SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for firefox-esr-45.8.0-8.1.x86_64.rpm :

* Fri Mar 06 2020 Antonio Larrosa - Disable gnomeui- Add patches to build in a modern system
* 0001-Dont-include-mozalloc-from-the-cstdlib-wrapper.patch
* 0002-Change-how-mozalloc.h-is-hooked-in-stl-wrappers.patch
* fix-gettid.patch
* fix-tgkill-declaration.patch
* rename-ucontext-to_ucontext_t.patch
* Sun Mar 12 2017 wrAATTrosenauer.org- update to Firefox 45.8.0esr (boo#1028391)
* Mon Jan 23 2017 wrAATTrosenauer.org- update to Firefox 45.7.0esr (boo#1021991)
* Sun Jan 08 2017 wrAATTrosenauer.org- update to Firefox 45.6.0esr (boo#1015422)
* MFSA 2016-95 CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements (bmo#1317409) CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272) CVE-2016-9897: Memory corruption in libGLES (bmo#1301381) CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees (bmo#1314442) CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs (bmo#1319122) CVE-2016-9904: Cross-origin information leak in shared atoms (bmo#1317936) CVE-2016-9905: Crash in EnumerateSubDocuments (bmo#1293985) CVE-2016-9901: Data from Pocket server improperly sanitized before execution (bmo#1320057) CVE-2016-9902: Pocket extension does not validate the origin of events (bmo#1320039) CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6- update to Firefox 45.5.1esr
* MFSA 2016-92 CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066)- update to Firefox 45.5.0esr (boo#1009026)
* MFSA 2016-90 CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443) CVE-2016-5293: Write to arbitrary file with updater and moz maintenance service using updater.log hardlink (Windows only) (bmo#1246945) CVE-2016-5294: Arbitrary target directory for result files of update process (Windows only) (bmo#1246972) CVE-2016-5297: Incorrect argument length checking in Javascript (bmo#1303678) CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418) CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686) CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334) - fixed in mozilla-nss >= 3.26.1 CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
* Wed Oct 26 2016 wrAATTrosenauer.org- add mozilla-binutils-visibility.patch to fix build on 42.2
* Fri Sep 23 2016 wrAATTrosenauer.org- update to Firefox 45.4.0esr (boo#999701)
* MFSA 2016-86 CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList CVE-2016-5274 (bmo#1282076) - use-after-free in nsFrameManager::CaptureFrameState CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame CVE-2016-5280 (bmo#1289970) - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration CVE-2016-5250 (bmo#1254688) - Resource Timing API is storing resources sent by the previous page CVE-2016-5261 (bmo#1287266) - Integer overflow and memory corruption in WebSocketChannel CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
* Wed Jul 13 2016 wrAATTrosenauer.org- renamed package to firefox-esr for ESR 45 cycle
* Sun Jun 12 2016 wrAATTrosenauer.org- update to Firefox 45.2.0esr
* MFSA 2016-49/CVE-2016-2815/CVE-2016-2818 (boo#983638) (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743, bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493, bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752, bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130, bmo#1269729, bmo#1273202, bmo#1273701) Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
* MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381) Buffer overflow parsing HTML5 fragments
* MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460) Use-after-free deleting tables from a contenteditable document
* MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129) Addressbar spoofing though the SELECT element
* MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580) Out-of-bounds write with WebGL shader
* MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810) Use-after-free when textures are used in WebGL operations after recycle pool destruction
* MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933) Entering fullscreen and persistent pointerlock without user permission security fixes in 45.1
* MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807 (boo#977373, boo#977375, boo#977376) Miscellaneous memory safety hazards
* MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381) Buffer overflow in libstagefright with CENC offsets
* MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386) Write to invalid HashMap entry through JavaScript.watch()
* Thu Apr 21 2016 badshah400AATTgmail.com- Update mozilla-gtk3_20.patch to fix scrollbar appearance under gtk >= 3.20 (patch synced to Fedora\'s version).
* Tue Apr 12 2016 badshah400AATTgmail.com- Compile against gtk3 depending on whether the macro %firefox_use_gtk3 is defined or not (e.g., at the prjconf level); macro is undefined by default and so gtk2 is used as the default toolkit.- Add BuildRequires for additional packages needed when building against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0), pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0).- Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20; patch taken from Fedora (bmo#1230955).
  
ICM