1229681) Content provider permission bypass allows malicious application to access data (Android only) * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 (bmo#1252330, bmo#1261776) Use-after-free and buffer overflow in Service Workers * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650) Disclosure of user actions through JavaScript with motion and orientation sensors (only affects mobile variants) * MFSA 2016-44/CVE-2016-2814 (bmo#1254721) Buffer overflow in libstagefright with CENC offsets * MFSA 2016-45/CVE-2016-2816 (bmo#1223743) CSP not applied to pages sent with multipart/x-mixed-replace * MFSA 2016-46/CVE-2016-2817 (bmo#1227462) Elevation of privilege with chrome.tabs.update API in web extensions * MFSA 2016-47/CVE-2016-2808 (bmo#1246061)
Wolfgang Rosenauer
2016-04-27 07:09:13 +00:00
e165f239a4Accepting request 391154 from home:badshah400:branches:mozilla:Factory
Wolfgang Rosenauer
2016-04-24 06:17:46 +00:00
951bb72257Accepting request 388302 from mozilla:Factory
Dominique Leuenberger
2016-04-17 20:17:03 +00:00
946a2cf79cAccepting request 389750 from devel:ARM:Factory
Wolfgang Rosenauer
2016-04-14 10:14:02 +00:00
58d2070b38- Compile against gtk3 depending on whether the macro %firefox_use_gtk3 is defined or not (e.g., at the prjconf level); macro is undefined by default and so gtk2 is used as the default toolkit. - Add BuildRequires for additional packages needed when building against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0), pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0). - Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20; patch taken from Fedora (bmo#1230955).
Wolfgang Rosenauer
2016-04-12 21:13:00 +00:00
bb1a23845fAccepting request 387816 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2016-04-12 16:26:19 +00:00
e1b5fd601bAccepting request 380049 from mozilla:Factory
Dominique Leuenberger
2016-03-29 07:51:53 +00:00
f9d87d6387Accepting request 375147 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2016-03-19 08:13:45 +00:00
9e7508861fAccepting request 368778 from mozilla:Factory
Dominique Leuenberger
2016-03-16 09:24:36 +00:00
a4caa64ef9- update to Firefox 45.0 (boo#969894) * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels * MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property
Wolfgang Rosenauer
2016-03-08 22:37:32 +00:00
2d4b618151- update to Firefox 45.0 * requires NSPR 4.12 / NSS 3.21.1 * Instant browser tab sharing through Hello * Synced Tabs button in button bar * Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching * Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level * Tab Groups (Panorama) feature removed
Wolfgang Rosenauer
2016-03-07 16:25:29 +00:00
f75dc0e2d0Accepting request 366570 from home:olh:branches:mozilla:Factory
Wolfgang Rosenauer
2016-03-06 16:21:37 +00:00
dd5eee42f6Accepting request 362048 from mozilla:Factory
Dominique Leuenberger
2016-02-29 08:13:34 +00:00
17c09e6be5units - adding mozilla-reduce-files-per-UnifiedBindings.patch
Wolfgang Rosenauer
2016-02-26 22:35:32 +00:00
a3bc9c3699Accepting request 361943 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2016-02-26 21:04:29 +00:00
eca461acb2Accepting request 359419 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2016-02-15 10:50:53 +00:00
3253c98249- update to Firefox 44.0.2 * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) Same-origin-policy violation using Service Workers with plugins * Fix issue which could lead to the removal of stored passwords under certain circumstances (bmo#1242176) * Allows spaces in cookie names (bmo#1244505) * Disable opus/vorbis audio with H.264 (bmo#1245696) * Fix for graphics startup crash (GNU/Linux) (bmo#1222171) * Fix a crash in cache networking (bmo#1244076) * Fix using WebSockets in service worker controlled pages (bmo#1243942)
Wolfgang Rosenauer
2016-02-12 14:47:06 +00:00
6787b5fdf2Accepting request 358662 from mozilla:Factory
Dominique Leuenberger
2016-02-12 10:22:01 +00:00
ba9f0c1773Accepting request 356135 from mozilla:Factory
Dominique Leuenberger
2016-02-03 09:16:00 +00:00
12d483420bAccepting request 356195 from home:AndreasStieger:branches:OBS_Maintained:MozillaFirefox
Wolfgang Rosenauer
2016-01-28 06:43:56 +00:00
2ea3069057- update to Firefox 44.0 (boo#963520) * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 Miscellaneous memory safety hazards * MFSA 2016-02/CVE-2016-1933 (bmo#1231761) Out of Memory crash when parsing GIF format images * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) Buffer overflow in WebGL after out of memory allocation * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) Firefox allows for control characters to be set in cookie names * MFSA 2016-06/CVE-2016-1937 (bmo#724353) Missing delay following user click events in protocol handler dialog * MFSA 2016-07/CVE-2016-1938 (bmo#1190248) Errors in mp_div and mp_exptmod cryptographic functions in NSS (fixed by requiring NSS 3.21) * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590) Addressbar spoofing attacks * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946 (bmo#1186621, bmo#1214782, bmo#1232096) Unsafe memory manipulation found through code inspection * MFSA 2016-11/CVE-2016-1947 (bmo#1237103) Application Reputation service disabled in Firefox 43 * requires NSPR 4.11 * requires NSS 3.21 - prepare mozilla-kde.patch for Gtk3 builds - rebased patches
Wolfgang Rosenauer
2016-01-26 22:39:03 +00:00
1f5badb87cAccepting request 352993 from mozilla:Factory
Dominique Leuenberger
2016-01-15 09:39:33 +00:00
38f5c0b4e7Accepting request 352991 from home:AndreasStieger:branches:mozilla:Factory
Wolfgang Rosenauer
2016-01-11 08:19:52 +00:00
4bfbaf13bbAccepting request 351269 from mozilla:Factory
Dominique Leuenberger
2016-01-05 08:40:54 +00:00
913aba2599- explicitely requires libXcomposite-devel
Wolfgang Rosenauer
2015-12-29 20:30:21 +00:00
56a322ceb6Accepting request 349286 from mozilla:Factory
Dominique Leuenberger
2015-12-27 00:57:12 +00:00
947695d633- update to Firefox 43.0.3 * requires NSS 3.20.2 to fix MFSA 2015-150/CVE-2015-7575 (bmo#1158489) MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature * various changes to support Windows update (SHA-1 vs. SHA-2) * workaround Youtube user agent detection issue (bmo#1233970) - fix file download regression for multi user systems (bmo#1233434) (mozilla-bmo1233434.patch)
Wolfgang Rosenauer
2015-12-26 13:06:31 +00:00
5fcce29637- update to Firefox 43.0 (bnc#959277) * Improved API support for m4v video playback * Users can opt-in to receive search suggestions from the Awesome Bar * WebRTC streaming on multiple monitors * User selectable second block list for Private Browsing's Tracking Protection security fixes: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards * MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with JavaScript variable assignment with unboxed objects * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using perfomance.getEntries and history navigation * MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows for control characters to be set in cookies * MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer overflow allocating extremely large textures * MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin information leak through web workers error events * MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data URI is incorrectly parsed * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) DOS due to malformed frames in HTTP/2 * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) Linux file chooser crashes on malformed images due to flaws in Jasper library
Wolfgang Rosenauer
2015-12-17 00:06:36 +00:00
427062674dAccepting request 344628 from mozilla:Factory
Dominique Leuenberger
2015-11-17 13:21:34 +00:00
d7dbc2da9b- Add desktop menu action for private browsing window to desktop - remove obsolete patch mozilla-bmo1005535.patch completely from source package to avoid automatic check failures
Wolfgang Rosenauer
2015-11-15 19:53:12 +00:00
479484011d- Add desktop menu action for private browsing window to desktop file (boo#954747)
Wolfgang Rosenauer
2015-11-12 19:04:14 +00:00
5e6c544ddaAccepting request 342306 from mozilla:Factory
Dominique Leuenberger
2015-11-08 10:24:40 +00:00
69197f5305security fixes: * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards * MFSA 2015-117/CVE-2015-4515 (bmo#1046421) Information disclosure through NTLM authentication * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) CSP bypass due to permissive Reader mode whitelist * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) Firefox for Android addressbar can be removed after fullscreen mode * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) Reading sensitive profile files through local HTML file on Android * MFSA 2015-121/CVE-2015-7187 (bmo#1195735) disabling scripts in Add-on SDK panels has no effect * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) Android intents can be used on Firefox for Android to open privileged files * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) XSS attack through intents on Firefox for Android * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) Crash when accessing HTML tables with accessibility tools on OS X * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-129/CVE-2015-7195 (bmo#1211871) Certain escaped characters in host of Location-header are being
Wolfgang Rosenauer
2015-11-03 17:24:31 +00:00
4461643420- update to Firefox 42.0 (bnc#952810) * Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites * Control Center that contains site security and privacy controls * Login Manager improvements * WebRTC improvements * Indicator added to tabs that play audio with one-click muting * Media Source Extension for HTML5 video available for all sites - requires NSPR 4.10.10 and NSS 3.19.4 - removed obsolete patches * mozilla-arm-disable-edsp.patch * mozilla-icu-strncat.patch * mozilla-skia-be-le.patch * toolkit-download-folder.patch - fixed build with enable-libproxy (bmo#1220399) * mozilla-libproxy.patch
Wolfgang Rosenauer
2015-11-03 15:49:03 +00:00
939933a945Accepting request 339287 from mozilla:Factory
Stephan Kulow
2015-10-24 08:23:54 +00:00
2de666dd50- update to Firefox 41.0.2 (bnc#950686) * MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669) Cross-origin restriction bypass using Fetch - added explicit appdata provides (bnc#949983)
Wolfgang Rosenauer
2015-10-16 10:49:41 +00:00
9cc818fa3cAccepting request 336284 from mozilla:Factory
Stephan Kulow
2015-10-12 08:00:37 +00:00
0e6478e65d- do not build with --enable-stdcxx-compat (this starts to fail build on various toolchain combinations and is not required for openSUSE builds in general
Wolfgang Rosenauer
2015-10-04 09:21:58 +00:00
a49d69320c- update to Firefox 41.0.1 * Fix a startup crash related to Yandex toolbar and Adblock Plus (bmo#1209124) * Fix potential hangs with Flash plugins (bmo#1185639) * Fix a regression in the bookmark creation (bmo#1206376) * Fix a startup crash with some Intel Media Accelerator 3150 graphic cards (bmo#1207665) * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)
Wolfgang Rosenauer
2015-10-01 18:39:43 +00:00
cd2ed3f584Accepting request 333058 from mozilla:Factory
Dominique Leuenberger
2015-10-01 10:21:19 +00:00
e6232894a5------------------------------------------------------------------ - update to Firefox 40.0.3 (bnc#943550) * Disable the asynchronous plugin initialization (bmo#1198590) * Fix a segmentation fault in the GStreamer support (bmo#1145230) * Fix a regression with some Japanese fonts used in the <input> field (bmo#1194055) * On some sites, the selection in a select combox box using the mouse could be broken (bmo#1194733) security fixes * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278) Use-after-free when resizing canvas element during restyling * MFSA 2015-95/CVE-2015-4498 (bmo#1042699) Add-on notification bypass through data URLs
Wolfgang Rosenauer
2015-09-23 05:41:29 +00:00
e28bb154cb- update to Firefox 41.0 (bnc#947003) * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards * MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers * MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute spoofing on Android by pasting URL with unknown scheme * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript * MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode * MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content * MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems * MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window * MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed
Wolfgang Rosenauer
2015-09-23 05:39:21 +00:00
7ffa28996e- update to Firefox 41.0 (bnc#) - rebased patches - removed obsolete patches * mozilla-arm64-libjpeg-turbo.patch
Wolfgang Rosenauer
2015-09-22 06:10:40 +00:00
eda79ba95cAccepting request 327639 from mozilla:Factory
Stephan Kulow
2015-08-29 18:02:21 +00:00
97ab9cb840- update to Firefox 40.0.3 (bnc#943550) * Disable the asynchronous plugin initialization (bmo#1198590) * Fix a segmentation fault in the GStreamer support (bmo#1145230) * Fix a regression with some Japanese fonts used in the <input> field (bmo#1194055) * On some sites, the selection in a select combox box using the mouse could be broken (bmo#1194733) security fixes * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278) Use-after-free when resizing canvas element during restyling * MFSA 2015-95/CVE-2015-4498 (bmo#1042699) Add-on notification bypass through data URLs
Wolfgang Rosenauer
2015-08-28 05:30:26 +00:00
309c919568Accepting request 322026 from mozilla:Factory
Dominique Leuenberger
2015-08-14 12:45:37 +00:00
c24ccd4afb- update to Firefox 40.0 (bnc#940806) * Added protection against unwanted software downloads * Suggested Tiles show sites of interest, based on categories from your recent browsing history * Hello allows adding a link to conversations to provide context on what the conversation will be about * New style for add-on manager based on the in-content preferences style * Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only) * Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked security fixes: * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright * MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater)
Wolfgang Rosenauer
2015-08-12 07:11:49 +00:00
2043870412Accepting request 321236 from mozilla:Factory
Dominique Leuenberger
2015-08-10 07:15:18 +00:00
5cd9f0a774- security update to Firefox 39.0.3 (bnc#940918) * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin violation and local file stealing via PDF reader
Wolfgang Rosenauer
2015-08-07 10:23:02 +00:00
812ef51b9dAccepting request 314952 from mozilla:Factory
Stephan Kulow
2015-07-16 15:13:07 +00:00
ea519de414- update to Firefox 39.0 (bnc#935979) security fixes: * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726 Miscellaneous memory safety hazards * MFSA 2015-60/CVE-2015-2727 (bmo#1163422) Local files or privileged URLs in pages can be opened into new tabs * MFSA 2015-61/CVE-2015-2728 (bmo#1142210) Type confusion in Indexed Database Manager * MFSA 2015-62/CVE-2015-2729 (bmo#1122218) Out-of-bound read while computing an oscillator rendering range in Web Audio * MFSA 2015-63/CVE-2015-2731 (bmo#1149891) Use-after-free in Content Policy due to microtask execution error * MFSA 2015-64/CVE-2015-2730 (bmo#1125025) ECDSA signature validation fails to handle some signatures correctly (this fix is shipped by NSS 3.19.1 externally) * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) Use-after-free in workers while using XMLHttpRequest * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 Vulnerabilities found through code inspection * MFSA 2015-67/CVE-2015-2741 (bmo#1147497) Key pinning is ignored when overridable errors are encountered * MFSA 2015-68/CVE-2015-2742 (bmo#1138669) OS X crash reports may contain entered key press information (not relevant under Linux) * MFSA 2015-69/CVE-2015-2743 (bmo#1163109) Privilege escalation in PDF.js * MFSA 2015-70/CVE-2015-4000 (bmo#1138554) NSS accepts export-length DHE keys with regular DHE cipher suites (this fix is shipped by NSS 3.19.1 externally)
Wolfgang Rosenauer
2015-07-03 06:21:15 +00:00
9353554b5d- update to Firefox 39.0 * Share Hello URLs with social networks * Support for 'switch' role in ARIA 1.1 (web accessibility) * SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux) * Support for new Unicode 8.0 skin tone emoji * Removed support for insecure SSLv3 for network communications * Disable use of RC4 except for temporarily whitelisted hosts * NPAPI Plug-in performance improved via asynchronous initialization - dropped mozilla-prefer_plugin_pref.patch as this feature is likely not worth maintaining further - rebased patches - require NSS 3.19.2
Wolfgang Rosenauer
2015-06-24 19:26:58 +00:00
51e2af5d00Accepting request 312501 from home:Andreas_Schwab:Factory
Wolfgang Rosenauer
2015-06-19 06:08:19 +00:00
060e998d19Accepting request 311096 from mozilla:Factory
Dominique Leuenberger
2015-06-09 10:24:06 +00:00
d0dd48e06c- update to Firefox 38.0.6 * fixes bmo#1171730 which is not really relevant to oS builds - fix KDE regression from 38.0.5 builds (bsc#933439)
Wolfgang Rosenauer
2015-06-07 20:02:48 +00:00
301a105851Accepting request 309818 from mozilla:Factory
Dominique Leuenberger
2015-06-04 07:01:02 +00:00
e03f1ffc2d- update to Firefox 38.0.5 * Keep track of articles and videos with Pocket * Clean formatting for articles and blog posts with Reader View * Share the active tab or window in a Hello conversation - add changes file as source for SRPM (bsc#932142)
Wolfgang Rosenauer
2015-06-01 08:32:35 +00:00
257cbcd9f5Accepting request 307294 from mozilla:Factory
Dominique Leuenberger
2015-05-20 21:50:41 +00:00
13fb8d74edAccepting request 307277 from home:michel_mno:branches:mozilla:Factory
Wolfgang Rosenauer
2015-05-15 11:08:59 +00:00
a9fdf6b5ec- update to Firefox 38.0.1 stability and regression fixes * Systems with first generation NVidia Optimus graphics cards may crash on start-up * Users who import cookies from Google Chrome can end up with broken websites * Large animated images may fail to play and may stop other images from loading - update to Firefox 38.0 (bnc#930622) * New tab-based preferences * Ruby annotation support * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/ security fixes: * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 Miscellaneous memory safety hazards * MFSA 2015-47/VE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264 video with Linux Gstreamer * MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG content and CSS * MFSA 2015-49/CVE-2015-2711 (bmo#1113431) Referrer policy ignored when links opened by middle-click and context menu * MFSA 2015-50/CVE-2015-2712 (bmo#1152280) Out-of-bounds read and write in asm.js validation * MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text processing with vertical text enabled * MFSA 2015-53/CVE-2015-2715 (bmo#988698) Use-after-free due to Media Decoder Thread creation during shutdown * MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing compressed XML
Wolfgang Rosenauer
2015-05-15 09:20:13 +00:00
8a0ded8a29- update to 31.7.0 (bnc#)
Wolfgang Rosenauer
2015-05-10 20:12:38 +00:00
4e037f812cAccepting request 298646 from mozilla:Factory
Stephan Kulow
2015-04-25 14:46:38 +00:00
98f546d89a- update to Firefox 37.0.2 (bnc#928116) * MFSA 2015-45/CVE-2015-2706 (bmo#1141081) Memory corruption during failed plugin initialization
Wolfgang Rosenauer
2015-04-22 14:54:45 +00:00
60d39ce174Accepting request 294722 from mozilla:Factory
Dominique Leuenberger
2015-04-10 07:46:26 +00:00
3f9a2a2e9d- update to Firefox 37.0.1 (bnc#926166)
Wolfgang Rosenauer
2015-04-07 10:01:31 +00:00
aece7ba539- update to Firefox 37.0.1 * MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only) Loading privileged content through Reader mode * MFSA 2015-44/CVE-2015-0799 (bmo#1148328) Certificate verification bypass through the HTTP/2 Alt-Svc header
Wolfgang Rosenauer
2015-04-07 07:34:55 +00:00
9bbd9c54afAccepting request 293906 from mozilla:Factory
Dominique Leuenberger
2015-04-07 07:27:50 +00:00
9f194c0737- update to Firefox 37.0 (bnc#925368) * Heartbeat user rating system * Yandex set as default search provider for the Turkish locale * Bing search now uses HTTPS for secure searching * Improved protection against site impersonation via OneCRL centralized certificate revocation * Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc * some more behaviour changes for TLS security fixes: * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 Miscellaneous memory safety hazards * MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) Use-after-free when using the Fluendo MP3 GStreamer plugin * MFSA 2015-32/CVE-2015-0812 (bmo#1128126) Add-on lightweight theme installation approval bypassed through MITM attack * MFSA 2015-33/CVE-2015-0816 (bmo#1144991) resource:// documents can load privileged pages * MFSA-2015-34/CVE-2015-0811 (bmo#1132468) Out of bounds read in QCMS library * MFSA-2015-35/CVE-2015-0810 (bmo#1125013) Cursor clickjacking with flash and images (OS X only) * MFSA-2015-36/CVE-2015-0808 (bmo#1109552) Incorrect memory management for simple-type arrays in WebRTC * MFSA-2015-37/CVE-2015-0807 (bmo#1111834) CORS requests should not follow 30x redirections after preflight * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437) Memory corruption crashes in Off Main Thread Compositing * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)
Wolfgang Rosenauer
2015-04-01 11:31:46 +00:00
Wolfgang Rosenauer
Dominique Leuenberger
Stephan Kulow