LogoopenSUSE Build Service > Projects > openSUSE:Factory:PowerPC > MozillaFirefox > Revisions
Sign Up | Log In

Revision Log of MozillaFirefox (223)

Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 344628 12 days ago (revision 223)
- Add desktop menu action for private browsing window to desktop
  file (boo#954747)
- remove obsolete patch mozilla-bmo1005535.patch completely from
  source package to avoid automatic check failures
Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 342306 21 days ago (revision 222)
- update to Firefox 42.0 (bnc#952810)
  * Private Browsing with Tracking Protection blocks certain Web
    elements that could be used to record your behavior across sites
  * Control Center that contains site security and privacy controls
  * Login Manager improvements
  * WebRTC improvements
  * Indicator added to tabs that play audio with one-click muting
  * Media Source Extension for HTML5 video available for all sites
  security fixes:
  * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
    Miscellaneous memory safety hazards
  * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
    Information disclosure through NTLM authentication
  * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
    CSP bypass due to permissive Reader mode whitelist
  * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
    Firefox for Android addressbar can be removed after fullscreen mode
  * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
    Reading sensitive profile files through local HTML file on Android
  * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
    disabling scripts in Add-on SDK panels has no effect
  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
    Trailing whitespace in IP address hostnames can bypass same-origin policy
  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
    Buffer overflow during image interactions in canvas
  * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
    Android intents can be used on Firefox for Android to open privileged files
  * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
    XSS attack through intents on Firefox for Android
  * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
Stephan Kulow Stephan Kulow (coolo) accepted request 339287 about 1 month ago (revision 221)
- update to Firefox 41.0.2 (bnc#950686)
  * MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669)
    Cross-origin restriction bypass using Fetch
- added explicit appdata provides (bnc#949983)
Stephan Kulow Stephan Kulow (coolo) accepted request 336284 about 2 months ago (revision 220)
- do not build with --enable-stdcxx-compat
  (this starts to fail build on various toolchain combinations
  and is not required for openSUSE builds in general

- update to Firefox 41.0.1
  * Fix a startup crash related to Yandex toolbar and Adblock Plus
  * Fix potential hangs with Flash plugins (bmo#1185639)
  * Fix a regression in the bookmark creation (bmo#1206376)
  * Fix a startup crash with some Intel Media Accelerator 3150
    graphic cards (bmo#1207665)
  * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)
Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 333058 about 2 months ago (revision 219)
- update to Firefox 41.0 (bnc#947003)
  * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
    Miscellaneous memory safety hazards
  * MFSA 2015-97/CVE-2015-4503 (bmo#994337)
    Memory leak in mozTCPSocket to servers
  * MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
    Out of bounds read in QCMS library with ICC V4 profile attributes
  * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
    Site attribute spoofing on Android by pasting URL with unknown scheme
  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
    Arbitrary file manipulation by local user through Mozilla updater
  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
    Buffer overflow in libvpx while parsing vp9 format video
  * MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
    Crash when using debugger with SavedStacks in JavaScript
  * MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
    URL spoofing in reader mode
  * MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
    Use-after-free with shared workers and IndexedDB
  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
    Buffer overflow while decoding WebM video
  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
    Use-after-free while manipulating HTML media content
  * MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
    Out-of-bounds read during 2D canvas display on Linux 16-bit
    color depth systems
  * MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
    Scripted proxies can access inner window
  * MFSA 2015-109/CVE-2015-4516 (bmo#904886)
    JavaScript immutable property enforcement can be bypassed
Stephan Kulow Stephan Kulow (coolo) accepted request 327639 3 months ago (revision 218)
- update to Firefox 40.0.3 (bnc#943550)
  * Disable the asynchronous plugin initialization (bmo#1198590)
  * Fix a segmentation fault in the GStreamer support (bmo#1145230)
  * Fix a regression with some Japanese fonts used in the <input>
    field (bmo#1194055)
  * On some sites, the selection in a select combox box using the
    mouse could be broken (bmo#1194733)
  security fixes
  * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
    Use-after-free when resizing canvas element during restyling
  * MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
    Add-on notification bypass through data URLs
Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 322026 4 months ago (revision 217)
- update to Firefox 40.0 (bnc#940806)
  * Added protection against unwanted software downloads
  * Suggested Tiles show sites of interest, based on categories
    from your recent browsing history
  * Hello allows adding a link to conversations to provide context
    on what the conversation will be about
  * New style for add-on manager based on the in-content
    preferences style
  * Improved scrolling, graphics, and video playback performance
    with off main thread compositing (GNU/Linux only)
  * Graphic blocklist mechanism improved: Firefox version ranges
    can be specified, limiting the number of devices blocked
  security fixes:
  * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
    Miscellaneous memory safety hazards
  * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
    Out-of-bounds read with malformed MP3 file
  * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
    Use-after-free in MediaStream playback
  * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
    Redefinition of non-configurable JavaScript object properties
  * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
    Overflow issues in libstagefright
  * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
    Arbitrary file overwriting through Mozilla Maintenance Service
    with hard links (only affected Windows)
  * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
    Out-of-bounds write with Updater and malicious MAR file
    (does not affect openSUSE RPM packages which do not ship the
Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 321236 4 months ago (revision 216)
- security update to Firefox 39.0.3 (bnc#940918)
  * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
    Same origin violation and local file stealing via PDF reader
Stephan Kulow Stephan Kulow (coolo) accepted request 314952 5 months ago (revision 215)
- update to Firefox 39.0 (bnc#935979)
  * Share Hello URLs with social networks
  * Support for 'switch' role in ARIA 1.1 (web accessibility)
  * SafeBrowsing malware detection lookups enabled for downloads
    (Mac OS X and Linux)
  * Support for new Unicode 8.0 skin tone emoji
  * Removed support for insecure SSLv3 for network communications
  * Disable use of RC4 except for temporarily whitelisted hosts
  * NPAPI Plug-in performance improved via asynchronous initialization
  security fixes:
  * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726
    Miscellaneous memory safety hazards
  * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
    Local files or privileged URLs in pages can be opened into new tabs
  * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
    Type confusion in Indexed Database Manager
  * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
    Out-of-bound read while computing an oscillator rendering range in Web Audio
  * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
    Use-after-free in Content Policy due to microtask execution error
  * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
    ECDSA signature validation fails to handle some signatures correctly
    (this fix is shipped by NSS 3.19.1 externally)
  * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
    Use-after-free in workers while using XMLHttpRequest
  * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
    Vulnerabilities found through code inspection
  * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
    Key pinning is ignored when overridable errors are encountered
Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 311096 6 months ago (revision 214)
Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 309818 6 months ago (revision 213)
- update to Firefox 38.0.5
  * Keep track of articles and videos with Pocket
  * Clean formatting for articles and blog posts with Reader View
  * Share the active tab or window in a Hello conversation
- add changes file as source for SRPM (bsc#932142)
Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 307294 6 months ago (revision 212)
- add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from

- update to Firefox 38.0.1
  stability and regression fixes
  * Systems with first generation NVidia Optimus graphics cards
    may crash on start-up
  * Users who import cookies from Google Chrome can end up with
    broken websites
  * Large animated images may fail to play and may stop other
    images from loading

- update to Firefox 38.0 (bnc#930622)
  * New tab-based preferences
  * Ruby annotation support
  * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
  security fixes:
  * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
    Miscellaneous memory safety hazards
  * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
    Buffer overflow parsing H.264 video with Linux Gstreamer
  * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
    Buffer overflow with SVG content and CSS
  * MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
    Referrer policy ignored when links opened by middle-click and
    context menu
  * MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
    Out-of-bounds read and write in asm.js validation
  * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
    Use-after-free during text processing with vertical text enabled
Stephan Kulow Stephan Kulow (coolo) accepted request 298646 7 months ago (revision 211)
- update to Firefox 37.0.2 (bnc#928116)
  * MFSA 2015-45/CVE-2015-2706 (bmo#1141081)
    Memory corruption during failed plugin initialization
Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 294722 8 months ago (revision 210)
- update to Firefox 37.0.1 (bnc#926166)
  * MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only)
    Loading privileged content through Reader mode
  * MFSA 2015-44/CVE-2015-0799 (bmo#1148328)
    Certificate verification bypass through the HTTP/2 Alt-Svc header
Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 293906 8 months ago (revision 209)
- update to Firefox 37.0 (bnc#925368)
  * Heartbeat user rating system
  * Yandex set as default search provider for the Turkish locale
  * Bing search now uses HTTPS for secure searching
  * Improved protection against site impersonation via OneCRL
    centralized certificate revocation
  * Opportunistically encrypt HTTP traffic where the server supports
    HTTP/2 AltSvc
  * some more behaviour changes for TLS
  security fixes:
  * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
    Miscellaneous memory safety hazards
  * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
    Use-after-free when using the Fluendo MP3 GStreamer plugin
  * MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
    Add-on lightweight theme installation approval bypassed through
    MITM attack
  * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
    resource:// documents can load privileged pages
  * MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
    Out of bounds read in QCMS library
  * MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
    Cursor clickjacking with flash and images (OS X only)
  * MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
    Incorrect memory management for simple-type arrays in WebRTC
  * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
    CORS requests should not follow 30x redirections after preflight
  * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
    Memory corruption crashes in Off Main Thread Compositing
  * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)
Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 292313 8 months ago (revision 208)
- update to Firefox 36.0.4 (bnc#923534)
  * MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
    Privilege escalation through SVG navigation
  * MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
    Code execution through incorrect JavaScript bounds checking

- Copy the icons to /usr/share/icons instead of symlinking them:
  in preparation for containerized apps (e.g. xdg-app) as well as
  AppStream metadata extraction, there are a couple locations that
  need to be real files for system integration (.desktop files,
  icons, mime-type info).
Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 289960 9 months ago (revision 207)
FF 36 currently does not build on ARM and PPC apparently. I tried to fix one issue but it's not complete and still fails. This might need more research.

- update to Firefox 36.0.1
  * Disable the usage of the ANY DNS query type (bmo#1093983)
  * Hello may become inactive until restart (bmo#1137469)
  * Print preferences may not be preserved (bmo#1136855)
  * Hello contact tabs may not be visible (bmo#1137141)
  * Accept hostnames that include an underscore character ("_")
  * WebGL may use significant memory with Canvas2d (bmo#1137251)
  * Option -remote has been restored (bmo#1080319)
- added mozilla-skia-bmo1136958.patch to fix build issues for
  ARM and PPC
Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 287633 9 months ago (revision 206)
- update to Firefox 36.0 (bnc#917597)
  * mozilla-xremote-client was removed
  * added libclearkey.so media plugin
  * Pinned tiles on the new tab page can be synced
  * Support for the full HTTP/2 protocol. HTTP/2 enables a faster,
    more scalable, and more responsive web.
  * Locale added: Uzbek (uz)
  security fixes:
  * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
    Miscellaneous memory safety hazards
  * MFSA 2015-12/CVE-2015-0833 (bmo#945192)
    Invoking Mozilla updater will load locally stored DLL files
    (Windows only)
  * MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
    Appended period to hostnames can bypass HPKP and HSTS protections
  * MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
    Malicious WebGL content crash when writing strings
  * MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
    TLS TURN and STUN connections silently fail to simple TCP connections
  * MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
    Use-after-free in IndexedDB
  * MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
    Buffer overflow in libstagefright during MP4 video playback
  * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
    Double-free when using non-default memory allocators with a
    zero-length XHR
  * MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
    Out-of-bounds read and write while rendering SVG content
  * MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
    Buffer overflow during CSS restyling
Stephan Kulow Stephan Kulow (coolo) accepted request 281360 10 months ago (revision 205)
- update to Firefox 35.0 (bnc#910669)
  notable features:
  * Firefox Hello with new rooms-based conversations model
  * Implemented HTTP Public Key Pinning Extension (for enhanced
    authentication of encrypted connections)
  security fixes:
  * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
    Miscellaneous memory safety hazards
  * MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
    Uninitialized memory use during bitmap rendering
  * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
    sendBeacon requests lack an Origin header
  * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
    Cookie injection through Proxy Authenticate responses
  * MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
    Read of uninitialized memory in Web Audio
  * MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
    Read-after-free in WebRTC
  * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
    Gecko Media Plugin sandbox escape
  * MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
    Delegated OCSP responder certificates failure with
    id-pkix-ocsp-nocheck extension
  * MFSA 2015-09/CVE-2014-8636 (bmo#987794)
    XrayWrapper bypass through DOM objects
- rebased patches
- dropped explicit support for everything older than 12.3
  (including SLES11)
  * merge firefox-kde.patch and firefox-kde-114.patch
  * dropped mozilla-sle11.patch
Dominique Leuenberger Dominique Leuenberger (dimstar_suse) accepted request 266182 11 months ago (revision 204)
Automatic submission by obs-autosubmit

Show all