File _patchinfo of Package patchinfo.3275

<patchinfo incident="3275">
 <issue id="900639" tracker="bnc">firefox stopped to spell check - needs external dictionaries</issue>
  <issue id="908009" tracker="bnc">VUL-0: MozillaFirefox: Firefox 34/Firefox ESR 31.3/Thunderbird 31.3</issue>
  <issue id="CVE-2014-1591" tracker="cve" />
  <issue id="CVE-2014-1590" tracker="cve" />
  <issue id="CVE-2014-1593" tracker="cve" />
  <issue id="CVE-2014-1592" tracker="cve" />
  <issue id="CVE-2014-1587" tracker="cve" />
  <issue id="CVE-2014-1588" tracker="cve" />
  <issue id="CVE-2014-1589" tracker="cve" />
  <issue id="CVE-2014-1594" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>wrosenauer</packager>
  <description>This MozillaFirefox update fixes several security and non security issues.

Changes in MozillaFirefox:
- update to Firefox 34.0.5 (bnc#908009)
  * Default search engine changed to Yahoo! for North America
  * Default search engine changed to Yandex for Belarusian, Kazakh,
    and Russian locales
  * Improved search bar (en-US only)
  * Firefox Hello real-time communication client
  * Easily switch themes/personas directly in the Customizing mode
  * Implementation of HTTP/2 (draft14) and ALPN
  * Disabled SSLv3
  * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
    Miscellaneous memory safety hazards
  * MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
    XBL bindings accessible via improper CSS declarations
  * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
    XMLHttpRequest crashes with some input streams
  * MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
    CSP leaks redirect data via violation reports
  * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
    Use-after-free during HTML5 parsing
  * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
    Buffer overflow while parsing media content
  * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
    Bad casting from the BasicThebesLayer to BasicContainerLayer
- rebased patches
- limit linker memory usage for %ix86

- update to Firefox 33.1
  * Adding DuckDuckGo as a search option (upstream)
  * Forget Button added
  * Enhanced Tiles
  * Privacy tour introduced
- fix typo in GStreamer Recommends

- Disable elf-hack for aarch64
- Enable EGL for aarch64
- Limit RAM usage during link for %arm
- Fix _constraints for ARM

- use proper macros for ARM

- use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too
  to fix compiling.
- pass '-Wl,--no-keep-memory' to linker to reduce required memory during
  linking on arm.

- update to Firefox 33.0.2
  * Fix a startup crash with some combination of hardware and drivers
  33.0.1
  * Firefox displays a black screen at start-up with certain
    graphics drivers
- adjusted _constraints for ARM

- added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588)

- define /usr/share/myspell as additional dictionary location
  and remove add-plugins.sh finally (bnc#900639)

- use Firefox default optimization flags instead of -Os
- specfile cleanup
  </description>
  <summary>Security update for MozillaFirefox</summary>
</patchinfo>