Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1
mozilla-xulrunner190
mozilla-xulrunner190.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File mozilla-xulrunner190.changes of Package mozilla-xulrunner190
------------------------------------------------------------------- Thu Mar 18 20:06:08 CET 2010 - wr@rosenauer.org - security update to version 1.9.0.19 (bnc#586567) * MFSA-2010-21/CVE-2010-0179 Arbitrary code execution with Firebug XMLHttpRequestSpy (bmo#504021) * MFSA-2010-20/CVE-2010-0178 Chrome privilege escalation via forced URL drag and drop (bmo#546909) * MFSA-2010-19/CVE-2010-0177 Dangling pointer vulnerability in nsPluginArray (bmo#538310) * MFSA-2010-18/CVE-2010-0176 Dangling pointer vulnerability in nsTreeContentView (bmo#538308) * MFSA-2010-17/CVE-2010-0175 Remote code execution with use-after-free in nsTreeSelection * MFSA-2010-16/CVE-2010-0173/CVE-2010-0174 Crashes with evidence of memory corruption - clean up correctly on update (bnc#589094) ------------------------------------------------------------------- Fri Feb 5 17:02:56 CET 2010 - wr@rosenauer.org - security update to version 1.9.0.18 (bnc#576969) * MFSA-2010-01/CVE-2010-0159 Crashes with evidence of memory corruption * MFSA-2010-02/CVE-2010-0160 Web Worker Array Handling Heap Corruption Vulnerability * MFSA-2010-03/CVE-2009-1571 (bmo#526500) Use-after-free crash in HTML parser * MFSA-2010-04/CVE-2009-3988 (bmo#504862) XSS due to window.dialogArguments being readable cross-domain * MFSA-2010-05/CVE-2010-0162 (bmo#455472) XSS hazard using SVG document and binary Content-Type ------------------------------------------------------------------- Wed Dec 23 14:45:25 CET 2009 - wr@rosenauer.org - update to version 1.9.0.17 * DNS resolution in MakeSN of nsAuthSSPI causing issues for proxy servers that support NTLM auth (bmo#535193) ------------------------------------------------------------------- Fri Dec 4 23:32:34 CET 2009 - wr@rosenauer.org - security update to 1.9.0.16 (bnc#559807) * MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with evidence of memory corruption (1.9.0.16) * MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability * MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities * MFSA 2009-70/CVE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener ------------------------------------------------------------------- Thu Oct 22 07:32:58 CEST 2009 - wr@rosenauer.org - security update to 1.9.0.15 (bnc#545277) * MFSA 2009-52/CVE-2009-3370 (bmo#511615) Form history vulnerable to stealing * MFSA 2009-53/CVE-2009-3274 (bmo#514823) Local downloaded file tampering * MFSA 2009-55/CVE-2009-3372 (bmo#500644) Crash in proxy auto-configuration regexp parsing * MFSA 2009-56/CVE-2009-3373 (bmo#511689) Heap buffer overflow in GIF color map parser * MFSA 2009-57/CVE-2009-3374 (bmo#505988) Chrome privilege escalation in XPCVariant::VariantDataToJS() * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862) Heap buffer overflow in string to number conversion * MFSA 2009-61/CVE-2009-3375 (bmo#503226) Cross-origin data theft through document.getSelection() * MFSA 2009-62/CVE-2009-3376 (bmo#511521) Download filename spoofing with RTL override * MFSA 2009-64/CVE-2009-3380/CVE-2009-3382 Crashes with evidence of memory corruption ------------------------------------------------------------------- Thu Oct 15 10:33:42 CEST 2009 - pwu@novell.com - extend list of supported architectures as ABI identifier (mozilla-abi.patch) (bnc#543460) ------------------------------------------------------------------- Thu Sep 10 11:16:03 CEST 2009 - wr@rosenauer.org - security update to 1.9.0.14 (bnc#534458) * MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/ CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075 Crashes with evidence of memory corruption * MFSA 2009-48/CVE-2009-3076 Insufficient warning for PKCS11 module installation and removal * MFSA 2009-49/CVE-2009-3077 (bmo#506871) TreeColumns dangling pointer vulnerability * MFSA 2009-50/CVE-2009-3078 (bmo#453827) Location bar spoofing via tall line-height Unicode characters * MFSA 2009-51/CVE-2009-3079 (bmo#454363) Chrome privilege escalation with FeedWriter - removed obsolete lcms patches (included upstream) - don't provide libsqlite3.so (bnc#538094) ------------------------------------------------------------------- Mon Aug 3 23:09:02 CEST 2009 - wr@rosenauer.org - security update to 1.9.0.13 (bnc#527489) * MFSA 2009-42 and MFSA 2009-43 don't apply as NSS is provided through package mozilla-nss * MFSA 2009-44/CVE-2009-2654 (bmo#451898) Location bar and SSL indicator spoofing via window.open() on invalid URL ------------------------------------------------------------------- Tue Jul 28 13:03:24 CEST 2009 - wr@rosenauer.org - fixed %exclude usage ------------------------------------------------------------------- Tue Jul 21 23:02:12 CEST 2009 - wr@rosenauer.org - security update to 1.9.0.12 (bnc#522109) * MFSA 2009-34/CVE-2009-2462/CVE-2009-2463/CVE-2009-2464/ CVE-2009-2465/CVE-2009-2466 Crashes with evidence of memory corruption * MFSA 2009-35/CVE-2009-2467 (bmo#493601) Crash and remote code execution during Flash player unloading * MFSA 2009-36/CVE-2009-1194/oCERT-2009-001 (bmo#480134) Heap/integer overflows in font glyph rendering libraries * MFSA 2009-37/CVE-2009-2469 (bmo#488995) Crash and remote code execution using watch and __defineSetter__ on SVG * MFSA 2009-38/CVE-2009-2470 (bmo#459524) Data corruption with SOCKS5 reply containing DNS name longer than 15 characters * MFSA 2009-39/CVE-2009-2471 (bmo#460882) setTimeout loses XPCNativeWrappers * MFSA 2009-40/CVE-2009-2472 Multiple cross origin wrapper bypasses ------------------------------------------------------------------- Mon Jul 13 19:37:04 CEST 2009 - bgmerrell@novell.com - Fixes bnc#490610 (MozillaFirefox: LittleCMS null pointer dereference CVE-2009-0793), add a patch lcms-bnc490610.patch. ------------------------------------------------------------------- Fri Jun 12 08:32:38 CEST 2009 - wr@rosenauer.org - security update to 1.9.0.11 (bnc#505563) * MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833 Crashes with evidence of memory corruption (rv:1.9.0.11) * MFSA 2009-25/CVE-2009-1834 (bmo#479413) URL spoofing with invalid unicode characters * MFSA 2009-26/CVE-2009-1835 (bmo#491801) Arbitrary domain cookie access by local file: resources * MFSA 2009-27/CVE-2009-1836 (bmo#479880) SSL tampering via non-200 responses to proxy CONNECT requests * MFSA 2009-28/CVE-2009-1837 (bmo#486269) Race condition while accessing the private data of a NPObject JS wrapper class object * MFSA 2009-29/CVE-2009-1838 (bmo#489131) Arbitrary code execution using event listeners attached to an element whose owner document is null * MFSA 2009-30/CVE-2009-1839 (bmo#479943) Incorrect principal set for file: resources loaded via location bar * MFSA 2009-31/CVE-2009-1840 (bmo#477979) XUL scripts bypass content-policy checks * MFSA 2009-32/CVE-2009-1841 (bmo#479560) JavaScript chrome privilege escalation - fixing rpath linker flags (part of bnc#501174) ------------------------------------------------------------------- Tue Apr 28 10:42:23 CEST 2009 - wr@rosenauer.org - update to 1.9.0.10 * MFSA 2009-23/CVE-2009-1313 (bmo#489647) Crash in nsTextFrame::ClearTextRun() - fix preprocessor statement to fix build with gcc 4.4 ------------------------------------------------------------------- Thu Apr 16 13:44:47 CEST 2009 - wr@rosenauer.org - security update to 1.9.0.9 (bnc#495473) * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) * MFSA 2009-15/CVE-2009-0652 (bmo#479336) URL spoofing with box drawing character * MFSA 2009-16/CVE-2009-1306 (bmo#474536) jar: scheme ignores the content-disposition: header on the inner URI * MFSA 2009-17/CVE-2009-1307 (bmo#481342) Same-origin violations when Adobe Flash loaded via view-source: scheme * MFSA 2009-18/CVE-2009-1308 (bmo#481558) XSS hazard using third-party stylesheets and XBL bindings * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433) Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString * MFSA 2009-20/CVE-2009-1310 (bmo#483086) Malicious search plugins can inject code into arbitrary sites * MFSA 2009-21/CVE-2009-1311 (bmo#471962) POST data sent to wrong site when saving web page with embedded frame * MFSA 2009-22/CVE-2009-1312 (bmo#475636) Firefox allows Refresh header to redirect to javascript: URIs - removed bnc465284-VUL-designMode.patch since it's integrated in 1.9.0.9 ------------------------------------------------------------------- Fri Mar 27 09:43:43 CET 2009 - wr@rosenauer.org - security update to 1.9.0.8 (bnc#488955,489411) * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation * MFSA 2009-13/CVE-2009-1044 (bmo#484320) Arbitrary code execution via XUL tree moveToEdgeShift ------------------------------------------------------------------- Fri Mar 13 23:00:53 CET 2009 - wr@rosenauer.org - make mozjs consumers using rpath to the correct location to find the library at runtime (bnc#479505) ------------------------------------------------------------------- Wed Mar 11 16:14:09 CST 2009 - pwu@suse.de - Fixes bnc#479610(MozillaFirefox: LittleCMS integer overflows), add a patch lcms-bnc479606.patch. ------------------------------------------------------------------- Thu Mar 5 16:33:09 CST 2009 - pwu@suse.de - Backport a patch from xulrunner191, and fix bnc#465284 and CVE-2009-0071. ------------------------------------------------------------------- Sun Mar 1 11:08:58 CET 2009 - wr@rosenauer.org - security update to 1.9.0.7 (bnc#478625) * MFSA 2009-07 - Crashes with evidence of memory corruption CVE-2009-0771 - Layout Engine Crashes CVE-2009-0772 - Layout Engine Crashes CVE-2009-0773 - crashes in the JavaScript engine CVE-2009-0774 - Layout Engine Crashes * MFSA 2009-08/CVE-2009-0775 - (bmo#474456) Mozilla Firefox XUL Linked Clones Double Free Vulnerability * MFSA 2009-09/CVE-2009-0776 (bmo#414540) XML data theft via RDFXMLDataSource and cross-domain redirect * MFSA 2009-10/CVE-2009-0040 (bmo#478901) Upgrade PNG library to fix memory safety hazards * MFSA 2009-11/CVE-2009-0777 (bmo#452979) URL spoofing with invisible control characters - removed obsolete patch to configure system sqlite ------------------------------------------------------------------- Wed Feb 4 17:09:55 EST 2009 - hfiguiere@suse.de - Review and approve changes. ------------------------------------------------------------------- Tue Feb 3 20:17:40 CET 2009 - wr@rosenauer.org - security update to 1.9.0.6 (bnc#470074) * MFSA 2009-06/CVE-2009-0358: Directives to not cache pages ignored (bmo#441751) * MFSA 2009-05/CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies (bmo#380418) * MFSA 2009-04/CVE-2009-0356: Chrome privilege escalation via local .desktop files (bmo#460425) * MFSA 2009-03/CVE-2009-0355: Local file stealing with SessionStore (bmo#466937) * MFSA 2009-02/CVE-2009-0354: XSS using a chrome XBL method and window.eval (bmo#468581) * MFSA 2009-01/CVE-2009-0352 - CVE-2009-0353: Crashes with evidence of memory corruption (rv:1.9.0.6) (bmo#452913, bmo#449006, bmo#331088, bmo#401042, bmo#416461, bmo#422283, bmo#422301, bmo#431705, bmo#437142, bmo#421839, bmo#420697, bmo#461027) * (non security) added lv locale - never use system sqlite for now since it doesn't provide all features needed and used by mozstorage (bnc#468689) - set the actual xul application name as "uniq" identifier for NSS database merges (instead of hardcoded "mozilla-xul") - fixed crash in certificate viewer (bmo#472464) ------------------------------------------------------------------- Thu Jan 29 16:08:43 EST 2009 - hfiguiere@suse.de - Update gconf-backend.patch to fix a compilation error in debug mode. - Update toolkit-ui-lockdown.patch to fix bnc#366746 ------------------------------------------------------------------- Wed Dec 17 11:44:04 EST 2008 - hfiguiere@suse.de - Review and approve changes. ------------------------------------------------------------------- Mon Dec 15 16:26:43 CET 2008 - wr@rosenauer.org - security update to 1.9.0.5 (bnc#455804) for details http://www.mozilla.org/security/known-vulnerabilities/firefox30.html * added et locale ------------------------------------------------------------------- Tue Dec 9 12:33:47 EST 2008 - hfiguiere@suse.de - Remove the lockdown part of the proxy because of the new upstream management. (bnc#440625) ------------------------------------------------------------------- Mon Dec 8 11:08:44 EST 2008 - hfiguiere@suse.de - Review and approve changes. ------------------------------------------------------------------- Fri Dec 5 16:10:32 EST 2008 - hfiguiere@suse.de - resetting /system/proxy/mode to 'none' set back network.proxy.type to 5 instead of 0. (bnc#441648) ------------------------------------------------------------------- Thu Nov 20 18:52:14 CST 2008 - maw@suse.de - Review and approve changes. ------------------------------------------------------------------- Wed Nov 19 11:49:36 CET 2008 - wr@rosenauer.org - updated mozilla-shared-nss-db.patch * make the patch autodetect nss-shared-helper at buildtime * feature can be disabled completely at runtime exporting MOZ_XRE_NO_NSSHELPER=1 before starting Firefox (that helps to workaround bnc#444780 and makes sense anyway) ------------------------------------------------------------------- Wed Nov 12 19:20:01 EST 2008 - hfiguiere@suse.de - Added gecko-lockdown.patch and toolkit-ui-lockdown.patch * Iron out some bugs from lockdown (bnc#439380) * Apparently fixes (bnc#443420) ------------------------------------------------------------------- Wed Nov 12 17:55:48 CST 2008 - maw@suse.de - Review and approve changes. ------------------------------------------------------------------- Tue Nov 11 09:00:42 CET 2008 - wr@rosenauer.org - update to security/maintenance release 1.9.0.4 (bnc#439841) * support additional locales ------------------------------------------------------------------- Wed Nov 5 22:40:52 CST 2008 - hpj@novell.com - Add mozilla-shared-nss-db.patch, which migrates the old NSS DB to the new, shared format and location. ------------------------------------------------------------------- Tue Oct 28 15:48:37 CST 2008 - maw@suse.de - Review and approve changes. ------------------------------------------------------------------- Mon Oct 27 11:52:13 CET 2008 - wr@rosenauer.org - improved baselibs dependencies - removed obsolete build flags - make biarch dependencies work correctly (bnc#434283) - removed executable bits from PNGs (bnc#433752) ------------------------------------------------------------------- Thu Oct 23 10:14:22 EDT 2008 - hfiguiere@suse.de - Added gconf-backend.patch: * Lockdown: FATE#302023, FATE#302024 ------------------------------------------------------------------- Mon Sep 29 12:27:36 CDT 2008 - maw@suse.de - Review and approve changes. ------------------------------------------------------------------- Sun Sep 28 18:19:26 CEST 2008 - wr@rosenauer.org - update to regression fix release 1.9.0.3 * Fixed a problem where users were unable to retrieve saved passwords or save new passwords (bmo#454708, bnc#429179#c20, CVE-2008-4063, CVE-2008-4064, CVE-2008-3836, andCVE-2008-4070) ------------------------------------------------------------------- Thu Sep 25 14:45:48 CDT 2008 - maw@suse.de - Review and approve changes. ------------------------------------------------------------------- Mon Sep 15 10:20:40 CEST 2008 - wr@rosenauer.org - update to security/maintenance release 1.9.0.2 (bnc#429179) * support more locales * removed upstreamed patches - added PyXPCOM subpackage python-xpcom190 - fix helper app detection for application/octet-stream type (bnc#406979, bmo#327323) - stop shipping the "simple" example - use system provided cairo from 11.1 on ------------------------------------------------------------------- Thu Sep 4 14:55:33 CEST 2008 - ro@suse.de - get rid of at least one opensuse_bs check (should really check project name and not buildsystem) ------------------------------------------------------------------- Tue Aug 19 18:56:49 CEST 2008 - maw@suse.de - Check whether the build is happening on the build service by using 0%{?opensuse_bs} - Readd unzip to the list of build requirements. ------------------------------------------------------------------- Fri Aug 15 18:20:55 CDT 2008 - maw@novell.com - Review and approve changes. ------------------------------------------------------------------- Wed Aug 6 09:07:34 CEST 2008 - wr@rosenauer.org - Fix releasedate and apiversion defines ------------------------------------------------------------------- Tue Jul 29 20:27:24 CEST 2008 - mauro@suse.de - Merge changes from the Build Service (thanks, Wolfgang) - Update to stability/security release 1.9.0.1 (bnc#407573) * added si and sl locales * for security issues please refer to Firefox 3.0.1 - Fixed a crash [@ cairo_draw_with_xlib] (bmo#435764) + Added bmo435764.patch - Fixed vertical stripes in windowless plugins (bmo#430450) + Added bmo430450.patch - Remove about:about (bnc#402699, bmo#349451) + Added mozilla-aboutAbout.patch ------------------------------------------------------------------- Tue Jun 17 18:06:54 CEST 2008 - maw@suse.de - Merge changes from the Build Service (thanks, Wolfgang) (bnc#400001 and SWAMP#18164). ------------------------------------------------------------------- Tue Jun 17 14:23:59 CEST 2008 - wr@rosenauer.org - update to version 1.9 - removed obsolete mozilla-fsync* patch - make it possible to ignore NM events with a pref (bmo#424626) (toolkit.networkmanager.ignore=false|true) (mozilla-network-status.patch) - modify pref to not stop at punctuation for selections (bnc#395070) - fixed restart command for session managers (bnc#396552) - do not compile cairo with SSE support (bnc#397815) - mozilla-js.pc uses correct cflags (bnc#397814) ------------------------------------------------------------------- Mon May 26 18:56:46 CEST 2008 - maw@suse.de - Fix baselibs.conf to mention mozilla-xulrunner190-translations (bnc#393856). ------------------------------------------------------------------- Wed May 21 00:49:39 CEST 2008 - maw@suse.de - Add mozilla-pkgconfig.patch (part of bnc#381154). ------------------------------------------------------------------- Tue May 20 22:44:40 CEST 2008 - maw@suse.de - Add mozilla-fsync-bmo499050.patch (bmo#499050). ------------------------------------------------------------------- Wed Apr 30 22:44:30 CEST 2008 - maw@suse.de - Merge changes from the build service (thanks, Wolfgang): + Only use gconf proxy settings under GNOME (bnc#381172) + Add mozilla-extensionmanager.patch (bnc#381733, and #382969) + Add mozilla-system-hunspell.patch to enable use of the system's hunspell (bnc#382437) + Add mozilla-gnome-proxies.patch: * Only use gconf proxy settings when running under GNOME (bnc#381172) * Correctly read the ignored hosts settings from gconf (bmo#429520) + Add mozilla-helperapp.patch to offer the gconf default for protocol handlers (bnc#383697) - Rename the -lang subpackage to -stranslations (bnc#381635). ------------------------------------------------------------------- Wed Apr 16 17:07:02 CEST 2008 - maw@suse.de - Merge changes from the build service: + Add mozilla-chrome-registry.patch to fix a startup crash (bmo#391311 and bnc#379523) + Add mozilla-scroll.patch to fix scrolling performance issues (bmo#424915 and bnc#377055) + Update baselibs.conf. ------------------------------------------------------------------- Mon Apr 14 19:13:47 CEST 2008 - maw@suse.de - Better sync against the build service's version. ------------------------------------------------------------------- Thu Apr 10 10:38:08 CEST 2008 - ro@suse.de - added baselibs.conf file to create xxbit packages ------------------------------------------------------------------- Tue Apr 1 16:08:05 CEST 2008 - wr@rosenauer.org - update to version 1.9b5 * including fix for bnc #368967 * integrated mozilla-gnome-vfs.patch - updated shipped locales "Provides" - fixed version upgrading (remove leftovers from previous versions) - remove executable flags from JS scripts - CSS DPI scaling now occurs with higher dpi values now (>192) - prerequire coreutils for 'rm' in post scripts ------------------------------------------------------------------- Tue Mar 18 21:59:17 CET 2008 - maw@suse.de - Merge changes from the build service (thanks, Wolfgang). ------------------------------------------------------------------- Mon Mar 10 21:36:24 CET 2008 - wr@rosenauer.org - new snapshot version 1.9b4 - updated shipped locales "Provides" - enabled url classifier component (needed for Firefox' safe browsing feature) - added mozilla-gnome-vfs.patch (#368238) ------------------------------------------------------------------- Fri Feb 29 11:18:04 CET 2008 - wr@rosenauer.org - new snapshot 20080228 - source archive contains browser components now to make it easier to keep xulrunner and firefox in sync (use shipped-locales from browser now instead of keeping a copy in the package) - proxy-type 5 is default now (removed from default prefs) ------------------------------------------------------------------- Thu Feb 28 15:34:17 CET 2008 - wr@rosenauer.org - new snapshot 20080227 - use system provided sqlite for factory/11.0 - use fdupes - tweak default preferences - fix debuginfo package - fix wrong executable permissions - fix wrong ownership of the gnomevfs libs - add add-plugins.sh to manage dictionaries ------------------------------------------------------------------- Tue Feb 26 10:19:24 CET 2008 - wr@rosenauer.org - new snapshot 20080225 - added -gnomevfs subpackage for evaluation - added back -l10n subpackage ------------------------------------------------------------------- Fri Feb 22 08:57:14 CET 2008 - wr@rosenauer.org - initial xulrunner 1.9 package * doesn't update any prior xulrunner yet * can be installed in parallel * just updates the /usr/bin/xulrunner link to the new version * needs NSPR 4.7.1 and NSS 3.12
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor