Changelog for
MozillaFirefox-translations-common-4.0.1-1.30.i586.rpm :
Fri Apr 15 14:00:00 2011 wrAATTrosenauer.org
- security update to 4.0.1
Wed Mar 30 14:00:00 2011 wrAATTrosenauer.org
- add all available icon sizes
Tue Mar 29 14:00:00 2011 cfarrellAATTnovell.com
- license update: MPLv1.1 or GPLv2+ or LGPLv2+
Sync licenses with Fedora. MPL does not state ^or later^
Fri Mar 18 13:00:00 2011 wrAATTrosenauer.org
- update to version 4.0rc2
- fixed rpm macros delivered with devel package (bnc#679950)
Wed Feb 23 13:00:00 2011 wrAATTrosenauer.org
- update to version 4.0b12
- rebased patches
Fri Feb 4 13:00:00 2011 wrAATTrosenauer.org
- update to version 4.0b11
* loads of bugfixes compared to last beta
* added \"Do Not Track\" option
- rebased patches
- disable testpilot
Fri Jan 28 13:00:00 2011 wrAATTrosenauer.org
- set correct desktop file name within KDE for 11.4 and up
- add devel package with macros for extensions (from lnusselAATTsuse.de)
Sat Jan 22 13:00:00 2011 wrAATTrosenauer.org
- update to version 4.0b10
- removed obsolete firefox-shell-bmo624267.patch
- testpilot moved to distribution/extensions
- updated locale provides and removed bn-IN from locales
Tue Jan 11 13:00:00 2011 wrAATTrosenauer.org
- update to version 4.0b9
- added x-scheme-handler for http and https to desktop file for
newer Gnome environments
- fixed default browser check/set for GIO (bmo#611953)
(mozilla-shellservice.patch)
- removed obsolete firefox-appname.patch (integrated into
shellservice patch)
- renamed desktop file to firefox.desktop for 11.4 and newer
(bnc#664211)
- removed support for 10.3 and older from the spec file
- removed obsolete \"Ximian\" categories from desktop file
Mon Jan 3 13:00:00 2011 meissnerAATTsuse.de
- Mirror ac_add_options --disable-ipc from xulrunner for PowerPC.
Wed Dec 15 13:00:00 2010 wrAATTrosenauer.org
- update to version 4.0beta8
Tue Nov 30 13:00:00 2010 wrAATTrosenauer.org
- major update to version 4.0beta7
* based on mozilla-xulrunner20
* far too many internal changes to list
Wed Oct 27 14:00:00 2010 wrAATTrosenauer.org
- security update to 3.6.12 (bnc#649492)
* MFSA 2010-73/CVE-2010-3765 (bmo#607222)
Heap buffer overflow mixing document.write and DOM insertion
Wed Oct 6 14:00:00 2010 wrAATTrosenauer.org
- security update to 3.6.11 (bnc#645315)
* MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
Miscellaneous memory safety hazards
* MFSA 2010-65/CVE-2010-3179 (bmo#583077)
Buffer overflow and memory corruption using document.write
* MFSA 2010-66/CVE-2010-3180 (bmo#588929)
Use-after-free error in nsBarProp
* MFSA 2010-67/CVE-2010-3183 (bmo#598669)
Dangling pointer vulnerability in LookupGetterOrSetter
* MFSA 2010-68/CVE-2010-3177 (bmo#556734)
XSS in gopher parser when parsing hrefs
* MFSA 2010-69/CVE-2010-3178 (bmo#576616)
Cross-site information disclosure via modal calls
* MFSA 2010-70/CVE-2010-3170 (bmo#578697)
SSL wildcard certificate matching IP addresses
* MFSA 2010-71/CVE-2010-3182 (bmo#590753)
Unsafe library loading vulnerabilities
* MFSA 2010-72/CVE-2010-3173
Insecure Diffie-Hellman key exchange
Wed Sep 15 14:00:00 2010 wrAATTrosenauer.org
- update to 3.6.10
* fixing startup topcrash (bmo#594699)
Thu Aug 26 14:00:00 2010 wrAATTrosenauer.org
- security update to 3.6.9 (bnc#637303)
* MFSA 2010-49/CVE-2010-3169
Miscellaneous memory safety hazards
* MFSA 2010-50/CVE-2010-2765 (bmo#576447)
Frameset integer overflow vulnerability
* MFSA 2010-51/CVE-2010-2767 (bmo#584512)
Dangling pointer vulnerability using DOM plugin array
* MFSA 2010-53/CVE-2010-3166 (bmo#579655)
Heap buffer overflow in nsTextFrameUtils::TransformText
* MFSA 2010-54/CVE-2010-2760 (bmo#585815)
Dangling pointer vulnerability in nsTreeSelection
* MFSA 2010-55/CVE-2010-3168 (bmo#576075)
XUL tree removal crash and remote code execution
* MFSA 2010-56/CVE-2010-3167 (bmo#576070)
Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-57/CVE-2010-2766 (bmo#580445)
Crash and remote code execution in normalizeDocument
* MFSA 2010-59/CVE-2010-2762 (bmo#584180)
SJOW creates scope chains ending in outer object
* MFSA 2010-61/CVE-2010-2768 (bmo#579744)
UTF-7 XSS by overriding document charset using
type attribute * MFSA 2010-62/CVE-2010-2769 (bmo#520189) Copy-and-paste or drag-and-drop into designMode document allows XSS * MFSA 2010-63/CVE-2010-2764 (bmo#552090) Information leak via XMLHttpRequest statusText Wed Jul 28 14:00:00 2010 meissnerAATTsuse.de - disable crash reporter for non x86/x86_64 to make it build. Sat Jul 24 14:00:00 2010 wrAATTrosenauer.org - security update to 3.6.8 (bnc#622506) * MFSA 2010-48/CVE-2010-2755 (bmo#575836) Dangling pointer crash regression from plugin parameter array fix Fri Jul 16 14:00:00 2010 wrAATTrosenauer.org - security update to 3.6.7 (bnc#622506) * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212 Miscellaneous memory safety hazards * MFSA 2010-35/CVE-2010-1208 (bmo#572986) DOM attribute cloning remote code execution vulnerability * MFSA 2010-36/CVE-2010-1209 (bmo#552110) Use-after-free error in NodeIterator * MFSA 2010-37/CVE-2010-1214 (bmo#572985) Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability * MFSA 2010-38/CVE-2010-1215 (bmo#567069) Arbitrary code execution using SJOW and fast native function * MFSA 2010-39/CVE-2010-2752 (bmo#574059) nsCSSValue::Array index integer overflow * MFSA 2010-40/CVE-2010-2753 (bmo#571106) nsTreeSelection dangling pointer remote code execution vulnerability * MFSA 2010-41/CVE-2010-1205 (bmo#570451) Remote code execution using malformed PNG image * MFSA 2010-42/CVE-2010-1213 (bmo#568148) Cross-origin data disclosure via Web Workers and importScripts * MFSA 2010-43/CVE-2010-1207 (bmo#571287) Same-origin bypass using canvas context * MFSA 2010-44/CVE-2010-1210 (bmo#564679) Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957) Multiple location bar spoofing vulnerabilities * MFSA 2010-46/CVE-2010-0654 (bmo#524223) Cross-domain data theft using CSS * MFSA 2010-47/CVE-2010-2754 (bmo#568564) Cross-origin data leakage from script filename in error messages Sun Jun 27 14:00:00 2010 wrAATTrosenauer.org - update to 3.6.6 release * modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated. Wed Jun 23 14:00:00 2010 wrAATTrosenauer.org - update to final 3.6.4 release (bnc#603356) * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/ CVE-2010-1203 Crashes with evidence of memory corruption (rv:1.9.2.4) * MFSA 2010-28/CVE-2010-1198 (bmo#532246) Freed object reuse across plugin instances * MFSA 2010-29/CVE-2010-1196 (bmo#534666) Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal * MFSA 2010-30/CVE-2010-1199 (bmo#554255) Integer Overflow in XSLT Node Sorting * MFSA 2010-31/CVE-2010-1125 (bmo#552255) focus() behavior can be used to inject or steal keystrokes * MFSA 2010-32/CVE-2010-1197 (bmo#537120) Content-Disposition: attachment ignored if Content-Type: multipart also present * MFSA 2010-33/CVE-2008-5913 (bmo#475585) User tracking across sites using Math.random() Mon Jun 7 14:00:00 2010 wrAATTrosenauer.org - update to 3.6.4(build6) Sun Apr 18 14:00:00 2010 wrAATTrosenauer.org - security update to 3.6.4 (Lorentz) * enable crashreporter also for x86-64 * Flash runs in a separate process to avoid crashing Firefox (ix86 only; x86-64 still uses nspluginwrapper) Thu Apr 1 14:00:00 2010 wrAATTrosenauer.org - security update to 3.6.3 * MFSA 2010-25/CVE-2010-1121 (bmo#555109) Re-use of freed object due to scope confusion Thu Mar 18 13:00:00 2010 wrAATTrosenauer.org - security update to version 3.6.2 (bnc#586567) * MFSA 2010-08/CVE-2010-1028 WOFF heap corruption due to integer overflow * MFSA 2010-09/CVE-2010-0164 (bmo#547143) Deleted frame reuse in multipart/x-mixed-replace image * MFSA 2010-10/CVE-2010-0170 (bmo#541530) XSS via plugins and unprotected Location object * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167 Crashes with evidence of memory corruption * MFSA 2010-12/CVE-2010-0171 (bmo#531364) XSS using addEventListener and setTimeout on a wrapped object * MFSA 2010-13/CVE-2010-0168 (bmo#540642) Content policy bypass with image preloading * MFSA 2010-14/CVE-2010-0169 (bmo#535806) Browser chrome defacement via cached XUL stylesheets * MFSA 2010-15/CVE-2010-0172 (bmo#537862) Asynchronous Auth Prompt attaches to wrong window * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174 Crashes with evidence of memory corruption * MFSA 2010-18/CVE-2010-0176 (bmo#538308) Dangling pointer vulnerability in nsTreeContentView * MFSA 2010-19/CVE-2010-0177 (bmo#538310) Dangling pointer vulnerability in nsPluginArray * MFSA 2010-20/CVE-2010-0178 (bmo#546909) Chrome privilege escalation via forced URL drag and drop * MFSA 2010-22/CVE-2009-3555 (bmo#545755) Update NSS to support TLS renegotiation indication * MFSA 2010-23/CVE-2010-0181 (bmo#452093) Image src redirect to mailto: URL opens email editor * MFSA 2010-24/CVE-2010-0182 (bmo#490790) XMLDocument::load() doesn\'t check nsIContentPolicy Mon Jan 18 13:00:00 2010 wrAATTrosenauer.org - update to 3.6rc2 (already named 3.6.0) - removed obsolete orbit-devel build requirement Wed Jan 6 13:00:00 2010 wrAATTrosenauer.org - major update to 3.6rc1 Fri Dec 25 13:00:00 2009 wrAATTrosenauer.org - update to version 3.5.7 (bnc#568011) * DNS resolution in MakeSN of nsAuthSSPI causing issues for proxy servers that support NTLM auth (bmo#535193) - added missing lockdown preferences (bnc#567131) Thu Dec 17 13:00:00 2009 wrAATTrosenauer.org - readded firefox-ui-lockdown.patch (bnc#546158) Thu Dec 3 13:00:00 2009 wrAATTrosenauer.org - security update to version 3.5.6 (bnc#559807) * MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982 Crashes with evidence of memory corruption (rv:1.9.1.6) * MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library * MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library * MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability * MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities * MFSA 2009-70/VE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener - fixed firefox-browser-css.patch (bnc#561027) Mon Nov 23 13:00:00 2009 wrAATTrosenauer.org - rebased patches for fuzz=0 Thu Nov 5 13:00:00 2009 wrAATTrosenauer.org - update to version 3.5.5 (bnc#553172) Sat Oct 17 14:00:00 2009 wrAATTrosenauer.org - security update to version 3.5.4 (bnc#545277) * MFSA 2009-52/CVE-2009-3370 (bmo#511615) Form history vulnerable to stealing * MFSA 2009-53/CVE-2009-3274 (bmo#514823) Local downloaded file tampering * MFSA 2009-54/CVE-2009-3371 (bmo#514554) Crash with recursive web-worker calls * MFSA 2009-55/CVE-2009-3372 (bmo#500644) Crash in proxy auto-configuration regexp parsing * MFSA 2009-56/CVE-2009-3373 (bmo#511689) Heap buffer overflow in GIF color map parser * MFSA 2009-57/CVE-2009-3374 (bmo#505988) Chrome privilege escalation in XPCVariant::VariantDataToJS() * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862) Heap buffer overflow in string to number conversion * MFSA 2009-61/CVE-2009-3375 (bmo#503226) Cross-origin data theft through document.getSelection() * MFSA 2009-62/CVE-2009-3376 (bmo#511521) Download filename spoofing with RTL override * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378 Upgrade media libraries to fix memory safety bugs * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383 Crashes with evidence of memory corruption - removed upstreamed patch * firefox-bug506901.patch Wed Oct 7 14:00:00 2009 llunakAATTnovell.com - fix KDE button order in one more place (bnc#170055) Fri Oct 2 14:00:00 2009 wrAATTrosenauer.org - improve UI colors to be usable with dark themes at all (firefox-browser-css.patch) (bnc#503351) - extend list of supported architectures as ABI identifier (mozilla-abi.patch) (bnc#543460) Sun Sep 13 14:00:00 2009 wrAATTrosenauer.org - added KDE integration patch from llunakAATTnovell.com (firefox-kde.patch) * support for knotify, making -kde4-addon obsolete * KDE-specific support functional (bnc#170055) - do not build libnkgnomevfs (bmo#512671) (firefox-no-gnomevfs) Thu Sep 10 14:00:00 2009 wrAATTrosenauer.org - security update to version 3.5.3 (bnc#534458) * MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/ CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075 Crashes with evidence of memory corruption * MFSA 2009-49/CVE-2009-3077 (bmo#506871) TreeColumns dangling pointer vulnerability * MFSA 2009-50/CVE-2009-3078 (bmo#453827) Location bar spoofing via tall line-height Unicode characters * MFSA 2009-51/CVE-2009-3079 (bmo#454363) Chrome privilege escalation with FeedWriter Wed Aug 19 14:00:00 2009 wrAATTrosenauer.org - renamed patch firefox-contextmenu-gnome to firefox-cross-desktop as it contains more tweaks to handle non-Gnome environments and especially KDE integration: * added the ability to set the KDE default browser (still part of bnc#170055) Fri Aug 7 14:00:00 2009 wrAATTrosenauer.org - split -translations package into -common and -other (bnc#529180) - remove \"set as background\" from context menu if not running in Gnome (part of bnc#170055) Fri Jul 31 14:00:00 2009 wrAATTrosenauer.org - security update to version 3.5.2 * MFSA 2009-38/CVE-2009-2470 (bmo#459524) Data corruption with SOCKS5 reply containing DNS name longer than 15 characters * MFSA 2009-44/CVE-2009-2654 (bmo#451898) Location bar and SSL indicator spoofing via window.open() on invalid URL * MFSA 2009-45 Crashes with evidence of memory corruption * MFSA 2009-46 (bmo#498897) Chrome privilege escalation due to incorrectly cached wrapper * various other stability fixes - export MOZ_APP_LAUNCHER in the startscript (bmo#453689) Tue Jul 28 14:00:00 2009 wrAATTrosenauer.org - fixed %exclude usage - fixed preferences\' advanced pane for fresh profiles (bmo#506901) Wed Jul 15 14:00:00 2009 wrAATTrosenauer.org - security update to version 3.5.1 * MFSA 2009-41 Corrupt JIT state after deep return from native function Mon Jul 6 14:00:00 2009 wrAATTrosenauer.org - added mozilla-linkorder.patch to fix build with --as-needed Tue Jun 30 14:00:00 2009 wrAATTrosenauer.org - update to final version 3.5 (20090623) Tue Jun 23 14:00:00 2009 wrAATTrosenauer.org - fixed build by linking to a real file Thu Jun 18 14:00:00 2009 wrAATTrosenauer.org - update to version 3.5rc2 (20090617) - BuildRequire mozilla-xulrunner191 = 1.9.1.0 Sat Jun 6 14:00:00 2009 wrAATTrosenauer.org - update to version 3.5b99 (20090604) - BuildRequire mozilla-xulrunner191 = 1.9.1b99 Wed May 27 14:00:00 2009 wrAATTrosenauer.org - fixed typos in improved xulrunner dependencies Mon May 11 14:00:00 2009 wrAATTrosenauer.org - use non-localized Downloads folder (bnc#501724) Mon May 4 14:00:00 2009 wrAATTrosenauer.org - update to new major version 3.5b4 * based on Gecko 1.9.1 (mozilla-xulrunner191) * Private Browsing Mode * TraceMonkey JavaScript engine * Geolocation support * native JSON and web worker threads support * speculative parsing for faster content rendering * Some HTML5 support - updated firefox.schemas - improved firefox-no-update.patch Tue Apr 28 14:00:00 2009 wrAATTrosenauer.org - security update to 3.0.10 * MFSA 2009-23/CVE-2009-1313 (bmo#489647) Crash in nsTextFrame::ClearTextRun() Thu Apr 16 14:00:00 2009 wrAATTrosenauer.org - security update to 3.0.9 (bnc#495473) * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) * MFSA 2009-15/CVE-2009-0652 (bmo#479336) URL spoofing with box drawing character * MFSA 2009-16/CVE-2009-1306 (bmo#474536) jar: scheme ignores the content-disposition: header on the inner URI * MFSA 2009-17/CVE-2009-1307 (bmo#481342) Same-origin violations when Adobe Flash loaded via view-source: scheme * MFSA 2009-18/CVE-2009-1308 (bmo#481558) XSS hazard using third-party stylesheets and XBL bindings * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433) Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString * MFSA 2009-20/CVE-2009-1310 (bmo#483086) Malicious search plugins can inject code into arbitrary sites * MFSA 2009-21/CVE-2009-1311 (bmo#471962) POST data sent to wrong site when saving web page with embedded frame * MFSA 2009-22/CVE-2009-1312 (bmo#475636) Firefox allows Refresh header to redirect to javascript: URIs Fri Mar 27 13:00:00 2009 wrAATTrosenauer.org - security update to 1.9.0.8 (bnc#488955,489411) * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation * MFSA 2009-13/CVE-2009-1044 (bmo#484320) Arbitrary code execution via XUL tree moveToEdgeShift - allow RPM provides for stuff besides shared libraries (e.g. mime-types) Sun Mar 1 13:00:00 2009 wrAATTrosenauer.org - security update to 3.0.7 (bnc#478625) * MFSA 2009-07 - Crashes with evidence of memory corruption CVE-2009-0771 - Layout Engine Crashes CVE-2009-0772 - Layout Engine Crashes CVE-2009-0773 - crashes in the JavaScript engine CVE-2009-0774 - Layout Engine Crashes * MFSA 2009-08/CVE-2009-0775 - (bmo#474456) Mozilla Firefox XUL Linked Clones Double Free Vulnerability * MFSA 2009-09/CVE-2009-0776 (bmo#414540) XML data theft via RDFXMLDataSource and cross-domain redirect * MFSA 2009-10/CVE-2009-0040 (bmo#478901) Upgrade PNG library to fix memory safety hazards * MFSA 2009-11/CVE-2009-0777 (bmo#452979) URL spoofing with invisible control characters Wed Feb 4 13:00:00 2009 hfiguiereAATTsuse.de - Review and approve changes. Wed Jan 28 13:00:00 2009 wrAATTrosenauer.org - security update to 3.0.6 (bnc#470074) * MFSA 2009-06/CVE-2009-0358: Directives to not cache pages ignored (bmo#441751) * MFSA 2009-05/CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies (bmo#380418) * MFSA 2009-04/CVE-2009-0356: Chrome privilege escalation via local .desktop files (bmo#460425) * MFSA 2009-03/CVE-2009-0355: Local file stealing with SessionStore (bmo#466937) * MFSA 2009-02/CVE-2009-0354: XSS using a chrome XBL method and window.eval (bmo#468581) * MFSA 2009-01/CVE-2009-0352 - CVE-2009-0353: Crashes with evidence of memory corruption (rv:1.9.0.6) (bmo#452913, bmo#449006, bmo#331088, bmo#401042, bmo#416461, bmo#422283, bmo#422301, bmo#431705, bmo#437142, bmo#421839, bmo#420697, bmo#461027) * (non security) added lv locale Thu Jan 22 13:00:00 2009 hfiguiereAATTsuse.de - Fix the wrapper script for PowerPC 64-bits (bnc#464753) Wed Dec 17 13:00:00 2008 hfiguiereAATTsuse.de - Review and approve changes. Mon Dec 15 13:00:00 2008 wrAATTrosenauer.org - security update to 1.9.0.5 (bnc#455804) for details http://www.mozilla.org/security/known-vulnerabilities/firefox30.html * removed aboutRights workaround again * added et locale Tue Nov 25 13:00:00 2008 hfiguiereAATTsuse.de - Review and approve changes. Sat Nov 22 13:00:00 2008 wrAATTrosenauer.org - replace license agreement with about:rights toolbar (backported from upcoming FF 3.0.5) (bnc#436054, bmo#456439) (it\'s always displayed in en-US) Fri Nov 21 13:00:00 2008 hfiguiereAATTsuse.de - Update firefox-lockdown-ui.patch * Print Setup is now properly locked down. bnc#431028 * Bookmark editing it now properly locked down. bnc#439335 * Bookmars are properly hidden. * History is properly locked down. bnc#439343 * Make sure the search bar is not put back when resetting the toolbar. bnc#439358 Fri Nov 21 13:00:00 2008 mawAATTsuse.de - Review and approve changes. Thu Nov 13 13:00:00 2008 wrAATTrosenauer.org - lockdown cleanup * removed gecko-lockdown.patch from Firefox (it\'s in xulrunner) * stripped out some toolkit stuff from firefox-ui-lockdown * added extra default preferences for lockdown Wed Nov 12 13:00:00 2008 mawAATTsuse.de - Review and approve changes. Tue Nov 11 13:00:00 2008 wrAATTrosenauer.org - update to security/maintenance release 3.0.4 (bnc#439841) * support additional locales (bg, cy, eo, oc) - removed obsolete configure option (enable-gconf) Fri Nov 7 13:00:00 2008 mawAATTsuse.de - Review and approve changes. Tue Nov 4 13:00:00 2008 wrAATTrosenauer.org - moved gconf schema into branding packages (bnc#441646) Tue Oct 28 13:00:00 2008 hfiguiereAATTsuse.de - Fix missing %endif (for fix for bnc#434283) Mon Oct 27 13:00:00 2008 hfiguiereAATTsuse.de - Add disable_show_passwords to firefox.schemas. (FATE #301534) Mon Oct 27 13:00:00 2008 wrAATTrosenauer.org - make biarch dependencies work correctly (bnc#434283) Thu Oct 23 14:00:00 2008 hfiguiereAATTsuse.de - Added firefox-ui-lockdown.patch and gecko-lockdown.patch * Lockdown: FATE#302023, FATE#302024 Mon Oct 6 14:00:00 2008 sbrabecAATTsuse.cz - Conflict with other branding providers (FATE#304881). Mon Sep 29 14:00:00 2008 mawAATTsuse.de - Review and approve changes. Mon Sep 29 14:00:00 2008 mawAATTsuse.de - Remove a reference to a stale patch. Sun Sep 28 14:00:00 2008 wrAATTrosenauer.org - update to regression fix release 3.0.3 * Fixed a problem where users were unable to retrieve saved passwords or save new passwords (bmo#454708, bnc#429179#c20, CVE-2008-4063, CVE-2008-4064, CVE-2008-3836, andCVE-2008-4070) Thu Sep 25 14:00:00 2008 mawAATTsuse.de - Review and approve changes. Mon Sep 15 14:00:00 2008 wrAATTrosenauer.org - update to security/maintenance release 3.0.2 (bnc#429179) - removed unused files from sources - fix more rpmlint complaints and provide a config file to filter false positives - disable Gnome crashreporter as it has no value - brought man-page up to date for the firefox stub (removing firefox-bin reference) - en-US locale not longer packaged in translations subpackage Fri Aug 15 14:00:00 2008 mawAATTnovell.com - Review and approve changes. Mon Aug 4 14:00:00 2008 wrAATTrosenauer.org - Tweak branding split Tue Jul 29 14:00:00 2008 vuntzAATTnovell.com - Create branding package (bnc#390752): + search-addons.tar.bz2, bookmarks.html.suse and firefox-suse-default-prefs.js will be moved to MozillaFirefox-branding-openSUSE + create a MozillaFirefox-branding-upstream package Mon Jul 28 14:00:00 2008 mauroAATTsuse.de - Update to stability/security release 3.0.1 (bnc#407573) (thanks, Wolfgang) + MFSA 2008-36 Crash with malformed GIF file on Mac OS X + MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running + MFSA 2008-34 Remote code execution by overflowing CSS reference counter - Set browser.shell.checkDefaultBrowser to true (bnc#404119) Tue Jun 17 14:00:00 2008 mawAATTsuse.de - Merge changes from the build service (thanks, Wolfgang) (bnc#400001 and SWAMP#18164). Tue Jun 17 14:00:00 2008 wrAATTrosenauer.org - update to version 3.0 - fixed double entry in bookmarks for www.opensuse.org (bnc#396980 Thu May 15 14:00:00 2008 ajAATTsuse.de - Add Planet SUSE, forums.o.o and How to participate to default URLs. Fri May 2 14:00:00 2008 mawAATTsuse.de - network.protocol-handler.app. * prefs are no longer supported; remove references to them from firefox-suse-default-prefs.js (bnc#383697). Wed Apr 2 14:00:00 2008 mawAATTsuse.de - Update to Firefox 3.0b5 (2.9.95) (thanks, Wolfgang). Wed Mar 26 13:00:00 2008 mawAATTsuse.de - Merge changes from the build service (thanks, Wolfgang) - Update to the fourth Firefox 3.0 Beta (2.9.94): + Based upon the Gecko 1.9 Web rendering platform, which improves performance, stability, and rendering correctness; it also boasts a considerable simplification in its code + Security improvements: * One-click site info * Malware Protection * New Web Forgery Protection page * New SSL error pages * Add-ons and Plugin version check * Secure add-on updates * Effective top-level domain (eTLD) service to better restrict cookies and other restricted content to a single domain * Better protection against cross-site JSON data leaks + Usability improvements: * Easier password management * Simplified add-on installation * New Download Manager * Resumable downloading * Full page zoom * Podcasts and Videocasts can be associated with your media playback tools * Tab scrolling and quickmenu * Save what you were doing: Firefox will prompt users to save tabs on exit * Optimized Open in Tabs behavior * Location and Search bar size can now be customized with a simple resizer item * Text selection improvements * Find toolbar * Improved integration with Linux: Firefox\'s default icons, buttons, and menu styles now use the native GTK theme + Personalization improvements: * Star button: quickly add bookmarks from the location bar with a single click; a second click lets you file and tag them * Tags: associate keywords with your bookmarks to sort them by topic * Location bar & auto-complete * Smart Bookmarks Folder * Places Organizer: view, organize and search through all of your bookmarks, tags, and browsing history with multiple views and smart folders to store your frequent searches * Web-based protocol handlers * Download & Install Add-ons * Easy to use Download Actions + Improved platform for web developers: * New graphics and font handling: new graphics and text rendering architectures in Gecko 1.9 provides rendering improvements in CSS, SVG as well as improved display of fonts with ligatures and complex scripts * Color management: (set gfx.color_management.enabled on in about:config and restart the browser to enable.); Firefox can now adjust images with embedded color profiles * Offline support: enables web applications to provide offline functionality (website authors must add support for offline browsing to their site for this feature to be available to users) + Improved performance: * Speed: improvements to the JavaScript engine as well as profile guided optimizations have resulted in significant improvements in performance; compared to Firefox 2, web applications like Google Mail and Zoho Office run twice as fast in Firefox 3 Beta 4, and the popular SunSpider test from Apple shows improvements over previous releases * Memory usage: Several new technologies work together to reduce the amount of memory used by Firefox 3 Beta 4 over a web browsing session; memory cycles are broken and collected by an automated cycle collector, a new memory allocator reduces fragmentation, hundreds of leaks have been fixed, and caching strategies have been tuned * Reliability: A user\'s bookmarks, history, cookies, and preferences are now stored in a transactionally secure database format which will prevent data loss even if their system crashes - This version depends upon the mozilla-xulrunner190 package - Drop various stale packages, respin several that have been kept around, and add a few new ones. Mon Feb 11 13:00:00 2008 mawAATTsuse.de - Security update to version 2.0.0.12 (bnc#354469): + MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div overlay + MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect + MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain text files + MFSA 2008-08/CVE-2008-0591 File action dialog tampering + MFSA 2008-06/CVE-2008-0419 Web browsing history and forward navigation stealing + MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome: URI + MFSA 2008-04/CVE-2008-0417 Stored password corruption + MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote Code Execution + MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing vulnerabilities + MFSA 2008-01/CVE-2008-0412 Crashes with evidence of memory corruption (rv:1.8.1.12) - Reference libaoss.so in start script (bnc#117079) - Remove mozilla-canvas-1.8.1.10.patch, as it has been upstreamed - Update firefox-ui-lockdown.patch (FATE#301534, FATE#302023, and FATE#302024) - Add application/x-xpinstall mime type to MozillaFirefox.desktop - Add MozillaFirefox.xml to bind .xpi to application/x-xpinstall in desktop. Thu Jan 17 13:00:00 2008 mawAATTsuse.de - Add mozilla-maxpathlen.patch (#354150 and bmo #412610). Fri Dec 21 13:00:00 2007 mawAATTsuse.de - Add firefox-348446-empty-lists.patch (bnc#348446). Wed Dec 5 13:00:00 2007 mawAATTsuse.de - Respin proxy-dev.patch (bnc#340678) -- thanks, Anders! Tue Nov 27 13:00:00 2007 mawAATTsuse.de - Security update to version 2.0.0.10 (#341905, #341591): + MFSA 2007-39 Referer-spoofing via window.location race condition + MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10) + MFSA 2007-37 jar: URI scheme XSS hazard + Fixes for regressions introduced in 2.0.0.8 + Updated dbus.patch, startup.patch, misc.dif, and configure.patch - Add mozilla-gcc4.3-fixes.patch - Add mozilla-canvas-1.8.1.10.patch (#341591#c10). Mon Nov 26 13:00:00 2007 mawAATTsuse.de - Build with -ftree-vrp -fwrapv, per advice in #342603#c17. Tue Nov 13 13:00:00 2007 mawAATTsuse.de - Add firefox-gcc4.3-fixes.patch. Fri Oct 19 14:00:00 2007 mawAATTsuse.de - Security update to version 2.0.0.8 (#332512) (thanks, Wolfgang) * MFSA 2007-29 Crashes with evidence of memory corruption * MFSA 2007-30 onUnload Tailgating * MFSA 2007-31 Digest authentication request splitting * MFSA 2007-32 File input focus stealing vulnerability * MFSA 2007-33 XUL pages can hide the window titlebar * MFSA 2007-34 Possible file stealing through sftp protocol * MFSA 2007-35 XPCNativeWraper pollution using Script object complete advisories on http://www.mozilla.org/projects/security/known-vulnerabilities.html Sun Sep 23 14:00:00 2007 mawAATTsuse.de - Don\'t explicitly require libaoss.so (#326751). Fri Sep 14 14:00:00 2007 mawAATTsuse.de - Update the Novell Support search plugin in search-addons.tar.bz2 (#297261) - Set the browser.tabs.loadFolderAndReplace preference to false by default (#230759). Wed Sep 12 14:00:00 2007 dmuellerAATTsuse.de - fix hardlinks accross partitions Thu Sep 6 14:00:00 2007 mawAATTsuse.de - Add http://software.opensuse.org/search?baseproject=openSUSE:10.3 to the default bookmarks (#308223). Mon Sep 3 14:00:00 2007 roAATTsuse.de - move last change a bit further in specfile Fri Aug 31 14:00:00 2007 mawAATTsuse.de - Mark a .png file as nonexecutable. Tue Aug 28 14:00:00 2007 mawAATTsuse.de - Minor .spec update (#305193) + Remove two obsolete patches + Correct releasedate + Include only the officially supported locales. Wed Aug 22 14:00:00 2007 mawAATTsuse.de - Merge changes from the build service (thanks, Wolfgang): + Provide locale dependency information (#302288) + Add x11-session.patch, supporting X11 session management (#227047) + Update to version 2.0.0.6 * MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows * MFSA 2007-27 Unescaped URIs passed to external programs (only relevant on Windows) - Use %fdupes. Tue Aug 21 14:00:00 2007 ajAATTsuse.de - Adjust bookmarks: Add news.opensuse.org, use new software.o.o page. Thu Aug 16 14:00:00 2007 mauroAATTsuse.de - Revert previous change. Tue Aug 14 14:00:00 2007 mauroAATTsuse.de - Added support for ymp in the mimetypes.rdf - Added OneClickInstallUrlHandler for handing the actual call from firefox. - Fixes bnc #295677 Mon Jul 23 14:00:00 2007 mawAATTsuse.de - Security update to version 2.0.0.5 (#288115) which has fixes for: MFSA 2007-18 CVE-2007-3734 - Browser flaws CVE-2007-3735 - Javascript flaws MFSA 2007-19 CVE-2007-3736 MFSA 2007-20 CVE-2007-3089 MFSA 2007-21 CVE-2007-3737 MFSA 2007-22 CVE-2007-3285 MFSA 2007-23 CVE-2007-3670 MFSA 2007-24 CVE-2007-3656 MFSA 2007-25 CVE-2007-3738 Thu Jun 21 14:00:00 2007 adrianAATTsuse.de - fix changelog entry order Mon Jun 18 14:00:00 2007 mawAATTsuse.de - Use mozilla.sh.in from the build service (#230681). Tue Jun 5 14:00:00 2007 sbrabecAATTsuse.cz - Removed invalid desktop category \"Application\" (#254654). Tue Jun 5 14:00:00 2007 mawAATTsuse.de - Security update to version 2.0.0.4 - Refresh configure.patch, startup.patch, and visibility.patch - Now use l10n-%{version}.tar.bz2 instead of l10n.tar.bz2. Mon Apr 30 14:00:00 2007 roAATTsuse.de - added unzip to BuildRequires Wed Apr 18 14:00:00 2007 mfabianAATTsuse.de - add Japanese to the languages which get PANGO enabled in the start script to support the Japanese combining characters U+3099 U+309A (see bugzilla #262718 comment #29). Mon Mar 12 13:00:00 2007 mawAATTsuse.de - Package gconf stuff. Wed Feb 21 13:00:00 2007 mawAATTsuse.de - Security update to 2.0.0.2 (#244923), which covers: + mfsa2007-01 * CVE-2007-0775 - layout engine crashes * CVE-2007-0776 - SVG * CVE-2007-0777 - javascript engine corruption + mfsa2007-02 * CVE-2007-0995 - Invalid trailing characters in HTML tag attributes * CVE-2007-0996 - Child frame character set inheritance * CVE-2006-6077 - Injected password forms + mfsa2007-02 + mfsa2007-03 * CVE-2007-0078 + mfsa2007-04 * CVE-2007-0079 + mfsa2007-05 * CVE-2007-0780 * CVE-2007-0800 + mfsa2007-06 * CVE-2007-0008 - client flaw * CVE-2007-0009 - server flaw + mfsa2007-07 * CVE-2007-0981 - Updates mozilla.sh.in (#230681) - Fixes #232209 - Updates the man page (#243037) - Properly propagates exit codes (#241492) - Adds em-356370.patch (#217374) Thu Jan 25 13:00:00 2007 mawAATTsuse.de - Fixup the Gnome paths, keeping in closer sync with the buildservice. Thu Jan 18 13:00:00 2007 mawAATTsuse.de - Gnome is now in /usr, so remove references to /opt/gnome - Install firefox.png with the executable bit not set. Wed Jan 10 13:00:00 2007 meissnerAATTsuse.de - readd MozillaFirebird provides (was incorrect in removing it). Mon Jan 8 13:00:00 2007 meissnerAATTsuse.de - Do not provide MozillaFirebird, just obsolete it. Fri Dec 1 13:00:00 2006 mawAATTsuse.de - Update gecko-lockdown.patch (#220616). Thu Nov 30 13:00:00 2006 mawAATTsuse.de - Update firefox-suse-default-prefs.js, adding \'pref(\"browser.backspace_action\", 2);\' (#217374) Thu Nov 30 13:00:00 2006 ajAATTsuse.de - Fix last change (#224431). Wed Nov 29 13:00:00 2006 ajAATTsuse.de - Change download bookmark (#224431). - Rename bookmark folder to openSUSE. Tue Nov 28 13:00:00 2006 ajAATTsuse.de - Sync from Buildservice with following critical fixes (thanks Wolfgang Rosenauer!): * fixed system-proxies.patch to actually work (#223881). * Rearrange Bookmarks to pass trademark review. Mon Nov 27 13:00:00 2006 ajAATTsuse.de - Fix tango theme (#223796). Mon Nov 27 13:00:00 2006 ajAATTsuse.de - Use www.opensuse.org as home page. Sun Nov 12 13:00:00 2006 ajAATTsuse.de - Set novell.com as home page. - Update from BuildService (thanks Wolfgang!): - fixed crash in htmlparser (#217257, bmo #358797) - added gconf2 as PreReq (#212505) - added 32bit libaoss.so as requirement (#216266) - Removed SUSE searchplugin (Portal not available anymore) (#216054) - Removed obsolete xul-picker.patch and system-nspr.patch - Fixed building on 10.1 and 10.0 (dbus) - Removed obsolete throbber preference Thu Nov 9 13:00:00 2006 jhargadonAATTsuse.de - updated tango theme Sun Oct 29 13:00:00 2006 ajAATTsuse.de - Another fix for 214125, patch by Wolfgang Rosenauer. Thu Oct 26 14:00:00 2006 ajAATTsuse.de - Fix gcc warnings about undefined operations, patch by Robert O\'Callahan. - Update system-proxies.patch to fix error box (214125), patch by Robert O\'Callahan. Mon Oct 23 14:00:00 2006 ajAATTsuse.de - Update to current CVS version of 2.0. - Use www.opensuse.org as default home page for now (#203547). Sat Oct 21 14:00:00 2006 ajAATTsuse.de - Disable non-working plasticfox and tango themes. Fri Oct 20 14:00:00 2006 ajAATTsuse.de - Fix building of locales. Fri Oct 20 14:00:00 2006 mkoenigAATTsuse.de - update to version 2.0rc3: * New features: Visual Refresh, Built-in phishing protection, Enhanced search capabilities, Improved tabbed browsing, Resuming your browsing session, Previewing and subscribing to Web feeds, Inline spell checking, Live Titles, Improved Add-ons manager, JavaScript 1.7, Extended search plugin format, Updates to the extension system, Client-side session and persistent storage, SVG text Tue Oct 17 14:00:00 2006 meissnerAATTsuse.de - disabled debugging. Tue Sep 12 14:00:00 2006 starkAATTsuse.de - security update to version 1.5.0.7 Mon Aug 21 14:00:00 2006 starkAATTsuse.de - added greasemonkey helper change (#199920) - fixed packager.mk for new make version Fri Aug 11 14:00:00 2006 starkAATTsuse.de - fixed crash in dbus component (patch by thoenig #197928) - use external adresses for PAC configuration (#196506) Mon Aug 7 14:00:00 2006 starkAATTsuse.de - added symlink for Firefox 1.0.x compatibility Sat Jul 29 14:00:00 2006 starkAATTsuse.de - update to regression release 1.5.0.6 (#195043) Thu Jul 27 14:00:00 2006 starkAATTsuse.de - security update to version 1.5.0.5 (#195043) * observer-lock.patch integrated now - fixed leak in JS\' liveconnect (#186066) - fixed desktop file for old distributions (StartupNotify=false)