Changelog for
mozilla-xulrunner191-1.9.1.9-1.1.x86_64.rpm :
Wed May 5 14:00:00 2010 hmuelleAATTnovell.com
- switch handling of update-alternatives to APIVERSION (bnc#589037)
- using version_internal causes issue with distribution upgrades
- actual a downgrade of xulrunner could happen which leads to a
broken link and a not working xulrunner
Wed Mar 17 13:00:00 2010 wrAATTrosenauer.org
- security update to version 1.9.1.9 (bnc#586567)
* MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
Crashes with evidence of memory corruption
* MFSA 2010-17/CVE-2010-0175 (bmo#540100,375928)
Remote code execution with use-after-free in nsTreeSelection
* MFSA 2010-18/CVE-2010-0176 (bmo#538308)
Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-19/CVE-2010-0177 (bmo#538310)
Dangling pointer vulnerability in nsPluginArray
* MFSA 2010-20/CVE-2010-0178 (bmo#546909)
Chrome privilege escalation via forced URL drag and drop
* MFSA 2010-22/CVE-2009-3555 (bmo#545755)
Update NSS to support TLS renegotiation indication
* MFSA 2010-23/CVE-2010-0181 (bmo#452093)
Image src redirect to mailto: URL opens email editor
* MFSA 2010-24/CVE-2010-0182 (bmo#490790)
XMLDocument::load() doesn\'t check nsIContentPolicy
- clean up correctly on update (bnc#589094)
Fri Feb 5 13:00:00 2010 wrAATTrosenauer.org
- update to version 1.9.1.8 (bnc#576969)
* MFSA-2010-01/CVE-2010-0159
Crashes with evidence of memory corruption
* MFSA-2010-02/CVE-2010-0160
Web Worker Array Handling Heap Corruption Vulnerability
* MFSA-2010-03/CVE-2009-1571 (bmo#526500)
Use-after-free crash in HTML parser
* MFSA-2010-04/CVE-2009-3988 (bmo#504862)
XSS due to window.dialogArguments being readable cross-domain
* MFSA-2010-05/CVE-2010-0162 (bmo#455472)
XSS hazard using SVG document and binary Content-Type
Fri Dec 25 13:00:00 2009 wrAATTrosenauer.org
- update to version 1.9.1.7 (bnc#568011)
* DNS resolution in MakeSN of nsAuthSSPI causing issues for
proxy servers that support NTLM auth (bmo#535193)
- added missing lockdown preferences (bnc#567131)
Thu Dec 17 13:00:00 2009 wrAATTrosenauer.org
- add baselibs.conf to source package
Thu Dec 17 13:00:00 2009 bgmerrellAATTnovell.com
- Make some changes to gconf-backend.patch.bz2
* Gconf preferences overwrite Mozilla preferences when Firefox
loads (instead of vice versa).
* Check to make sure gconf keys are writable before attempting
to write to them (bnc#544547)
* Change \"My Downloads\" to \"Downloads\", as \"My Downloads\" isn\'t
used anymore
More information at bmo#321315 comment 25.
Fri Dec 4 13:00:00 2009 wrAATTrosenauer.org
- security update to version 1.9.1.6 (bnc#559807)
* MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
Crashes with evidence of memory corruption (rv:1.9.1.6)
* MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
Memory safety fixes in liboggplay media library
* MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
Integer overflow, crash in libtheora video library
* MFSA 2009-68/CVE-2009-3983 (bmo#487872)
NTLM reflection vulnerability
* MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
Location bar spoofing vulnerabilities
* MFSA 2009-70/VE-2009-3986 (bmo#522430)
Privilege escalation via chrome window.opener
- use internal cairo up to 11.1
- provide mozilla-kde4-version to make KDE helper version
more version independent
- use .autoreg file for autoregistration when needed (bnc#440872)
Tue Nov 24 13:00:00 2009 wrAATTrosenauer.org
- added mozilla-clipboard.patch fixing a common crash
(bmo#495392, bnc#556886)
Mon Nov 23 13:00:00 2009 llunakAATTnovell.com
- KDE, use mimetype for opening url if known (bnc#556156)
Mon Nov 16 13:00:00 2009 llunakAATTnovell.com
- fix KDE filepicker (bnc#548267,bnc#555438)
Fri Nov 13 13:00:00 2009 llunakAATTnovell.com
- avoid possible deadlock with KDE integration (bnc#555202)
Thu Nov 5 13:00:00 2009 wrAATTrosenauer.org
- update to version 1.9.1.5 (bnc#553172)
- strip unneeded update-desktop-files from BuildRequires
Sun Oct 18 14:00:00 2009 wrAATTrosenauer.org
- security update to version 1.9.1.4 (bnc#545277)
* MFSA 2009-52/CVE-2009-3370 (bmo#511615)
Form history vulnerable to stealing
* MFSA 2009-53/CVE-2009-3274 (bmo#514823)
Local downloaded file tampering
* MFSA 2009-54/CVE-2009-3371 (bmo#514554)
Crash with recursive web-worker calls
* MFSA 2009-55/CVE-2009-3372 (bmo#500644)
Crash in proxy auto-configuration regexp parsing
* MFSA 2009-56/CVE-2009-3373 (bmo#511689)
Heap buffer overflow in GIF color map parser
* MFSA 2009-57/CVE-2009-3374 (bmo#505988)
Chrome privilege escalation in XPCVariant::VariantDataToJS()
* MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862)
Heap buffer overflow in string to number conversion
* MFSA 2009-61/CVE-2009-3375 (bmo#503226)
Cross-origin data theft through document.getSelection()
* MFSA 2009-62/CVE-2009-3376 (bmo#511521)
Download filename spoofing with RTL override
* MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378
Upgrade media libraries to fix memory safety bugs
* MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383
Crashes with evidence of memory corruption
- removed upstreamed patches
* mozilla-protocol_handler.patch
* mozilla-sysplugin-biarch.patch
- removed unneeded PreReq and morphed some to usual Requires
Mon Oct 12 14:00:00 2009 wrAATTrosenauer.org
- fix startup notification (bnc#518603)
- disable lockdown feature as it bitrotted and breaks a11y
(bnc#508611)
Fri Oct 2 14:00:00 2009 wrAATTrosenauer.org
- extend list of supported architectures as ABI identifier
(mozilla-abi.patch) (bnc#543460)
- prepare (but not use) libproxy implementation
Thu Sep 17 14:00:00 2009 bgmerrellAATTnovell.com
- Recombined the -common and -other translation packages into a
single translation package for SLE.
Fri Sep 11 14:00:00 2009 wrAATTrosenauer.org
- added KDE integration patch from llunakAATTnovell.com
(mozilla-kde.patch)
* support for knotify, making -kde4-addon obsolete
* KDE-specific support functional (bnc#170055)
- filter libsqlite3.so from provides (bnc#538094)
- minor update of mozilla-helper-app.patch
Thu Sep 10 14:00:00 2009 wrAATTrosenauer.org
- security update to version 1.9.1.3 (bnc#534458)
* MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/
CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075
Crashes with evidence of memory corruption
* MFSA 2009-49/CVE-2009-3077 (bmo#506871)
TreeColumns dangling pointer vulnerability
* MFSA 2009-50/CVE-2009-3078 (bmo#453827)
Location bar spoofing via tall line-height Unicode characters
* MFSA 2009-51/CVE-2009-3079 (bmo#454363)
Chrome privilege escalation with FeedWriter
- removed obsolete mozilla-jemalloc_deepbind.patch
Wed Aug 19 14:00:00 2009 wrAATTrosenauer.org
- remove obsolete code for protocol handlers (bmo#389732)
(mozilla-protocol_handler.patch)
Fri Aug 7 14:00:00 2009 wrAATTrosenauer.org
- split -translations package into -common and -other
(bnc#529180)
Sun Aug 2 14:00:00 2009 wrAATTrosenauer.org
- security update to version 1.9.1.2
* MFSA 2009-38/CVE-2009-2470 (bmo#459524)
Data corruption with SOCKS5 reply containing DNS name longer
than 15 characters
* MFSA 2009-44/CVE-2009-2654 (bmo#451898)
Location bar and SSL indicator spoofing via window.open() on
invalid URL
* MFSA 2009-45
Crashes with evidence of memory corruption
* MFSA 2009-46 (bmo#498897)
Chrome privilege escalation due to incorrectly cached wrapper
* various other stability fixes
- removed obsolete mozilla-restart-cmd.patch
(applications now have to export MOZ_APP_LAUNCHER to set the
correct restart command) (bmo#453689)
- allow alternative button order for Gtk filechooser (bnc#527418)
Tue Jul 28 14:00:00 2009 wrAATTrosenauer.org
- fixed %exclude usage
Wed Jul 15 14:00:00 2009 wrAATTrosenauer.org
- security update to version 1.9.1.1
* MFSA 2009-41
Corrupt JIT state after deep return from native function
Wed Jul 8 14:00:00 2009 wrAATTrosenauer.org
- fixed mozilla-sysplugin-biarch.patch to accept 64bit plugins in
/usr/lib64/mozilla/plugins
Thu Jul 2 14:00:00 2009 wrAATTrosenauer.org
- added mozilla-jemalloc_deepbind.patch to fix various possible
crashes (bnc#503151, bmo#493541)
Tue Jun 30 14:00:00 2009 wrAATTrosenauer.org
- update to final 1.9.1.0 (20090623)
Fri Jun 19 14:00:00 2009 wrAATTrosenauer.org
- removed locale.patch and added the pref to build specific ones
- added mozilla-prefer_plugin_pref.patch to introduce a new set of
prefs to support preferring certain plugins for mime-types
Wed Jun 17 14:00:00 2009 wrAATTrosenauer.org
- update to 1.9.1rc2 (20090617)
* added or locale
Wed Jun 10 14:00:00 2009 wrAATTrosenauer.org
- removed outdated mozilla-deprecated-gtk-macros.patch for now
to fix build
Sat Jun 6 14:00:00 2009 wrAATTrosenauer.org
- update to 1.9.1b99 (20090604)
- adapted supported locale list
- added mozilla-sysplugin-biarch.patch to use
/usr/$LIB/mozilla/plugins as system plugin dir (bmo#496708)
- added mozilla-deprecated-gtk-macros.patch to change GTK_macros
to G_TYPE (bmo#461277)
Fri May 8 14:00:00 2009 wrAATTrosenauer.org
- fixing rpath linker flags (part of bnc#501174)
- improved pkgconfig files
- use non-localized Downloads folder (bnc#501724)
Mon Apr 27 14:00:00 2009 wrAATTrosenauer.org
- update to 1.9.1b4
- removed obsolete pango and gcc4.4 patches
- added newly supported locales
Tue Mar 24 13:00:00 2009 wrAATTrosenauer.org
- add patch to compile with gcc 4.4 (bmo#483956)
Tue Mar 17 13:00:00 2009 wrAATTrosenauer.org
- update to 1.9.1b3
- added Pango patch needed for API change (bmo#481193)
- make mozjs consumers using rpath to the correct location
to find the library at runtime (bnc#479505)
- don\'t use system sqlite (missing FTS3 support)
Mon Aug 25 14:00:00 2008 wrAATTrosenauer.org
- initial package