A new user interface for you! Read more...

File mozilla-xulrunner191.changes of Package mozilla-xulrunner191

-------------------------------------------------------------------
Fri Feb  5 17:49:30 CET 2010 - wr@rosenauer.org

- update to version 1.9.1.8 (bnc#576969)
  * MFSA-2010-01/CVE-2010-0159
    Crashes with evidence of memory corruption
  * MFSA-2010-02/CVE-2010-0160
    Web Worker Array Handling Heap Corruption Vulnerability
  * MFSA-2010-03/CVE-2009-1571 (bmo#526500)
    Use-after-free crash in HTML parser
  * MFSA-2010-04/CVE-2009-3988 (bmo#504862)
    XSS due to window.dialogArguments being readable cross-domain
  * MFSA-2010-05/CVE-2010-0162 (bmo#455472)
    XSS hazard using SVG document and binary Content-Type

-------------------------------------------------------------------
Fri Dec 25 09:37:02 CET 2009 - wr@rosenauer.org

- update to version 1.9.1.7 (bnc#568011)
  * DNS resolution in MakeSN of nsAuthSSPI causing issues for 
    proxy servers that support NTLM auth (bmo#535193)
- added missing lockdown preferences (bnc#567131)

-------------------------------------------------------------------
Thu Dec 17 19:55:59 CET 2009 - wr@rosenauer.org

- fixed new gconf backend and reenabled lockdown feature
  (bnc#546158)
- add baselibs.conf to source package

-------------------------------------------------------------------
Fri Dec  4 15:34:01 CET 2009 - wr@rosenauer.org

- security update to version 1.9.1.6 (bnc#559807)
  * MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
    Crashes with evidence of memory corruption (rv:1.9.1.6)
  * MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
    Memory safety fixes in liboggplay media library
  * MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
    Integer overflow, crash in libtheora video library
  * MFSA 2009-68/CVE-2009-3983 (bmo#487872)
    NTLM reflection vulnerability
  * MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
    Location bar spoofing vulnerabilities
  * MFSA 2009-70/VE-2009-3986 (bmo#522430)
    Privilege escalation via chrome window.opener
- use internal cairo up to 11.1
- provide mozilla-kde4-version to make KDE helper version
  more version independent
- use .autoreg file for autoregistration when needed (bnc#440872)

-------------------------------------------------------------------
Tue Nov 24 12:59:56 CET 2009 - wr@rosenauer.org

- added mozilla-clipboard.patch fixing a common crash 
  (bmo#495392, bnc#556886)

-------------------------------------------------------------------
Mon Nov 23 13:44:57 CET 2009 - llunak@novell.com

- KDE, use mimetype for opening url if known (bnc#556156)

-------------------------------------------------------------------
Mon Nov 16 16:06:20 CET 2009 - llunak@novell.com

- fix KDE filepicker (bnc#548267,bnc#555438)

-------------------------------------------------------------------
Fri Nov 13 22:50:53 CET 2009 - llunak@novell.com

- avoid possible deadlock with KDE integration (bnc#555202)

-------------------------------------------------------------------
Thu Nov  5 19:43:48 UTC 2009 - wr@rosenauer.org

- update to version 1.9.1.5 (bnc#553172)
- strip unneeded update-desktop-files from BuildRequires

-------------------------------------------------------------------
Sun Oct 18 13:06:15 CEST 2009 - wr@rosenauer.org

- security update to version 1.9.1.4 (bnc#545277)
  * MFSA 2009-52/CVE-2009-3370 (bmo#511615)
    Form history vulnerable to stealing
  * MFSA 2009-53/CVE-2009-3274 (bmo#514823)
    Local downloaded file tampering
  * MFSA 2009-54/CVE-2009-3371 (bmo#514554)
    Crash with recursive web-worker calls
  * MFSA 2009-55/CVE-2009-3372 (bmo#500644)
    Crash in proxy auto-configuration regexp parsing
  * MFSA 2009-56/CVE-2009-3373 (bmo#511689)
    Heap buffer overflow in GIF color map parser
  * MFSA 2009-57/CVE-2009-3374 (bmo#505988)
    Chrome privilege escalation in XPCVariant::VariantDataToJS()
  * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862)
    Heap buffer overflow in string to number conversion
  * MFSA 2009-61/CVE-2009-3375 (bmo#503226)
    Cross-origin data theft through document.getSelection()
  * MFSA 2009-62/CVE-2009-3376 (bmo#511521)
    Download filename spoofing with RTL override
  * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378
    Upgrade media libraries to fix memory safety bugs
  * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383
    Crashes with evidence of memory corruption
- removed upstreamed patches 
  * mozilla-protocol_handler.patch
  * mozilla-sysplugin-biarch.patch
- removed unneeded PreReq and morphed some to usual Requires

-------------------------------------------------------------------
Mon Oct 12 09:55:28 CEST 2009 - wr@rosenauer.org

- fix startup notification (bnc#518603)
- disable lockdown feature as it bitrotted and breaks a11y
  (bnc#508611)

-------------------------------------------------------------------
Fri Oct  2 22:58:45 CEST 2009 - wr@rosenauer.org

- extend list of supported architectures as ABI identifier
  (mozilla-abi.patch) (bnc#543460)
- prepare (but not use) libproxy implementation

-------------------------------------------------------------------
Fri Sep 11 08:26:01 CEST 2009 - wr@rosenauer.org

- added KDE integration patch from llunak@novell.com
  (mozilla-kde.patch)
  * support for knotify, making -kde4-addon obsolete
  * KDE-specific support functional (bnc#170055)
- filter libsqlite3.so from provides (bnc#538094)
- minor update of mozilla-helper-app.patch

-------------------------------------------------------------------
Thu Sep 10 09:34:26 CEST 2009 - wr@rosenauer.org

- security update to version 1.9.1.3 (bnc#534458)
  * MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/
    CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075
    Crashes with evidence of memory corruption
  * MFSA 2009-49/CVE-2009-3077 (bmo#506871)
    TreeColumns dangling pointer vulnerability
  * MFSA 2009-50/CVE-2009-3078 (bmo#453827)
    Location bar spoofing via tall line-height Unicode characters
  * MFSA 2009-51/CVE-2009-3079 (bmo#454363)
    Chrome privilege escalation with FeedWriter
- removed obsolete mozilla-jemalloc_deepbind.patch

-------------------------------------------------------------------
Wed Aug 19 22:12:06 CEST 2009 - wr@rosenauer.org

- remove obsolete code for protocol handlers (bmo#389732)
  (mozilla-protocol_handler.patch)

-------------------------------------------------------------------
Sat Aug  8 00:04:49 CEST 2009 - wr@rosenauer.org

- split -translations package into -common and -other
  (bnc#529180)

-------------------------------------------------------------------
Sun Aug  2 23:10:55 CEST 2009 - wr@rosenauer.org

- security update to version 1.9.1.2
  * MFSA 2009-38/CVE-2009-2470 (bmo#459524)
    Data corruption with SOCKS5 reply containing DNS name longer
    than 15 characters
  * MFSA 2009-44/CVE-2009-2654 (bmo#451898)
    Location bar and SSL indicator spoofing via window.open() on
    invalid URL
  * MFSA 2009-45
    Crashes with evidence of memory corruption
  * MFSA 2009-46 (bmo#498897)
    Chrome privilege escalation due to incorrectly cached wrapper
  * various other stability fixes
- removed obsolete mozilla-restart-cmd.patch
  (applications now have to export MOZ_APP_LAUNCHER to set the 
  correct restart command) (bmo#453689)
- allow alternative button order for Gtk filechooser (bnc#527418)

-------------------------------------------------------------------
Tue Jul 28 13:05:58 CEST 2009 - wr@rosenauer.org

- fixed %exclude usage

-------------------------------------------------------------------
Wed Jul 15 19:39:43 CEST 2009 - wr@rosenauer.org

- security update to version 1.9.1.1
  * MFSA 2009-41
    Corrupt JIT state after deep return from native function

-------------------------------------------------------------------
Wed Jul  8 12:35:45 CEST 2009 - wr@rosenauer.org

- fixed mozilla-sysplugin-biarch.patch to accept 64bit plugins in
  /usr/lib64/mozilla/plugins

-------------------------------------------------------------------
Thu Jul  2 21:24:22 CEST 2009 - wr@rosenauer.org

- added mozilla-jemalloc_deepbind.patch to fix various possible
  crashes (bnc#503151, bmo#493541)

-------------------------------------------------------------------
Tue Jun 30 08:44:57 CEST 2009 - wr@rosenauer.org

- update to final 1.9.1.0 (20090623)

-------------------------------------------------------------------
Fri Jun 19 20:06:18 CEST 2009 - wr@rosenauer.org

- removed locale.patch and added the pref to build specific ones
- added mozilla-prefer_plugin_pref.patch to introduce a new set of
  prefs to support preferring certain plugins for mime-types

-------------------------------------------------------------------
Thu Jun 18 00:33:29 CEST 2009 - wr@rosenauer.org

- update to 1.9.1rc2 (20090617)
  * added or locale

-------------------------------------------------------------------
Wed Jun 10 08:52:38 CEST 2009 - wr@rosenauer.org

- removed outdated mozilla-deprecated-gtk-macros.patch for now
  to fix build

-------------------------------------------------------------------
Sat Jun  6 16:23:38 CEST 2009 - wr@rosenauer.org

- update to 1.9.1b99 (20090604)
- adapted supported locale list
- added mozilla-sysplugin-biarch.patch to use 
  /usr/$LIB/mozilla/plugins as system plugin dir (bmo#496708)
- added mozilla-deprecated-gtk-macros.patch to change GTK_macros
  to G_TYPE (bmo#461277)

-------------------------------------------------------------------
Fri May  8 10:36:25 CEST 2009 - wr@rosenauer.org

- fixing rpath linker flags (part of bnc#501174)
- improved pkgconfig files
- use non-localized Downloads folder (bnc#501724)

-------------------------------------------------------------------
Mon Apr 27 09:08:30 CEST 2009 - wr@rosenauer.org

- update to 1.9.1b4
- removed obsolete pango and gcc4.4 patches
- added newly supported locales

-------------------------------------------------------------------
Tue Mar 24 21:45:40 CET 2009 - wr@rosenauer.org

- add patch to compile with gcc 4.4 (bmo#483956)

-------------------------------------------------------------------
Tue Mar 17 14:07:35 CET 2009 - wr@rosenauer.org

- update to 1.9.1b3
- added Pango patch needed for API change (bmo#481193)
- make mozjs consumers using rpath to the correct location
  to find the library at runtime (bnc#479505)
- don't use system sqlite (missing FTS3 support)

-------------------------------------------------------------------
Mon Aug 25 09:14:54 CEST 2008 - wr@rosenauer.org

- initial package