File mozilla-xulrunner191.changes of Package mozilla-xulrunner191
-------------------------------------------------------------------
Mon Nov 23 13:44:57 CET 2009 - llunak@novell.com
- KDE, use mimetype for opening url if known (bnc#556156)
-------------------------------------------------------------------
Mon Nov 16 16:06:20 CET 2009 - llunak@novell.com
- fix KDE filepicker (bnc#548267,bnc#555438)
-------------------------------------------------------------------
Fri Nov 13 22:50:53 CET 2009 - llunak@novell.com
- avoid possible deadlock with KDE integration (bnc#555202)
-------------------------------------------------------------------
Thu Nov 5 19:43:48 UTC 2009 - wr@rosenauer.org
- update to version 1.9.1.5 (bnc#553172)
- strip unneeded update-desktop-files from BuildRequires
-------------------------------------------------------------------
Sun Oct 18 13:06:15 CEST 2009 - wr@rosenauer.org
- security update to version 1.9.1.4 (bnc#545277)
* MFSA 2009-52/CVE-2009-3370 (bmo#511615)
Form history vulnerable to stealing
* MFSA 2009-53/CVE-2009-3274 (bmo#514823)
Local downloaded file tampering
* MFSA 2009-54/CVE-2009-3371 (bmo#514554)
Crash with recursive web-worker calls
* MFSA 2009-55/CVE-2009-3372 (bmo#500644)
Crash in proxy auto-configuration regexp parsing
* MFSA 2009-56/CVE-2009-3373 (bmo#511689)
Heap buffer overflow in GIF color map parser
* MFSA 2009-57/CVE-2009-3374 (bmo#505988)
Chrome privilege escalation in XPCVariant::VariantDataToJS()
* MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862)
Heap buffer overflow in string to number conversion
* MFSA 2009-61/CVE-2009-3375 (bmo#503226)
Cross-origin data theft through document.getSelection()
* MFSA 2009-62/CVE-2009-3376 (bmo#511521)
Download filename spoofing with RTL override
* MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378
Upgrade media libraries to fix memory safety bugs
* MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383
Crashes with evidence of memory corruption
- removed upstreamed patches
* mozilla-protocol_handler.patch
* mozilla-sysplugin-biarch.patch
- removed unneeded PreReq and morphed some to usual Requires
-------------------------------------------------------------------
Mon Oct 12 09:55:28 CEST 2009 - wr@rosenauer.org
- fix startup notification (bnc#518603)
- disable lockdown feature as it bitrotted and breaks a11y
(bnc#508611)
-------------------------------------------------------------------
Fri Oct 2 22:58:45 CEST 2009 - wr@rosenauer.org
- extend list of supported architectures as ABI identifier
(mozilla-abi.patch) (bnc#543460)
- prepare (but not use) libproxy implementation
-------------------------------------------------------------------
Fri Sep 11 08:26:01 CEST 2009 - wr@rosenauer.org
- added KDE integration patch from llunak@novell.com
(mozilla-kde.patch)
* support for knotify, making -kde4-addon obsolete
* KDE-specific support functional (bnc#170055)
- filter libsqlite3.so from provides (bnc#538094)
- minor update of mozilla-helper-app.patch
-------------------------------------------------------------------
Thu Sep 10 09:34:26 CEST 2009 - wr@rosenauer.org
- security update to version 1.9.1.3 (bnc#534458)
* MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/
CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075
Crashes with evidence of memory corruption
* MFSA 2009-49/CVE-2009-3077 (bmo#506871)
TreeColumns dangling pointer vulnerability
* MFSA 2009-50/CVE-2009-3078 (bmo#453827)
Location bar spoofing via tall line-height Unicode characters
* MFSA 2009-51/CVE-2009-3079 (bmo#454363)
Chrome privilege escalation with FeedWriter
- removed obsolete mozilla-jemalloc_deepbind.patch
-------------------------------------------------------------------
Wed Aug 19 22:12:06 CEST 2009 - wr@rosenauer.org
- remove obsolete code for protocol handlers (bmo#389732)
(mozilla-protocol_handler.patch)
-------------------------------------------------------------------
Sat Aug 8 00:04:49 CEST 2009 - wr@rosenauer.org
- split -translations package into -common and -other
(bnc#529180)
-------------------------------------------------------------------
Sun Aug 2 23:10:55 CEST 2009 - wr@rosenauer.org
- security update to version 1.9.1.2
* MFSA 2009-38/CVE-2009-2470 (bmo#459524)
Data corruption with SOCKS5 reply containing DNS name longer
than 15 characters
* MFSA 2009-44/CVE-2009-2654 (bmo#451898)
Location bar and SSL indicator spoofing via window.open() on
invalid URL
* MFSA 2009-45
Crashes with evidence of memory corruption
* MFSA 2009-46 (bmo#498897)
Chrome privilege escalation due to incorrectly cached wrapper
* various other stability fixes
- removed obsolete mozilla-restart-cmd.patch
(applications now have to export MOZ_APP_LAUNCHER to set the
correct restart command) (bmo#453689)
- allow alternative button order for Gtk filechooser (bnc#527418)
-------------------------------------------------------------------
Tue Jul 28 13:05:58 CEST 2009 - wr@rosenauer.org
- fixed %exclude usage
-------------------------------------------------------------------
Wed Jul 15 19:39:43 CEST 2009 - wr@rosenauer.org
- security update to version 1.9.1.1
* MFSA 2009-41
Corrupt JIT state after deep return from native function
-------------------------------------------------------------------
Wed Jul 8 12:35:45 CEST 2009 - wr@rosenauer.org
- fixed mozilla-sysplugin-biarch.patch to accept 64bit plugins in
/usr/lib64/mozilla/plugins
-------------------------------------------------------------------
Thu Jul 2 21:24:22 CEST 2009 - wr@rosenauer.org
- added mozilla-jemalloc_deepbind.patch to fix various possible
crashes (bnc#503151, bmo#493541)
-------------------------------------------------------------------
Tue Jun 30 08:44:57 CEST 2009 - wr@rosenauer.org
- update to final 1.9.1.0 (20090623)
-------------------------------------------------------------------
Fri Jun 19 20:06:18 CEST 2009 - wr@rosenauer.org
- removed locale.patch and added the pref to build specific ones
- added mozilla-prefer_plugin_pref.patch to introduce a new set of
prefs to support preferring certain plugins for mime-types
-------------------------------------------------------------------
Thu Jun 18 00:33:29 CEST 2009 - wr@rosenauer.org
- update to 1.9.1rc2 (20090617)
* added or locale
-------------------------------------------------------------------
Wed Jun 10 08:52:38 CEST 2009 - wr@rosenauer.org
- removed outdated mozilla-deprecated-gtk-macros.patch for now
to fix build
-------------------------------------------------------------------
Sat Jun 6 16:23:38 CEST 2009 - wr@rosenauer.org
- update to 1.9.1b99 (20090604)
- adapted supported locale list
- added mozilla-sysplugin-biarch.patch to use
/usr/$LIB/mozilla/plugins as system plugin dir (bmo#496708)
- added mozilla-deprecated-gtk-macros.patch to change GTK_macros
to G_TYPE (bmo#461277)
-------------------------------------------------------------------
Fri May 8 10:36:25 CEST 2009 - wr@rosenauer.org
- fixing rpath linker flags (part of bnc#501174)
- improved pkgconfig files
- use non-localized Downloads folder (bnc#501724)
-------------------------------------------------------------------
Mon Apr 27 09:08:30 CEST 2009 - wr@rosenauer.org
- update to 1.9.1b4
- removed obsolete pango and gcc4.4 patches
- added newly supported locales
-------------------------------------------------------------------
Tue Mar 24 21:45:40 CET 2009 - wr@rosenauer.org
- add patch to compile with gcc 4.4 (bmo#483956)
-------------------------------------------------------------------
Tue Mar 17 14:07:35 CET 2009 - wr@rosenauer.org
- update to 1.9.1b3
- added Pango patch needed for API change (bmo#481193)
- make mozjs consumers using rpath to the correct location
to find the library at runtime (bnc#479505)
- don't use system sqlite (missing FTS3 support)
-------------------------------------------------------------------
Mon Aug 25 09:14:54 CEST 2008 - wr@rosenauer.org
- initial package
