Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

MozillaFirefox-buildsymbols-45.0-18.1 RPM for x86_64

From OpenSuSE Leap 42.1 updates for x86_64

Name: MozillaFirefox-buildsymbols Distribution: openSUSE Leap 42.1
Version: 45.0 Vendor: openSUSE
Release: 18.1 Build date: Wed Mar 9 09:41:01 2016
Group: Development/Debug Build host: cloud133
Size: 35241310 Source RPM: MozillaFirefox-45.0-18.1.src.rpm
Packager: http://bugs.opensuse.org
Url: http://www.mozilla.org/
Summary: Breakpad buildsymbols for Firefox
This subpackage contains the Breakpad created and compatible debugging
symbols meant for upload to Mozilla's crash collector database.

Provides

Requires

License

MPL-2.0

Changelog

* Sun Mar 06 2016 wr@rosenauer.org
  - update to Firefox 45.0 (boo#969894)
    * requires NSPR 4.12 / NSS 3.21.1
    * Instant browser tab sharing through Hello
    * Synced Tabs button in button bar
    * Tabs synced via Firefox Accounts from other devices are now shown
      in dropdown area of Awesome Bar when searching
    * Introduce a new preference (network.dns.blockDotOnion) to allow
      blocking .onion at the DNS level
    * Tab Groups (Panorama) feature removed
    * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
      Miscellaneous memory safety hazards
    * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
      Local file overwriting and potential privilege escalation through
      CSP reports
    * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
      CSP reports fail to strip location information for embedded iframe pages
    * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
      Linux video memory DOS with Intel drivers
    * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
      Memory leak in libstagefright when deleting an array during MP4
      processing
    * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
      Displayed page address can be overridden
    * MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
      Service Worker Manager out-of-bounds read in Service Worker Manager
    * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
      Use-after-free in HTML5 string parser
    * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
      Use-after-free in SetBody
    * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
      Use-after-free when using multiple WebRTC data channels
    * MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
      Memory corruption when modifying a file being read by FileReader
    * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
      Use-after-free during XML transformations
    * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
      Addressbar spoofing though history navigation and Location protocol
      property
    * MFSA 2016-29/CVE-2016-1967 (bmo#1246956)
      Same-origin policy violation using perfomance.getEntries and
      history navigation with session restore
    * MFSA 2016-30/CVE-2016-1968 (bmo#1246742)
      Buffer overflow in Brotli decompression
    * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
      Memory corruption with malicious NPAPI plugin
    * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/
      CVE-2016-1976/CVE-2016-1972
      WebRTC and LibVPX vulnerabilities found through code inspection
    * MFSA 2016-33/CVE-2016-1973 (bmo#1219339)
      Use-after-free in GetStaticInstance in WebRTC
    * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
      Out-of-bounds read in HTML parser following a failed allocation
    * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
      Buffer overflow during ASN.1 decoding in NSS
      (fixed by requiring 3.21.1)
    * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
      Use-after-free during processing of DER encoded keys in NSS
      (fixed by requiring 3.21.1)
    * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
      CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
      CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
      CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
      Font vulnerabilities in the Graphite 2 library
* Sat Mar 05 2016 olaf@aepfle.de
  - Remove B_CNT from symbols.zip filename to reduce build-compare noise
* Fri Feb 26 2016 astieger@suse.com
  - fix build problems on i586, caused by too large unified compile
    units - adding mozilla-reduce-files-per-UnifiedBindings.patch
* Thu Feb 11 2016 wr@rosenauer.org
  - update to Firefox 44.0.2
    * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438)
      Same-origin-policy violation using Service Workers with plugins
    * Fix issue which could lead to the removal of stored passwords
      under certain circumstances (bmo#1242176)
    * Allows spaces in cookie names (bmo#1244505)
    * Disable opus/vorbis audio with H.264 (bmo#1245696)
    * Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
    * Fix a crash in cache networking (bmo#1244076)
    * Fix using WebSockets in service worker controlled pages (bmo#1243942)
* Sun Jan 24 2016 wr@rosenauer.org
  - update to Firefox 44.0
    * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633
      Miscellaneous memory safety hazards
    * MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634
      Out of Memory crash when parsing GIF format images
    * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635
      Buffer overflow in WebGL after out of memory allocation
    * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637
      Firefox allows for control characters to be set in cookie names
    * MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641
      Missing delay following user click events in protocol handler dialog
    * MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731
      Errors in mp_div and mp_exptmod cryptographic functions in NSS
      (fixed by requiring NSS 3.21)
    * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)
      Addressbar spoofing attacks boo#963643
    * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
      (bmo#1186621, bmo#1214782, bmo#1232096) boo#963644
      Unsafe memory manipulation found through code inspection
    * MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645
      Application Reputation service disabled in Firefox 43
    * requires NSPR 4.11
    * requires NSS 3.21
  - prepare mozilla-kde.patch for Gtk3 builds
  - rebased patches
* Mon Jan 11 2016 astieger@suse.com
  - Mozilla Firefox 43.0.4:
    * Re-enable SHA-1 certificates to prevent outdated
      man-in-the-middle security devices from interfering with
      properly secured SSL/TLS connections (bmo#1236975)
    * Fix for startup crash for users of a third party antivirus tool
      (bmo#1235537)
  - The following change was previously in the package as a patch:
    * Multi-user GNU/Linux download folders can be created
    (bmo#1233434), removed mozilla-bmo1233434.patch
* Tue Dec 29 2015 wr@rosenauer.org
  - update to Firefox 43.0.3
    * requires NSS 3.20.2 to fix
      MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
      MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
      server signature
    * various changes to support Windows update (SHA-1 vs. SHA-2)
    * workaround Youtube user agent detection issue (bmo#1233970)
  - fix file download regression for multi user systems
    (bmo#1233434) (mozilla-bmo1233434.patch)
  - explicitely requires libXcomposite-devel
* Sun Dec 13 2015 wr@rosenauer.org
  - update to Firefox 43.0 (bnc#959277)
    * Improved API support for m4v video playback
    * Users can opt-in to receive search suggestions from the Awesome Bar
    * WebRTC streaming on multiple monitors
    * User selectable second block list for Private Browsing's Tracking
      Protection
    security fixes:
    * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
      Miscellaneous memory safety hazards
    * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
      Crash with JavaScript variable assignment with unboxed objects
    * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
      Same-origin policy violation using perfomance.getEntries and
      history navigation
    * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
      Firefox allows for control characters to be set in cookies
    * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
      Use-after-free in WebRTC when datachannel is used after being
      destroyed
    * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
      Integer overflow allocating extremely large textures
    * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
      Cross-origin information leak through web workers error events
    * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
      Hash in data URI is incorrectly parsed
    * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
      DOS due to malformed frames in HTTP/2
    * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
      Linux file chooser crashes on malformed images due to flaws in
      Jasper library
    * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
      (bmo#1201183, bmo#1178033, bmo#1199400)
      Buffer overflows found through code inspection
    * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
      Underflow through code inspection
    * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
      Integer overflow in MP4 playback in 64-bit versions
    * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
      Integer underflow and buffer overflow processing MP4 metadata in
      libstagefright
    * MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
      Privilege escalation vulnerabilities in WebExtension APIs
    * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
      Cross-site reading attack through data and view-source URIs
  - rebased patches
* Sun Nov 15 2015 wr@rosenauer.org
  - Add desktop menu action for private browsing window to desktop
    file (boo#954747)
  - remove obsolete patch mozilla-bmo1005535.patch completely from
    source package to avoid automatic check failures
* Sat Oct 31 2015 wr@rosenauer.org
  - update to Firefox 42.0 (bnc#952810)
    * Private Browsing with Tracking Protection blocks certain Web
      elements that could be used to record your behavior across sites
    * Control Center that contains site security and privacy controls
    * Login Manager improvements
    * WebRTC improvements
    * Indicator added to tabs that play audio with one-click muting
    * Media Source Extension for HTML5 video available for all sites
    security fixes:
    * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
      Miscellaneous memory safety hazards
    * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
      Information disclosure through NTLM authentication
    * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
      CSP bypass due to permissive Reader mode whitelist
    * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
      Firefox for Android addressbar can be removed after fullscreen mode
    * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
      Reading sensitive profile files through local HTML file on Android
    * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
      disabling scripts in Add-on SDK panels has no effect
    * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
      Trailing whitespace in IP address hostnames can bypass same-origin policy
    * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
      Buffer overflow during image interactions in canvas
    * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
      Android intents can be used on Firefox for Android to open privileged files
    * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
      XSS attack through intents on Firefox for Android
    * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
      Crash when accessing HTML tables with accessibility tools on OS X
    * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
      CORS preflight is bypassed when non-standard Content-Type headers
      are received
    * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
      Memory corruption in libjar through zip files
    * MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
      Certain escaped characters in host of Location-header are being
      treated as non-escaped
    * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
      JavaScript garbage collection crash with Java applet
    * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
      (bmo#1188010, bmo#1204061, bmo#1204155)
      Vulnerabilities found through code inspection
    * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
      Mixed content WebSocket policy bypass through workers
    * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
      (bmo#1202868, bmo#1205157)
      NSS and NSPR memory corruption issues
      (fixed in mozilla-nspr and mozilla-nss packages)
  - requires NSPR >= 4.10.10 and NSS >= 3.19.4
  - removed obsolete patches
    * mozilla-arm-disable-edsp.patch
    * mozilla-icu-strncat.patch
    * mozilla-skia-be-le.patch
    * toolkit-download-folder.patch
  - fixed build with enable-libproxy (bmo#1220399)
    * mozilla-libproxy.patch
* Thu Oct 15 2015 wr@rosenauer.org
  - update to Firefox 41.0.2 (bnc#950686)
    * MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669)
      Cross-origin restriction bypass using Fetch
  - added explicit appdata provides (bnc#949983)
* Sun Oct 04 2015 wr@rosenauer.org
  - do not build with --enable-stdcxx-compat
    (this starts to fail build on various toolchain combinations
    and is not required for openSUSE builds in general
* Thu Oct 01 2015 wr@rosenauer.org
  - update to Firefox 41.0.1
    * Fix a startup crash related to Yandex toolbar and Adblock Plus
      (bmo#1209124)
    * Fix potential hangs with Flash plugins (bmo#1185639)
    * Fix a regression in the bookmark creation (bmo#1206376)
    * Fix a startup crash with some Intel Media Accelerator 3150
      graphic cards (bmo#1207665)
    * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)
* Sat Sep 19 2015 wr@rosenauer.org
  - update to Firefox 41.0 (bnc#947003)
    * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
      Miscellaneous memory safety hazards
    * MFSA 2015-97/CVE-2015-4503 (bmo#994337)
      Memory leak in mozTCPSocket to servers
    * MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
      Out of bounds read in QCMS library with ICC V4 profile attributes
    * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
      Site attribute spoofing on Android by pasting URL with unknown scheme
    * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
      Arbitrary file manipulation by local user through Mozilla updater
    * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
      Buffer overflow in libvpx while parsing vp9 format video
    * MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
      Crash when using debugger with SavedStacks in JavaScript
    * MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
      URL spoofing in reader mode
    * MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
      Use-after-free with shared workers and IndexedDB
    * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
      Buffer overflow while decoding WebM video
    * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
      Use-after-free while manipulating HTML media content
    * MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
      Out-of-bounds read during 2D canvas display on Linux 16-bit
      color depth systems
    * MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
      Scripted proxies can access inner window
    * MFSA 2015-109/CVE-2015-4516 (bmo#904886)
      JavaScript immutable property enforcement can be bypassed
    * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
      Dragging and dropping images exposes final URL after redirects
    * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
      Errors in the handling of CORS preflight request headers
    * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
      CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
      CVE-2015-7180
      Vulnerabilities found through code inspection
    * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
      bmo#1190526) (Windows only)
      Memory safety errors in libGLES in the ANGLE graphics library
    * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
      Information disclosure via the High Resolution Time API
  - rebased patches
  - removed obsolete patches
    * mozilla-arm64-libjpeg-turbo.patch
* Thu Aug 27 2015 wr@rosenauer.org
  - update to Firefox 40.0.3 (bnc#943550)
    * Disable the asynchronous plugin initialization (bmo#1198590)
    * Fix a segmentation fault in the GStreamer support (bmo#1145230)
    * Fix a regression with some Japanese fonts used in the <input>
      field (bmo#1194055)
    * On some sites, the selection in a select combox box using the
      mouse could be broken (bmo#1194733)
    security fixes
    * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
      Use-after-free when resizing canvas element during restyling
    * MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
      Add-on notification bypass through data URLs
* Fri Aug 07 2015 wr@rosenauer.org
  - update to Firefox 40.0 (bnc#940806)
    * Added protection against unwanted software downloads
    * Suggested Tiles show sites of interest, based on categories
      from your recent browsing history
    * Hello allows adding a link to conversations to provide context
      on what the conversation will be about
    * New style for add-on manager based on the in-content
      preferences style
    * Improved scrolling, graphics, and video playback performance
      with off main thread compositing (GNU/Linux only)
    * Graphic blocklist mechanism improved: Firefox version ranges
      can be specified, limiting the number of devices blocked
    security fixes:
    * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
      Miscellaneous memory safety hazards
    * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
      Out-of-bounds read with malformed MP3 file
    * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
      Use-after-free in MediaStream playback
    * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
      Redefinition of non-configurable JavaScript object properties
    * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
      Overflow issues in libstagefright
    * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
      Arbitrary file overwriting through Mozilla Maintenance Service
      with hard links (only affected Windows)
    * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
      Out-of-bounds write with Updater and malicious MAR file
      (does not affect openSUSE RPM packages which do not ship the
      updater)
    * MFSA 2015-86/CVE-2015-4483 (bmo#1148732)
      Feed protocol with POST bypasses mixed content protections
    * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
      Crash when using shared memory in JavaScript
    * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
      Heap overflow in gdk-pixbuf when scaling bitmap images
    * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
      Buffer overflows on Libvpx when decoding WebM video
    * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
      Vulnerabilities found through code inspection
    * MFSA 2015-91/CVE-2015-4490 (bmo#1086999)
      Mozilla Content Security Policy allows for asterisk wildcards
      in violation of CSP specification
    * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
      Use-after-free in XMLHttpRequest with shared workers
  - added mozilla-no-stdcxx-check.patch
  - removed obsolete patches
    * mozilla-add-glibcxx_use_cxx11_abi.patch
    * firefox-multilocale-chrome.patch
  - rebased patches
  - requires version 40 of the branding package
  - removed browser/searchplugins/ location as it's not valid anymore
* Fri Aug 07 2015 wr@rosenauer.org
  - security update to Firefox 39.0.3 (bnc#940918)
    * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
      Same origin violation and local file stealing via PDF reader
* Wed Jul 01 2015 wr@rosenauer.org
  - update to Firefox 39.0 (bnc#935979)
    * Share Hello URLs with social networks
    * Support for 'switch' role in ARIA 1.1 (web accessibility)
    * SafeBrowsing malware detection lookups enabled for downloads
      (Mac OS X and Linux)
    * Support for new Unicode 8.0 skin tone emoji
    * Removed support for insecure SSLv3 for network communications
    * Disable use of RC4 except for temporarily whitelisted hosts
    * NPAPI Plug-in performance improved via asynchronous initialization
    security fixes:
    * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726
      Miscellaneous memory safety hazards
    * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
      Local files or privileged URLs in pages can be opened into new tabs
    * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
      Type confusion in Indexed Database Manager
    * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
      Out-of-bound read while computing an oscillator rendering range in Web Audio
    * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
      Use-after-free in Content Policy due to microtask execution error
    * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
      ECDSA signature validation fails to handle some signatures correctly
      (this fix is shipped by NSS 3.19.1 externally)
    * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
      Use-after-free in workers while using XMLHttpRequest
    * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
      CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
      Vulnerabilities found through code inspection
    * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
      Key pinning is ignored when overridable errors are encountered
    * MFSA 2015-68/CVE-2015-2742 (bmo#1138669)
      OS X crash reports may contain entered key press information
      (not relevant under Linux)
    * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
      Privilege escalation in PDF.js
    * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
      NSS accepts export-length DHE keys with regular DHE cipher suites
      (this fix is shipped by NSS 3.19.1 externally)
    * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
      NSS incorrectly permits skipping of ServerKeyExchange
      (this fix is shipped by NSS 3.19.1 externally)
  - dropped mozilla-prefer_plugin_pref.patch as this feature is
    likely not worth maintaining further
  - rebased patches
  - require NSS 3.19.2
* Thu Jun 18 2015 schwab@suse.de
  - mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
* Sun Jun 07 2015 wr@rosenauer.org
  - update to Firefox 38.0.6
    * fixes bmo#1171730 which is not really relevant to oS builds
  - fix KDE regression from 38.0.5 builds (bsc#933439)
* Sat May 23 2015 wr@rosenauer.org
  - update to Firefox 38.0.5
    * Keep track of articles and videos with Pocket
    * Clean formatting for articles and blog posts with Reader View
    * Share the active tab or window in a Hello conversation
  - add changes file as source for SRPM (bsc#932142)
* Fri May 15 2015 normand@linux.vnet.ibm.com
  - add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from
    https://bugzilla.mozilla.org/show_bug.cgi?id=1153109
* Fri May 15 2015 wr@rosenauer.org
  - update to Firefox 38.0.1
    stability and regression fixes
    * Systems with first generation NVidia Optimus graphics cards
      may crash on start-up
    * Users who import cookies from Google Chrome can end up with
      broken websites
    * Large animated images may fail to play and may stop other
      images from loading
* Sun May 10 2015 wr@rosenauer.org
  - update to Firefox 38.0 (bnc#930622)
    * New tab-based preferences
    * Ruby annotation support
    * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
    security fixes:
    * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
      Miscellaneous memory safety hazards
    * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
      Buffer overflow parsing H.264 video with Linux Gstreamer
    * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
      Buffer overflow with SVG content and CSS
    * MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
      Referrer policy ignored when links opened by middle-click and
      context menu
    * MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
      Out-of-bounds read and write in asm.js validation
    * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
      Use-after-free during text processing with vertical text enabled
    * MFSA 2015-53/CVE-2015-2715 (bmo#988698)
      Use-after-free due to Media Decoder Thread creation during shutdown
    * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
      Buffer overflow when parsing compressed XML
    * MFSA 2015-55/CVE-2015-2717 (bmo#1154683)
      Buffer overflow and out-of-bounds read while parsing MP4 video
      metadata
    * MFSA 2015-56/CVE-2015-2718 (bmo#1146724)
      Untrusted site hosting trusted page can intercept webchannel
      responses
    * MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
      Privilege escalation through IPC channel messages
  - requires NSS 3.18.1
  - removed obsolete patches:
    * mozilla-skia-bmo1136958.patch
  - remove gnomevfs build options as it is removed from sources
  - rebased patches
* Fri Apr 17 2015 wr@rosenauer.org
  - update to Firefox 37.0.2 (bnc#928116)
    * MFSA 2015-45/CVE-2015-2706 (bmo#1141081)
      Memory corruption during failed plugin initialization
* Fri Apr 03 2015 wr@rosenauer.org
  - update to Firefox 37.0.1 (bnc#926166)
    * MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only)
      Loading privileged content through Reader mode
    * MFSA 2015-44/CVE-2015-0799 (bmo#1148328)
      Certificate verification bypass through the HTTP/2 Alt-Svc header
* Sat Mar 28 2015 wr@rosenauer.org
  - update to Firefox 37.0 (bnc#925368)
    * Heartbeat user rating system
    * Yandex set as default search provider for the Turkish locale
    * Bing search now uses HTTPS for secure searching
    * Improved protection against site impersonation via OneCRL
      centralized certificate revocation
    * Opportunistically encrypt HTTP traffic where the server supports
      HTTP/2 AltSvc
    * some more behaviour changes for TLS
    security fixes:
    * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
      Miscellaneous memory safety hazards
    * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
      Use-after-free when using the Fluendo MP3 GStreamer plugin
    * MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
      Add-on lightweight theme installation approval bypassed through
      MITM attack
    * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
      resource:// documents can load privileged pages
    * MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
      Out of bounds read in QCMS library
    * MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
      Cursor clickjacking with flash and images (OS X only)
    * MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
      Incorrect memory management for simple-type arrays in WebRTC
    * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
      CORS requests should not follow 30x redirections after preflight
    * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
      Memory corruption crashes in Off Main Thread Compositing
    * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)
      Use-after-free due to type confusion flaws
    * MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
      Same-origin bypass through anchor navigation
    * MFSA-2015-41/CVE-2015-0800/CVE-2012-2808
      PRNG weakness allows for DNS poisoning on Android (only)
    * MFSA-2015-42/CVE-2015-0802 (bmo#1124898)
      Windows can retain access to privileged content on navigation
      to unprivileged pages
  - removed obsolete patches
    * mozilla-bmo1088588.patch
    * mozilla-bmo1108834.patch
  - requires NSPR 4.10.8
* Tue Mar 24 2015 dvaleev@suse.com
  - Fix builds with skia on Power
    mozilla-skia-be-le.patch (patch from #bmo1136958)
    mozilla-bmo1108834.patch
    mozilla-bmo1005535.patch
* Sat Mar 21 2015 wr@rosenauer.org
  - update to Firefox 36.0.4 (bnc#923534)
    * MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
      Privilege escalation through SVG navigation
    * MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
      Code execution through incorrect JavaScript bounds checking
      elimination
* Fri Mar 20 2015 dimstar@opensuse.org
  - Copy the icons to /usr/share/icons instead of symlinking them:
    in preparation for containerized apps (e.g. xdg-app) as well as
    AppStream metadata extraction, there are a couple locations that
    need to be real files for system integration (.desktop files,
    icons, mime-type info).
* Sat Mar 07 2015 wr@rosenauer.org
  - update to Firefox 36.0.1
    Bugfixes:
    * Disable the usage of the ANY DNS query type (bmo#1093983)
    * Hello may become inactive until restart (bmo#1137469)
    * Print preferences may not be preserved (bmo#1136855)
    * Hello contact tabs may not be visible (bmo#1137141)
    * Accept hostnames that include an underscore character ("_")
      (bmo#1136616)
    * WebGL may use significant memory with Canvas2d (bmo#1137251)
    * Option -remote has been restored (bmo#1080319)
  - added mozilla-skia-bmo1136958.patch to fix build issues for
    ARM and PPC
* Fri Feb 20 2015 wr@rosenauer.org
  - update to Firefox 36.0 (bnc#917597)
    * mozilla-xremote-client was removed
    * added libclearkey.so media plugin
    * Pinned tiles on the new tab page can be synced
    * Support for the full HTTP/2 protocol. HTTP/2 enables a faster,
      more scalable, and more responsive web.
    * Locale added: Uzbek (uz)
    security fixes:
    * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
      Miscellaneous memory safety hazards
    * MFSA 2015-12/CVE-2015-0833 (bmo#945192)
      Invoking Mozilla updater will load locally stored DLL files
      (Windows only)
    * MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
      Appended period to hostnames can bypass HPKP and HSTS protections
    * MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
      Malicious WebGL content crash when writing strings
    * MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
      TLS TURN and STUN connections silently fail to simple TCP connections
    * MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
      Use-after-free in IndexedDB
    * MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
      Buffer overflow in libstagefright during MP4 video playback
    * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
      Double-free when using non-default memory allocators with a
      zero-length XHR
    * MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
      Out-of-bounds read and write while rendering SVG content
    * MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
      Buffer overflow during CSS restyling
    * MFSA 2015-21/CVE-2015-0825 (bmo#1092370)
      Buffer underflow during MP3 playback
    * MFSA 2015-22/CVE-2015-0824 (bmo#1095925)
      Crash using DrawTarget in Cairo graphics library
    * MFSA 2015-23/CVE-2015-0823 (bmo#1098497)
      Use-after-free in Developer Console date with OpenType Sanitiser
    * MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
      Reading of local files through manipulation of form autocomplete
    * MFSA 2015-25/CVE-2015-0821 (bmo#1111960)
      Local files or privileged URLs in pages can be opened into new tabs
    * MFSA 2015-26/CVE-2015-0819 (bmo#1079554)
      UI Tour whitelisted sites in background tab can spoof foreground
      tabs
    * MFSA 2015-27CVE-2015-0820 (bmo#1125398)
      Caja Compiler JavaScript sandbox bypass
  - rebased patches
  - requires NSS 3.17.4
* Sat Jan 31 2015 wr@rosenauer.org
  - update to Firefox 35.0.1
    * With the Enhanced Steam extension, Firefox could crash (bmo#1123732)
    * Kerberos authentication did not work with alias (bmo#1108971)
    * SVG / CSS animation had a regression causing rendering issues on
      websites like openstreemap.org (bmo#1083079)
    * On Godaddy webmail, Firefox could crash (bmo#1113121)
    * document.baseURI did not get updated to document.location after
      base tag was removed from DOM for site with a CSP (bmo#1121857)
    * With a Right-to-left (RTL) version of Firefox, the text selection
      could be broken (bmo#1104036)
    * CSP had a change in behavior with regard to case sensitivity
      resources loading (bmo#1122445)
* Sat Jan 10 2015 wr@rosenauer.org
  - update to Firefox 35.0 (bnc#910669)
    notable features:
    * Firefox Hello with new rooms-based conversations model
    * Implemented HTTP Public Key Pinning Extension (for enhanced
      authentication of encrypted connections)
    security fixes:
    * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
      Miscellaneous memory safety hazards
    * MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
      Uninitialized memory use during bitmap rendering
    * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
      sendBeacon requests lack an Origin header
    * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
      Cookie injection through Proxy Authenticate responses
    * MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
      Read of uninitialized memory in Web Audio
    * MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
      Read-after-free in WebRTC
    * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
      Gecko Media Plugin sandbox escape
    * MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
      Delegated OCSP responder certificates failure with
      id-pkix-ocsp-nocheck extension
    * MFSA 2015-09/CVE-2014-8636 (bmo#987794)
      XrayWrapper bypass through DOM objects
  - rebased patches
  - dropped explicit support for everything older than 12.3
    (including SLES11)
    * merge firefox-kde.patch and firefox-kde-114.patch
    * dropped mozilla-sle11.patch
  - reworked specfile to build conditionally based on release channel
    either Firefox or Firefox Developer Edition
  - added mozilla-openaes-decl.patch to fix implicit declarations
  - obsolete tracker-miner-firefox < 0.15 because it leads to startup
    crashes (bnc#908892)
* Sat Dec 13 2014 Led <ledest@gmail.com>
  - fix bashism in mozilla.sh script
* Sat Nov 29 2014 wr@rosenauer.org
  - update to Firefox 34.0.5 (bnc#908009)
    * Default search engine changed to Yahoo! for North America
    * Default search engine changed to Yandex for Belarusian, Kazakh,
      and Russian locales
    * Improved search bar (en-US only)
    * Firefox Hello real-time communication client
    * Easily switch themes/personas directly in the Customizing mode
    * Implementation of HTTP/2 (draft14) and ALPN
    * Disabled SSLv3
    * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
      Miscellaneous memory safety hazards
    * MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
      XBL bindings accessible via improper CSS declarations
    * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
      XMLHttpRequest crashes with some input streams
    * MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
      CSP leaks redirect data via violation reports
    * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
      Use-after-free during HTML5 parsing
    * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
      Buffer overflow while parsing media content
    * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
      Bad casting from the BasicThebesLayer to BasicContainerLayer
  - rebased patches
  - limit linker memory usage for %ix86
  - rebased patches
* Fri Nov 07 2014 wr@rosenauer.org
  - update to Firefox 33.1
    * Adding DuckDuckGo as a search option (upstream)
    * Forget Button added
    * Enhanced Tiles
    * Privacy tour introduced
  - fix typo in GStreamer Recommends
* Tue Nov 04 2014 guillaume@opensuse.org
  - Disable elf-hack for aarch64
  - Enable EGL for aarch64
  - Limit RAM usage during link for %arm
  - Fix _constraints for ARM
* Mon Nov 03 2014 dmueller@suse.com
  - use proper macros for ARM
* Mon Nov 03 2014 josua.mayer97@gmail.com
  - use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too
    to fix compiling.
  - pass '-Wl,--no-keep-memory' to linker to reduce required memory during
    linking on arm.
* Thu Oct 30 2014 wr@rosenauer.org
  - update to Firefox 33.0.2
    * Fix a startup crash with some combination of hardware and drivers
    33.0.1
    * Firefox displays a black screen at start-up with certain
      graphics drivers
  - adjusted _constraints for ARM
* Tue Oct 28 2014 josua.mayer97@gmail.com
  - added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588)
* Sat Oct 25 2014 wr@rosenauer.org
  - define /usr/share/myspell as additional dictionary location
    and remove add-plugins.sh finally (bnc#900639)
* Sun Oct 19 2014 vindex17@outlook.it
  - use Firefox default optimization flags instead of -Os
  - specfile cleanup
* Wed Oct 15 2014 wr@rosenauer.org
  - fix build for all ppc by not enabling elf-hack
    (bnc#901213)
* Sat Oct 11 2014 wr@rosenauer.org
  - update to Firefox 33.0 (bnc#900941)
    New features:
    * OpenH264 support (sandboxed)
    * Enhanced Tiles
    * Improved search experience through the location bar
    * Slimmer and faster JavaScript strings
    * New CSP (Content Security Policy) backend
    * Support for connecting to HTTP proxy over HTTPS
    * Improved reliability of the session restoration
    * Proprietary window.crypto properties/functions removed
    Security:
    * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575
      Miscellaneous memory safety hazards
    * MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
      Buffer overflow during CSS manipulation
    * MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
      Web Audio memory corruption issues with custom waveforms
    * MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
      Out-of-bounds write with WebM video
    * MFSA 2014-78/CVE-2014-1580 (bmo#1063733)
      Further uninitialized memory use during GIF rendering
    * MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
      Use-after-free interacting with text directionality
    * MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190)
      Key pinning bypasses
    * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
      Inconsistent video sharing within iframe
    * MFSA 2014-82/CVE-2014-1583 (bmo#1015540)
      Accessing cross-origin objects via the Alarms API
      (only relevant for installed web apps)
  - requires NSPR 4.10.7
  - requires NSS 3.17.1
  - removed obsolete patches:
    * mozilla-ppc.patch
    * mozilla-libproxy-compat.patch
  - added basic appdata information
* Sat Sep 20 2014 wr@rosenauer.org
  - update to Firefox 32.0.2
    * just a version bump for our builds
    * fixed the in application update process for certain environments
      (in application update is not enabled in openSUSE and Linux
      is unaffected in any case)
  - build with --disable-optimize for 13.1 and above for i586 to
    workaround miscompilations (bnc#896624)
  - use some more build flags to align with upstream
* Sat Sep 13 2014 wr@rosenauer.org
  - update to Firefox 32.0.1
    * fixed stability issues for computers with multiple graphics cards
    * mixed content icon may be incorrectly displayed instead of lock
      icon for SSL sites in 32.0 (
    * WebRTC: setRemoteDescription() silently fails if no success
      callback is specified (bmo#1063971)
* Sun Aug 31 2014 wr@rosenauer.org
  - update to Firefox 32.0 (bnc#894370)
    * MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562
      Miscellaneous memory safety hazards
    * MFSA 2014-68/CVE-2014-1563 (bmo#1018524)
      Use-after-free during DOM interactions with SVG
    * MFSA 2014-69/CVE-2014-1564 (bmo#1045977)
      Uninitialized memory use during GIF rendering
    * MFSA 2014-70/CVE-2014-1565 (bmo#1047831)
      Out-of-bounds read in Web Audio audio timeline
    * MFSA 2014-72/CVE-2014-1567 (bmo#1037641)
      Use-after-free setting text directionality
  - rebased patches
  - requires NSS 3.16.4
  - removed upstreamed patch
    * mozilla-aarch64-bmo-810631.patch
* Wed Aug 20 2014 behlert@suse.de
  - adapted _constraints, used more than 3900MB on s390x during
    last build
* Sun Jul 20 2014 wr@rosenauer.org
  - update to Firefox 31.0 (bnc#887746)
    * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548
      Miscellaneous memory safety hazards
    * MFSA 2014-57/CVE-2014-1549 (bmo#1020205)
      Buffer overflow during Web Audio buffering for playback
    * MFSA 2014-58/CVE-2014-1550 (bmo#1020411)
      Use-after-free in Web Audio due to incorrect control message ordering
    * MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375)
      Toolbar dialog customization event spoofing
    * MFSA 2014-61/CVE-2014-1555 (bmo#1023121)
      Use-after-free with FireOnStateChange event
    * MFSA 2014-62/CVE-2014-1556 (bmo#1028891)
      Exploitable WebGL crash with Cesium JavaScript library
    * MFSA 2014-63/CVE-2014-1544 (bmo#963150)
      Use-after-free while when manipulating certificates in the trusted cache
      (solved with NSS 3.16.2 requirement)
    * MFSA 2014-64/CVE-2014-1557 (bmo#913805)
      Crash in Skia library when scaling high quality images
    * MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560
      (bmo#1015973, bmo#1026022, bmo#997795)
      Certificate parsing broken by non-standard character encoding
    * MFSA 2014-66/CVE-2014-1552 (bmo#985135)
      IFRAME sandbox same-origin access through redirect
  - use EGL on ARM
  - rebased patches
  - requires NSS 3.16.2
  - requires python-devel (not only python)
* Mon Jun 09 2014 wr@rosenauer.org
  - update to Firefox 30.0 (bnc#881874)
    * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
      (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
      bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
      bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
      bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
      bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
      bmo#1009952, bmo#1011007)
      Miscellaneous memory safety hazards (rv:30.0)
    * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
      (bmo#989994, bmo#999274, bmo#1005584)
      Use-after-free and out of bounds issues found using Address
      Sanitizer
    * MFSA 2014-50/CVE-2014-1539 (bmo#995603)
      Clickjacking through cursor invisability after Flash interaction
    * MFSA 2014-51/CVE-2014-1540 (bmo#978862)
      Use-after-free in Event Listener Manager
    * MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
      Use-after-free with SMIL Animation Controller
    * MFSA 2014-53/CVE-2014-1542 (bmo#991533)
      Buffer overflow in Web Audio Speex resampler
    * MFSA 2014-54/CVE-2014-1543 (bmo#1011859)
      Buffer overflow in Gamepad API
    * MFSA 2014-55/CVE-2014-1545 (bmo#1018783)
      Out of bounds write in NSPR
  - rebased patches
  - removed obsolete patches
    * firefox-browser-css.patch
    * mozilla-aarch64-bmo-962488.patch
    * mozilla-aarch64-bmo-963023.patch
    * mozilla-aarch64-bmo-963024.patch
    * mozilla-aarch64-bmo-963027.patch
    * mozilla-ppc64-xpcom.patch
    * mozilla-ppc64le-javascript.patch
    * mozilla-ppc64le-libffi.patch
    * mozilla-ppc64le-mfbt.patch
    * mozilla-ppc64le-webrtc.patch
    * mozilla-ppc64le-xpcom.patch
    * mozilla-ppc64le-build.patch
  - requires NSPR 4.10.6
  - enabled GStreamer 1.0 usage for 13.2 and above
* Sat May 10 2014 wr@rosenauer.org
  - update to Firefox 29.0.1
    * Seer disabled by default (bmo#1005958)
    * Session Restore failed with a corrupted sessionstore.js file
      (bmo#1001167)
    * pdf.js printing white page (bmo#1003707, bnc#876833)
  - general.useragent.locale gets overwritten with en-US while it
    should be using the active langpack's setting
* Sat Apr 26 2014 wr@rosenauer.org
  - update to Firefox 29.0 (bnc#875378)
    * MFSA 2014-34/CVE-2014-1518/CVE-2014-1519
      Miscellaneous memory safety hazards
    * MFSA 2014-36/CVE-2014-1522 (bmo#995289)
      Web Audio memory corruption issues
    * MFSA 2014-37/CVE-2014-1523 (bmo#969226)
      Out of bounds read while decoding JPG images
    * MFSA 2014-38/CVE-2014-1524 (bmo#989183)
      Buffer overflow when using non-XBL object as XBL
    * MFSA 2014-39/CVE-2014-1525 (bmo#989210)
      Use-after-free in the Text Track Manager for HTML video
    * MFSA 2014-41/CVE-2014-1528 (bmo#963962)
      Out-of-bounds write in Cairo
    * MFSA 2014-42/CVE-2014-1529 (bmo#987003)
      Privilege escalation through Web Notification API
    * MFSA 2014-43/CVE-2014-1530 (bmo#895557)
      Cross-site scripting (XSS) using history navigations
    * MFSA 2014-44/CVE-2014-1531 (bmo#987140)
      Use-after-free in imgLoader while resizing images
    * MFSA 2014-45/CVE-2014-1492 (bmo#903885)
      Incorrect IDNA domain name matching for wildcard certificates
      (fixed by NSS 3.16)
    * MFSA 2014-46/CVE-2014-1532 (bmo#966006)
      Use-after-free in nsHostResolver
    * MFSA 2014-47/CVE-2014-1526 (bmo#988106)
      Debugger can bypass XrayWrappers with JavaScript
  - rebased patches
  - removed obsolete patches
    * firefox-browser-css.patch
    * mozilla-aarch64-599882cfb998.diff
    * mozilla-aarch64-bmo-963028.patch
    * mozilla-aarch64-bmo-963029.patch
    * mozilla-aarch64-bmo-963030.patch
    * mozilla-aarch64-bmo-963031.patch
  - requires NSS 3.16
  - added mozilla-icu-strncat.patch to fix post build checks
* Mon Apr 07 2014 dmueller@suse.com
  - add mozilla-aarch64-599882cfb998.patch,
      mozilla-aarch64-bmo-810631.patch,
      mozilla-aarch64-bmo-962488.patch,
      mozilla-aarch64-bmo-963030.patch,
      mozilla-aarch64-bmo-963027.patch,
      mozilla-aarch64-bmo-963028.patch,
      mozilla-aarch64-bmo-963029.patch,
      mozilla-aarch64-bmo-963023.patch,
      mozilla-aarch64-bmo-963024.patch,
      mozilla-aarch64-bmo-963031.patch: AArch64 porting
* Mon Mar 24 2014 dvaleev@suse.com
  - Add patch for bmo#973977
    * mozilla-ppc64-xpcom.patch
* Mon Mar 24 2014 dvaleev@suse.com
  - Refresh mozilla-ppc64le-xpcom.patch patch
* Fri Mar 21 2014 dvaleev@suse.com
  - Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system
* Sun Mar 16 2014 wr@rosenauer.org
  - update to Firefox 28.0 (bnc#868603)
    * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
      Miscellaneous memory safety hazards
    * MFSA 2014-17/CVE-2014-1497 (bmo#966311)
      Out of bounds read during WAV file decoding
    * MFSA 2014-18/CVE-2014-1498 (bmo#935618)
      crypto.generateCRMFRequest does not validate type of key
    * MFSA 2014-19/CVE-2014-1499 (bmo#961512)
      Spoofing attack on WebRTC permission prompt
    * MFSA 2014-20/CVE-2014-1500 (bmo#956524)
      onbeforeunload and Javascript navigation DOS
    * MFSA 2014-22/CVE-2014-1502 (bmo#972622)
      WebGL content injection from one domain to rendering in another
    * MFSA 2014-23/CVE-2014-1504 (bmo#911547)
      Content Security Policy for data: documents not preserved by
      session restore
    * MFSA 2014-26/CVE-2014-1508 (bmo#963198)
      Information disclosure through polygon rendering in MathML
    * MFSA 2014-27/CVE-2014-1509 (bmo#966021)
      Memory corruption in Cairo during PDF font rendering
    * MFSA 2014-28/CVE-2014-1505 (bmo#941887)
      SVG filters information disclosure through feDisplacementMap
    * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
      Privilege escalation using WebIDL-implemented APIs
    * MFSA 2014-30/CVE-2014-1512 (bmo#982957)
      Use-after-free in TypeObject
    * MFSA 2014-31/CVE-2014-1513 (bmo#982974)
      Out-of-bounds read/write through neutering ArrayBuffer objects
    * MFSA 2014-32/CVE-2014-1514 (bmo#983344)
      Out-of-bounds write through TypedArrayObject after neutering
  - requires NSPR 4.10.3 and NSS 3.15.5
  - new build dependency (and recommends):
    * libpulse
  - update of PowerPC 64 patches (bmo#976648) (pcerny@suse.com)
  - rebased patches
* Mon Feb 17 2014 wr@rosenauer.org
  - update to Firefox 27.0.1
    * Fixed stability issues with Greasemonkey and other JS that used
      ClearTimeoutOrInterval
    * JS math correctness issue (bmo#941381)
  - incorporate Google API key for geolocation (bnc#864170)
  - updated list of "other" locales in RPM requirements
* Tue Jan 28 2014 wr@rosenauer.org
  - update to Firefox 27.0 (bnc#861847)
    * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
      Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
    * MFSA 2014-02/CVE-2014-1479 (bmo#911864)
      Clone protected content with XBL scopes
    * MFSA 2014-03/CVE-2014-1480 (bmo#916726)
      UI selection timeout missing on download prompts
    * MFSA 2014-04/CVE-2014-1482 (bmo#943803)
      Incorrect use of discarded images by RasterImage
    * MFSA 2014-05/CVE-2014-1483 (bmo#950427)
      Information disclosure with *FromPoint on iframes
    * MFSA 2014-06/CVE-2014-1484 (bmo#953993)
      Profile path leaks to Android system log
    * MFSA 2014-07/CVE-2014-1485 (bmo#910139)
      XSLT stylesheets treated as styles in Content Security Policy
    * MFSA 2014-08/CVE-2014-1486 (bmo#942164)
      Use-after-free with imgRequestProxy and image proccessing
    * MFSA 2014-09/CVE-2014-1487 (bmo#947592)
      Cross-origin information leak through web workers
    * MFSA 2014-10/CVE-2014-1489 (bmo#959531)
      Firefox default start page UI content invokable by script
    * MFSA 2014-11/CVE-2014-1488 (bmo#950604)
      Crash when using web workers with asm.js
    * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
      (bmo#934545, bmo#930874, bmo#930857)
      NSS ticket handling issues
    * MFSA 2014-13/CVE-2014-1481(bmo#936056)
      Inconsistent JavaScript handling of access to Window objects
  - requires NSS 3.15.4 or higher
  - rebased/reworked patches
  - removed obsolete mozilla-bug929439.patch
* Thu Dec 12 2013 uweigand@de.ibm.com
  - Add support for powerpc64le-linux.
    * mozilla-ppc64le.patch: general support
    * mozilla-libffi-ppc64le.patch: libffi backport
    * mozilla-xpcom-ppc64le.patch: port xpcom
  - Add build fix from mainline.
    * mozilla-bug929439.patch
* Sun Dec 08 2013 wr@rosenauer.org
  - update to Firefox 26.0 (bnc#854367, bnc#854370)
    * rebased patches
    * requires NSPR 4.10.2 and NSS 3.15.3.1
    * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
      Miscellaneous memory safety hazards
    * MFSA 2013-105/CVE-2013-5611 (bmo#771294)
      Application Installation doorhanger persists on navigation
    * MFSA 2013-106/CVE-2013-5612 (bmo#871161)
      Character encoding cross-origin XSS attack
    * MFSA 2013-107/CVE-2013-5614 (bmo#886262)
      Sandbox restrictions not applied to nested object elements
    * MFSA 2013-108/CVE-2013-5616 (bmo#938341)
      Use-after-free in event listeners
    * MFSA 2013-109/CVE-2013-5618 (bmo#926361)
      Use-after-free during Table Editing
    * MFSA 2013-110/CVE-2013-5619 (bmo#917841)
      Potential overflow in JavaScript binary search algorithms
    * MFSA 2013-111/CVE-2013-6671 (bmo#930281)
      Segmentation violation when replacing ordered list elements
    * MFSA 2013-112/CVE-2013-6672 (bmo#894736)
      Linux clipboard information disclosure though selection paste
    * MFSA 2013-113/CVE-2013-6673 (bmo#970380)
      Trust settings for built-in roots ignored during EV certificate
      validation
    * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
      Use-after-free in synthetic mouse movement
    * MFSA 2013-115/CVE-2013-5615 (bmo#929261)
      GetElementIC typed array stubs can be generated outside observed
      typesets
    * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
      JPEG information leak
    * MFSA 2013-117 (bmo#946351)
      Mis-issued ANSSI/DCSSI certificate
      (fixed via NSS 3.15.3.1)
  - removed gecko.js preference file as GStreamer is enabled by
    default now
* Thu Oct 24 2013 wr@rosenauer.org
  - update to Firefox 25.0 (bnc#847708)
    * rebased patches
    * requires NSS 3.15.2 or above
    * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
      Miscellaneous memory safety hazards
    * MFSA 2013-94/CVE-2013-5593 (bmo#868327)
      Spoofing addressbar through SELECT element
    * MFSA 2013-95/CVE-2013-5604 (bmo#914017)
      Access violation with XSLT and uninitialized data
    * MFSA 2013-96/CVE-2013-5595 (bmo#916580)
      Improperly initialized memory and overflows in some JavaScript
      functions
    * MFSA 2013-97/CVE-2013-5596 (bmo#910881)
      Writing to cycle collected object during image decoding
    * MFSA 2013-98/CVE-2013-5597 (bmo#918864)
      Use-after-free when updating offline cache
    * MFSA 2013-99/CVE-2013-5598 (bmo#920515)
      Security bypass of PDF.js checks using iframes
    * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
      (bmo#915210, bmo#915576, bmo#916685)
      Miscellaneous use-after-free issues found through ASAN fuzzing
    * MFSA 2013-101/CVE-2013-5602 (bmo#897678)
      Memory corruption in workers
    * MFSA 2013-102/CVE-2013-5603 (bmo#916404)
      Use-after-free in HTML document templates
* Tue Sep 24 2013 wr@rosenauer.org
  - as GStreamer is not automatically required anymore but loaded
    dynamically if available, require it explicitely
  - recommend optional GStreamer plugins for comprehensive media
    support
* Mon Sep 16 2013 lnussel@suse.de
  - move greek to the translations-common package (bnc#840551)
* Sat Sep 14 2013 wr@rosenauer.org
  - update to Firefox 24.0 (bnc#840485)
    * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
      Miscellaneous memory safety hazards
    * MFSA 2013-77/CVE-2013-1720 (bmo#888820)
      Improper state in HTML5 Tree Builder with templates
    * MFSA 2013-78/CVE-2013-1721 (bmo#890277)
      Integer overflow in ANGLE library
    * MFSA 2013-79/CVE-2013-1722 (bmo#893308)
      Use-after-free in Animation Manager during stylesheet cloning
    * MFSA 2013-80/CVE-2013-1723 (bmo#891292)
      NativeKey continues handling key messages after widget is destroyed
    * MFSA 2013-81/CVE-2013-1724 (bmo#894137)
      Use-after-free with select element
    * MFSA 2013-82/CVE-2013-1725 (bmo#876762)
      Calling scope for new Javascript objects can lead to memory corruption
    * MFSA 2013-85/CVE-2013-1728 (bmo#883686)
      Uninitialized data in IonMonkey
    * MFSA 2013-88/CVE-2013-1730 (bmo#851353)
      Compartment mismatch re-attaching XBL-backed nodes
    * MFSA 2013-89/CVE-2013-1732 (bmo#883514)
      Buffer overflow with multi-column, lists, and floats
    * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
      Memory corruption involving scrolling
    * MFSA 2013-91/CVE-2013-1737 (bmo#907727)
      User-defined properties on DOM proxies get the wrong "this" object
    * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
      GC hazard with default compartments and frame chain restoration
  - enable gstreamer explicitely via pref (gecko.js)
  - require NSS 3.15.1
* Mon Aug 26 2013 wr@rosenauer.org
  - update to Firefox 23.0.1
    * Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls
      (bmo#901527)
* Sun Aug 04 2013 wr@rosenauer.org
  - update to Firefox 23.0 (bnc#833389)
    * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702
      Miscellaneous memory safety hazards
    * MFSA 2013-64/CVE-2013-1704 (bmo#883313)
      Use after free mutating DOM during SetBody
    * MFSA 2013-65/CVE-2013-1705 (bmo#882865)
      Buffer underflow when generating CRMF requests
    * MFSA 2013-67/CVE-2013-1708 (bmo#879924)
      Crash during WAV audio file decoding
    * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
      Document URI misrepresentation and masquerading
    * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
      CRMF requests allow for code execution and XSS attacks
    * MFSA 2013-70/CVE-2013-1711 (bmo#843829)
      Bypass of XrayWrappers using XBL Scopes
    * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
      Wrong principal used for validating URI for some Javascript
      components
    * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
      Same-origin bypass with web workers and XMLHttpRequest
    * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
      Local Java applets may read contents of local file system
  - requires NSPR 4.10 and NSS 3.15
* Wed Jul 03 2013 dmueller@suse.com
  - fix build on ARM (/-g/ matches /-grecord-switches/)
* Sat Jun 22 2013 wr@rosenauer.org
  - update to Firefox 22.0 (bnc#825935)
    * removed obsolete patches
      + mozilla-qcms-ppc.patch
      + mozilla-gstreamer-760140.patch
    * GStreamer support does not build on 12.1 anymore (build only
      on 12.2 and later)
    * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683
      Miscellaneous memory safety hazards
    * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
      Memory corruption found using Address Sanitizer
    * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
      Privileged content access and execution via XBL
    * MFSA 2013-52/CVE-2013-1688 (bmo#873966)
      Arbitrary code execution within Profiler
    * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
      Execution of unmapped memory through onreadystatechange event
    * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
      Data in the body of XHR HEAD requests leads to CSRF attacks
    * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
      SVG filters can lead to information disclosure
    * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
      PreserveWrapper has inconsistent behavior
    * MFSA 2013-57/CVE-2013-1695 (bmo#849791)
      Sandbox restrictions not applied to nested frame elements
    * MFSA 2013-58/CVE-2013-1696 (bmo#761667)
      X-Frame-Options ignored when using server push with multi-part
      responses
    * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
      XrayWrappers can be bypassed to run user defined methods in a
      privileged context
    * MFSA 2013-60/CVE-2013-1698 (bmo#876044)
      getUserMedia permission dialog incorrectly displays location
    * MFSA 2013-61/CVE-2013-1699 (bmo#840882)
      Homograph domain spoofing in .com, .net and .name
* Tue Jun 11 2013 dvaleev@suse.com
  - Fix qcms altivec include (mozilla-qcms-ppc.patch)
* Fri May 10 2013 wr@rosenauer.org
  - update to Firefox 21.0 (bnc#819204)
    * removed upstreamed patch firefox-712763.patch
    * removed disabled mozilla-disable-neon-option.patch
    * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669
      Miscellaneous memory safety hazards
    * MFSA 2013-42/CVE-2013-1670 (bmo#853709)
      Privileged access for content level constructor
    * MFSA 2013-43/CVE-2013-1671 (bmo#842255)
      File input control has access to full path
    * MFSA 2013-46/CVE-2013-1674 (bmo#860971)
      Use-after-free with video and onresize event
    * MFSA 2013-47/CVE-2013-1675 (bmo#866825)
      Uninitialized functions in DOMSVGZoomEvent
    * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/
      CVE-2013-1679/CVE-2013-1680/CVE-2013-1681
      Memory corruption found using Address Sanitizer
* Tue Apr 09 2013 wr@rosenauer.org
  - revert to use GStreamer 0.10 on 12.3 (bnc#814101)
    (remove mozilla-gstreamer-1.patch)
* Fri Apr 05 2013 schwab@linux-m68k.org
  - Explicitly disable WebRTC support on non-x86, the configure script
    disables it only half-heartedly
* Fri Mar 29 2013 wr@rosenauer.org
  - update to Firefox 20.0 (bnc#813026)
    * requires NSPR 4.9.5 and NSS 3.14.3
    * mozilla-webrtc-ppc.patch included upstream
    * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
      Miscellaneous memory safety hazards
    * MFSA 2013-31/CVE-2013-0800 (bmo#825721)
      Out-of-bounds write in Cairo library
    * MFSA 2013-35/CVE-2013-0796 (bmo#827106)
      WebGL crash with Mesa graphics driver on Linux
    * MFSA 2013-36/CVE-2013-0795 (bmo#825697)
      Bypass of SOW protections allows cloning of protected nodes
    * MFSA 2013-37/CVE-2013-0794 (bmo#626775)
      Bypass of tab-modal dialog origin disclosure
    * MFSA 2013-38/CVE-2013-0793 (bmo#803870)
      Cross-site scripting (XSS) using timed history navigations
    * MFSA 2013-39/CVE-2013-0792 (bmo#722831)
      Memory corruption while rendering grayscale PNG images
  - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch)
* Tue Mar 12 2013 dmueller@suse.com
  - build fixes for armv7hl:
    * disable debug build as armv7hl does not have enough memory
    * disable webrtc on armv7hl as it is non-compiling
* Thu Mar 07 2013 wr@rosenauer.org
  - update to Firefox 19.0.2 (bnc#808243)
    * MFSA 2013-29/CVE-2013-0787 (bmo#848644)
      Use-after-free in HTML Editor
* Thu Feb 28 2013 wr@rosenauer.org
  - update to Firefox 19.0.1
    * blocklist updates
* Sat Feb 16 2013 wr@rosenauer.org
  - update to Firefox 19.0 (bnc#804248)
    * MFSA 2013-21/CVE-2013-0783/2013-0784
      Miscellaneous memory safety hazards
    * MFSA 2013-22/CVE-2013-0772 (bmo#801366)
      Out-of-bounds read in image rendering
    * MFSA 2013-23/CVE-2013-0765 (bmo#830614)
      Wrapped WebIDL objects can be wrapped again
    * MFSA 2013-24/CVE-2013-0773 (bmo#809652)
      Web content bypass of COW and SOW security wrappers
    * MFSA 2013-25/CVE-2013-0774 (bmo#827193)
      Privacy leak in JavaScript Workers
    * MFSA 2013-26/CVE-2013-0775 (bmo#831095)
      Use-after-free in nsImageLoadingContent
    * MFSA 2013-27/CVE-2013-0776 (bmo#796475)
      Phishing on HTTPS connection through malicious proxy
    * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
      CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
      Use-after-free, out of bounds read, and buffer overflow issues
      found using Address Sanitizer
  - removed obsolete patches
    * mozilla-webrtc.patch
    * mozilla-gstreamer-803287.patch
  - added patch to fix session restore window order (bmo#712763)
* Sat Feb 02 2013 wr@rosenauer.org
  - update to Firefox 18.0.2
    * blocklist and CTP updates
    * fixes in JS engine
* Wed Jan 16 2013 wr@rosenauer.org
  - update to Firefox 18.0.1
    * blocklist updates
    * backed out bmo#677092 (removed patch)
    * fixed problems involving HTTP proxy transactions
* Sat Jan 12 2013 schwab@linux-m68k.org
  - Fix WebRTC to build on powerpc
* Sun Jan 06 2013 wr@rosenauer.org
  - update to Firefox 18.0 (bnc#796895)
    * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
      Miscellaneous memory safety hazards
    * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
      CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
      Use-after-free and buffer overflow issues found using Address Sanitizer
    * MFSA 2013-03/CVE-2013-0768 (bmo#815795)
      Buffer Overflow in Canvas
    * MFSA 2013-04/CVE-2012-0759 (bmo#802026)
      URL spoofing in addressbar during page loads
    * MFSA 2013-05/CVE-2013-0744 (bmo#814713)
      Use-after-free when displaying table with many columns and column groups
    * MFSA 2013-06/CVE-2013-0751 (bmo#790454)
      Touch events are shared across iframes
    * MFSA 2013-07/CVE-2013-0764 (bmo#804237)
      Crash due to handling of SSL on threads
    * MFSA 2013-08/CVE-2013-0745 (bmo#794158)
      AutoWrapperChanger fails to keep objects alive during garbage collection
    * MFSA 2013-09/CVE-2013-0746 (bmo#816842)
      Compartment mismatch with quickstubs returned values
    * MFSA 2013-10/CVE-2013-0747 (bmo#733305)
      Event manipulation in plugin handler to bypass same-origin policy
    * MFSA 2013-11/CVE-2013-0748 (bmo#806031)
      Address space layout leaked in XBL objects
    * MFSA 2013-12/CVE-2013-0750 (bmo#805121)
      Buffer overflow in Javascript string concatenation
    * MFSA 2013-13/CVE-2013-0752 (bmo#805024)
      Memory corruption in XBL with XML bindings containing SVG
    * MFSA 2013-14/CVE-2013-0757 (bmo#813901)
      Chrome Object Wrapper (COW) bypass through changing prototype
    * MFSA 2013-15/CVE-2013-0758 (bmo#813906)
      Privilege escalation through plugin objects
    * MFSA 2013-16/CVE-2013-0753 (bmo#814001)
      Use-after-free in serializeToStream
    * MFSA 2013-17/CVE-2013-0754 (bmo#814026)
      Use-after-free in ListenerManager
    * MFSA 2013-18/CVE-2013-0755 (bmo#814027)
      Use-after-free in Vibrate
    * MFSA 2013-19/CVE-2013-0756 (bmo#814029)
      Use-after-free in Javascript Proxy objects
  - requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)
  - removed obsolete SLE11 patches (mozilla-gcc43*)
  - reenable WebRTC
  - added mozilla-libproxy-compat.patch for libproxy API compat
    on openSUSE 11.2 and earlier
  - backed out restartless language packs as it broke multi-locale
    setup (bmo#677092, bmo#818468)
* Thu Nov 29 2012 wr@rosenauer.org
  - update to Firefox 17.0.1
    * revert some useragent changes introduced in 17.0
    * leaving private browsing with social enabled doesn't reset all
      social components (bmo#815042)
  - fix KDE integration for file dialogs
* Tue Nov 20 2012 wr@rosenauer.org
  - update to Firefox 17.0 (bnc#790140)
    * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
      Miscellaneous memory safety hazards
    * MFSA 2012-92/CVE-2012-4202 (bmo#758200)
      Buffer overflow while rendering GIF images
    * MFSA 2012-93/CVE-2012-4201 (bmo#747607)
      evalInSanbox location context incorrectly applied
    * MFSA 2012-94/CVE-2012-5836 (bmo#792857)
      Crash when combining SVG text on path with CSS
    * MFSA 2012-95/CVE-2012-4203 (bmo#765628)
      Javascript: URLs run in privileged context on New Tab page
    * MFSA 2012-96/CVE-2012-4204 (bmo#778603)
      Memory corruption in str_unescape
    * MFSA 2012-97/CVE-2012-4205 (bmo#779821)
      XMLHttpRequest inherits incorrect principal within sandbox
    * MFSA 2012-99/CVE-2012-4208 (bmo#798264)
      XrayWrappers exposes chrome-only properties when not in chrome
      compartment
    * MFSA 2012-100/CVE-2012-5841 (bmo#805807)
      Improper security filtering for cross-origin wrappers
    * MFSA 2012-101/CVE-2012-4207 (bmo#801681)
      Improper character decoding in HZ-GB-2312 charset
    * MFSA 2012-102/CVE-2012-5837 (bmo#800363)
      Script entered into Developer Toolbar runs with chrome privileges
    * MFSA 2012-103/CVE-2012-4209 (bmo#792405)
      Frames can shadow top.location
    * MFSA 2012-104/CVE-2012-4210 (bmo#796866)
      CSS and HTML injection through Style Inspector
    * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
      CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
      CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
      Use-after-free and buffer overflow issues found using Address
      Sanitizer
    * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
      Use-after-free, buffer overflow, and memory corruption issues
      found using Address Sanitizer
  - rebased patches
  - disabled WebRTC since build is broken (bmo#776877)
* Tue Nov 20 2012 pcerny@suse.com
  - build on SLE11
    * mozilla-gcc43-enums.patch
    * mozilla-gcc43-template_hacks.patch
    * mozilla-gcc43-templates_instantiation.patch
* Wed Oct 24 2012 wr@rosenauer.org
  - update to Firefox 16.0.2 (bnc#786522)
    * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196
      (bmo#800666, bmo#793121, bmo#802557)
      Fixes for Location object issues
  - bring back Obsoletes for libproxy's mozjs plugin for distributions
    before 12.2 to avoid crashes
* Thu Oct 11 2012 wr@rosenauer.org
  - update to Firefox 16.0.1 (bnc#783533)
    * MFSA 2012-88/CVE-2012-4191 (bmo#798045)
      Miscellaneous memory safety hazards
    * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
      defaultValue security checks not applied
* Sun Oct 07 2012 wr@rosenauer.org
  - update to Firefox 16.0 (bnc#783533)
    * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
      Miscellaneous memory safety hazards
    * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
      select element persistance allows for attacks
    * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
      Continued access to initial origin after setting document.domain
    * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
      Some DOMWindowUtils methods bypass security checks
    * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
      DOS and crash with full screen and history navigation
    * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
      Crash with invalid cast when using instanceof operator
    * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
      GetProperty function can bypass security checks
    * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
      top object and location property accessible by plugins
    * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
      Chrome Object Wrapper (COW) does not disallow acces to privileged
      functions or properties
    * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
      Spoofing and script injection through location.hash
    * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
      CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
      Use-after-free, buffer overflow, and out of bounds read issues
      found using Address Sanitizer
    * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
      CVE-2012-4188
      Heap memory corruption issues found using Address Sanitizer
    * MFSA 2012-87/CVE-2012-3990 (bmo#787704)
      Use-after-free in the IME State Manager
  - requires NSPR 4.9.2
  - improve GStreamer integration (bmo#760140)
  - removed upstreamed mozilla-crashreporter-restart-args.patch
  - webapprt now included
  - use kmozillahelper's new REVEAL command (bnc#777415)
    (requires mozilla-kde4-integration >= 0.6.4)
  - updated translations-other with new languages
* Mon Sep 10 2012 wr@rosenauer.org
  - update to Firefox 15.0.1 (bnc#779936)
    * Sites visited while in Private Browsing mode could be found
      through manual browser cache inspection (bmo#787743)
* Sun Aug 26 2012 wr@rosenauer.org
  - update to Firefox 15.0 (bnc#777588)
    * MFSA 2012-57/CVE-2012-1970
      Miscellaneous memory safety hazards
    * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
      CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
      CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
      Use-after-free issues found using Address Sanitizer
    * MFSA 2012-59/CVE-2012-1956 (bmo#756719)
      Location object can be shadowed using Object.defineProperty
    * MFSA 2012-60/CVE-2012-3965 (bmo#769108)
      Escalation of privilege through about:newtab
    * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
      Memory corruption with bitmap format images with negative height
    * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
      WebGL use-after-free and memory corruption
    * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
      SVG buffer overflow and use-after-free issues
    * MFSA 2012-64/CVE-2012-3971
      Graphite 2 memory corruption
    * MFSA 2012-65/CVE-2012-3972 (bmo#746855)
      Out-of-bounds read in format-number in XSLT
    * MFSA 2012-66/CVE-2012-3973 (bmo#757128)
      HTTPMonitor extension allows for remote debugging without explicit
      activation
    * MFSA 2012-68/CVE-2012-3975 (bmo#770684)
      DOMParser loads linked resources in extensions when parsing
      text/html
    * MFSA 2012-69/CVE-2012-3976 (bmo#768568)
      Incorrect site SSL certificate data display
    * MFSA 2012-70/CVE-2012-3978 (bmo#770429)
      Location object security checks bypassed by chrome code
    * MFSA 2012-72/CVE-2012-3980 (bmo#771859)
      Web console eval capable of executing chrome-privileged code
  - fix HTML5 video crash with GStreamer enabled (bmo#761030)
  - GStreamer is only used for MP4 (no WebM, OGG)
  - updated filelist
  - moved browser specific preferences to correct location
* Sun Jul 29 2012 aj@suse.de
  - Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16)
* Sat Jul 14 2012 wr@rosenauer.org
  - update to 14.0.1 (bnc#771583)
    * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
      Miscellaneous memory safety hazards
    * MFSA 2012-43/CVE-2012-1950
      Incorrect URL displayed in addressbar through drag and drop
    * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
      Gecko memory corruption
    * MFSA 2012-45/CVE-2012-1955 (bmo#757376)
      Spoofing issue with location
    * MFSA 2012-46/CVE-2012-1966 (bmo#734076)
      XSS through data: URLs
    * MFSA 2012-47/CVE-2012-1957 (bmo#750096)
      Improper filtering of javascript in HTML feed-view
    * MFSA 2012-48/CVE-2012-1958 (bmo#750820)
      use-after-free in nsGlobalWindow::PageHidden
    * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
      Same-compartment Security Wrappers can be bypassed
    * MFSA 2012-50/CVE-2012-1960 (bmo#761014)
      Out of bounds read in QCMS
    * MFSA 2012-51/CVE-2012-1961 (bmo#761655)
      X-Frame-Options header ignored when duplicated
    * MFSA 2012-52/CVE-2012-1962 (bmo#764296)
      JSDependentString::undepend string conversion results in memory
      corruption
    * MFSA 2012-53/CVE-2012-1963 (bmo#767778)
      Content Security Policy 1.0 implementation errors cause data
      leakage
    * MFSA 2012-55/CVE-2012-1965 (bmo#758990)
      feed: URLs with an innerURI inherit security context of page
    * MFSA 2012-56/CVE-2012-1967 (bmo#758344)
      Code execution through javascript: URLs
  - license change from tri license to MPL-2.0
  - fix crashreporter restart option (bmo#762780)
  - require NSS 3.13.5
  - remove mozjs pacrunner obsoletes again for now
  - adopted mozilla-prefer_plugin_pref.patch
  - PPC fixes:
    * reenabled mozilla-yarr-pcre.patch to fix build for PPC
    * add patches for bmo#750620 and bmo#746112
    * fix xpcshell segfault on ppc
* Fri Jun 15 2012 wr@rosenauer.org
  - update to Firefox 13.0.1
    * bugfix release
  - obsolete libproxy's mozjs pacrunner (bnc#759123)
* Sat Jun 02 2012 wr@rosenauer.org
  - update to Firefox 13.0 (bnc#765204)
    * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
      Miscellaneous memory safety hazards
    * MFSA 2012-36/CVE-2012-1944 (bmo#751422)
      Content Security Policy inline-script bypass
    * MFSA 2012-37/CVE-2012-1945 (bmo#670514)
      Information disclosure though Windows file shares and shortcut
      files
    * MFSA 2012-38/CVE-2012-1946 (bmo#750109)
      Use-after-free while replacing/inserting a node in a document
    * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
      Buffer overflow and use-after-free issues found using Address
      Sanitizer
  - require NSS 3.13.4
    * MFSA 2012-39/CVE-2012-0441 (bmo#715073)
  - fix sound notifications when filename/path contains a whitespace
    (bmo#749739)
* Wed May 23 2012 adrian@suse.de
  - fix build on arm
* Wed May 16 2012 wr@rosenauer.org
  - reenabled crashreporter for Factory/12.2
    (fix in mozilla-gcc47.patch)
* Sat Apr 21 2012 wr@rosenauer.org
  - update to Firefox 12.0 (bnc#758408)
    * rebased patches
    * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
      Miscellaneous memory safety hazards
    * MFSA 2012-22/CVE-2012-0469 (bmo#738985)
      use-after-free in IDBKeyRange
    * MFSA 2012-23/CVE-2012-0470 (bmo#734288)
      Invalid frees causes heap corruption in gfxImageSurface
    * MFSA 2012-24/CVE-2012-0471 (bmo#715319)
      Potential XSS via multibyte content processing errors
    * MFSA 2012-25/CVE-2012-0472 (bmo#744480)
      Potential memory corruption during font rendering using cairo-dwrite
    * MFSA 2012-26/CVE-2012-0473 (bmo#743475)
      WebGL.drawElements may read illegal video memory due to
      FindMaxUshortElement error
    * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
      Page load short-circuit can lead to XSS
    * MFSA 2012-28/CVE-2012-0475 (bmo#694576)
      Ambiguous IPv6 in Origin headers may bypass webserver access
      restrictions
    * MFSA 2012-29/CVE-2012-0477 (bmo#718573)
      Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
    * MFSA 2012-30/CVE-2012-0478 (bmo#727547)
      Crash with WebGL content using textImage2D
    * MFSA 2012-31/CVE-2011-3062 (bmo#739925)
      Off-by-one error in OpenType Sanitizer
    * MFSA 2012-32/CVE-2011-1187 (bmo#624621)
      HTTP Redirections and remote content can be read by javascript errors
    * MFSA 2012-33/CVE-2012-0479 (bmo#714631)
      Potential site identity spoofing when loading RSS and Atom feeds
  - added mozilla-libnotify.patch to allow fallback from libnotify
    to xul based events if no notification-daemon is running
  - gcc 4.7 fixes
    * mozilla-gcc47.patch
    * disabled crashreporter temporarily for Factory
  - recommend libcanberra0 for proper sound notifications
* Fri Mar 09 2012 wr@rosenauer.org
  - update to Firefox 11.0 (bnc#750044)
    * MFSA 2012-13/CVE-2012-0455 (bmo#704354)
      XSS with Drag and Drop and Javascript: URL
    * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
      SVG issues found with Address Sanitizer
    * MFSA 2012-15/CVE-2012-0451 (bmo#717511)
      XSS with multiple Content Security Policy headers
    * MFSA 2012-16/CVE-2012-0458
      Escalation of privilege with Javascript: URL as home page
    * MFSA 2012-17/CVE-2012-0459 (bmo#723446)
      Crash when accessing keyframe cssText after dynamic modification
    * MFSA 2012-18/CVE-2012-0460 (bmo#727303)
      window.fullScreen writeable by untrusted content
    * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
      CVE-2012-0463
      Miscellaneous memory safety hazards
  - ported and reenabled KDE integration (bnc#746591)
  - explicitely build-require X libs
* Mon Mar 05 2012 vdziewiecki@suse.com
  - add Provides: browser(npapi) FATE#313084
* Fri Feb 17 2012 pcerny@suse.com
  - better plugin directory resolution (bnc#747320)
* Thu Feb 16 2012 wr@rosenauer.org
  - update to Firefox 10.0.2 (bnc#747328)
    * CVE-2011-3026 (bmo#727401)
      libpng: integer overflow leading to heap-buffer overflow
* Thu Feb 09 2012 wr@rosenauer.org
  - update to Firefox 10.0.1 (bnc#746616)
    * MFSA 2012-10/CVE-2012-0452 (bmo#724284)
      use after free in nsXBLDocumentInfo::ReadPrototypeBindings
* Tue Feb 07 2012 dvaleev@suse.com
  - Use YARR interpreter instead of PCRE on platforms where YARR JIT
    is not supported, since PCRE doesnt build (bmo#691898)
  - fix ppc64 build (bmo#703534)
* Mon Jan 30 2012 wr@rosenauer.org
  - update to Firefox 10.0 (bnc#744275)
    * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
      Miscellaneous memory safety hazards
    * MFSA 2012-03/CVE-2012-0445 (bmo#701071)
      <iframe> element exposed across domains via name attribute
    * MFSA 2012-04/CVE-2011-3659 (bmo#708198)
      Child nodes from nsDOMAttribute still accessible after removal
      of nodes
    * MFSA 2012-05/CVE-2012-0446 (bmo#705651)
      Frame scripts calling into untrusted objects bypass security
      checks
    * MFSA 2012-06/CVE-2012-0447 (bmo#710079)
      Uninitialized memory appended when encoding icon images may
      cause information disclosure
    * MFSA 2012-07/CVE-2012-0444 (bmo#719612)
      Potential Memory Corruption When Decoding Ogg Vorbis files
    * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
      Crash with malformed embedded XSLT stylesheets
  - KDE integration has been disabled since it needs refactoring
  - removed obsolete ppc64 patch
* Sun Jan 22 2012 joop.boonen@opensuse.org
  - Disable neon for arm as it doesn't build correctly
* Fri Dec 23 2011 wr@rosenauer.org
  - update to Firefox 9.0.1
    * (strongparent) parentNode of element gets lost (bmo#335998)
* Sun Dec 18 2011 adrian@suse.de
  - fix arm build, don't package crashreporter there
* Sun Dec 18 2011 wr@rosenauer.org
  - update to Firefox 9 (bnc#737533)
    * MFSA 2011-53/CVE-2011-3660
      Miscellaneous memory safety hazards (rv:9.0)
    * MFSA 2011-54/CVE-2011-3661 (bmo#691299)
      Potentially exploitable crash in the YARR regular expression
      library
    * MFSA 2011-55/CVE-2011-3658 (bmo#708186)
      nsSVGValue out-of-bounds access
    * MFSA 2011-56/CVE-2011-3663 (bmo#704482)
      Key detection without JavaScript via SVG animation
    * MFSA 2011-58/VE-2011-3665 (bmo#701259)
      Crash scaling <video> to extreme sizes
* Sun Nov 27 2011 mgorse@suse.com
  - Fix accessibility under GNOME 3 (bnc#732898)
* Sat Nov 12 2011 dvaleev@suse.com
  - fix ppc64 build
* Sun Nov 06 2011 wr@rosenauer.org
  - update to Firefox 8 (bnc#728520)
    * MFSA 2011-47/CVE-2011-3648 (bmo#690225)
      Potential XSS against sites using Shift-JIS
    * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
      Miscellaneous memory safety hazards
    * MFSA 2011-49/CVE-2011-3650 (bmo#674776)
      Memory corruption while profiling using Firebug
    * MFSA 2011-52/CVE-2011-3655 (bmo#672182)
      Code execution via NoWaiverWrapper
  - rebased patches
* Thu Oct 20 2011 wr@rosenauer.org
  - enable telemetry prompt
* Fri Sep 30 2011 wr@rosenauer.org
  - update to minor release 7.0.1
    * fixed staged addon updates
  - set intl.locale.matchOS=true in the base package as it causes
    too much confusion when it's only available with branding-openSUSE
* Fri Sep 23 2011 wr@rosenauer.org
  - update to Firefox 7 (bnc#720264)
    including
    * Improve Responsiveness with Memory Reductions
    * Instant Sync
    * WebSocket protocol 8
    * MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997
      Miscellaneous memory safety hazards
    * MFSA 2011-39/CVE-2011-3000 (bmo#655389)
      Defense against multiple Location headers due to CRLF Injection
    * MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
      Code installation through holding down Enter
    * MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335)
      Potentially exploitable WebGL crashes
    * MFSA 2011-42/CVE-2011-3232 (bmo#653672)
      Potentially exploitable crash in the YARR regular expression
      library
    * MFSA 2011-43/CVE-2011-3004 (bmo#653926)
      loadSubScript unwraps XPCNativeWrapper scope parameter
    * MFSA 2011-44/CVE-2011-3005 (bmo#675747)
      Use after free reading OGG headers
    * MFSA 2011-45
      Inferring keystrokes from motion data
  - removed obsolete mozilla-cairo-lcd.patch
  - rebased patches
  - removed XLIB_SKIP_ARGB_VISUALS=1 from environment in
    mozilla.sh.in (bnc#680758)
* Fri Sep 16 2011 wr@rosenauer.org
  - fixed loading of kde.js under KDE (bnc#718311)
* Wed Sep 14 2011 wr@rosenauer.org
  - add dbus-1-glib-devel to BuildRequires (not pulled in
    automatically anymore on 12.1)
  - increase minversions for NSPR and NSS
* Fri Sep 09 2011 wr@rosenauer.org
  - recreated source archive to get correct source-stamp.txt
* Wed Sep 07 2011 pcerny@suse.com
  - security update to 6.0.2 (bnc#714931)
    * Complete blocking of certificates issued by DigiNotar
      (bmo#683449)
* Fri Sep 02 2011 pcerny@suse.com
  - security update to 6.0.1 (bnc#714931)
    * MFSA 2011-34
      Protection against fraudulent DigiNotar certificates
      (bmo#682927)
* Fri Aug 12 2011 wr@rosenauer.org
  - update to 6.0 (bnc#712224)
    included security fixes MFSA 2011-29
    * CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985
      Miscellaneous memory safety hazards
    * CVE-2011-2993 (bmo#657267)
      Unsigned scripts can call script inside signed JAR
    * CVE-2011-2988 (bmo#665934)
      Heap overflow in ANGLE library
    * CVE-2011-0084 (bmo#648094)
      Crash in SVGTextElement.getCharNumAtPosition()
    * CVE-2011-2990
      Credential leakage using Content Security Policy reports
    * CVE-2011-2986 (bmo#655836)
      Cross-origin data theft using canvas and Windows D2D
  - removed obsolete curl header dependency (mozilla-curl.patch)
* Fri Jul 22 2011 wr@rosenauer.org
  - update to 6.0b3
    * removed obsolete patches
    - firefox-shellservice.patch
    - mozilla-gio.patch
    - mozilla-ppc-ipc.patch
    - firefox-linkorder.patch
    - firefox-no-sync-l10n.patch
  - recognize linux3 as platform for symbolstore.py
* Fri Jul 01 2011 vuntz@opensuse.org
  - Add x-scheme-handler/ftp to the MimeType key in the .desktop, to
    let desktops know that Firefox can deal with ftp: URIs.
* Fri Jul 01 2011 wr@rosenauer.org
  - create upstream branding package again (supposedly empty)
    (bnc#703401)
  - fix build on SLE11 (changes do not affect/are not applied for
    later versions)
* Wed Jun 22 2011 wr@rosenauer.org
  - enable startup notification (bnc#701465)
* Mon Jun 20 2011 wr@rosenauer.org
  - update to 5.0 final
  - included fixes for security issues: (bnc#701296, bnc#700578)
    * MFSA 2011-19/CVE-2011-2374 CVE-2011-2375
      Miscellaneous memory safety hazards
    * MFSA 2011-20/CVE-2011-2373 (bmo#617247)
      Use-after-free vulnerability when viewing XUL document with
      script disabled
    * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
      Memory corruption due to multipart/x-mixed-replace images
    * MFSA 2011-22/CVE-2011-2371 (bmo#664009)
      Integer overflow and arbitrary code execution in
      Array.reduceRight()
    * MFSA 2011-25/CVE-2011-2366
      Stealing of cross-domain images using WebGL textures
    * MFSA 2011-26/CVE-2011-2367 CVE-2011-2368
      Multiple WebGL crashes
    * MFSA 2011-27/CVE-2011-2369 (bmo#650001)
      XSS encoding hazard with inline SVG
    * MFSA 2011-28/CVE-2011-2370 (bmo#645699)
      Non-whitelisted site can trigger xpinstall
* Mon Jun 20 2011 wr@rosenauer.org
  - update to 5.0b7
    * updated supported locales
  - do not build dump_syms static (not needed for us)
    - > fix build for openSUSE 12.1 and above
* Wed Jun 15 2011 wr@rosenauer.org
  - update to 5.0b6
  - include proper revision information into the build
  - speedier find-external-requires.sh
* Tue May 31 2011 wr@rosenauer.org
  - update to 5.0b3
  - transformed to standalone Firefox (not xulrunner based)
    (with new Firefox rapid release cycle it makes no sense anymore)
    * imported all relevant xulrunner patches
  - do not compile in build timestamp
* Fri Apr 15 2011 wr@rosenauer.org
  - security update to 4.0.1 (bnc#689281)
    * MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0079
      CVE-2011-0080 CVE-2011-0081
      Miscellaneous memory safety hazards
    * MFSA 2011-17/CVE-2011-0068 (bmo#623791)
      WebGLES vulnerabilities
    * MFSA 2011-18/CVE-2011-1202 (bmo#640339)
      XSLT generate-id() function heap address leak
* Wed Mar 30 2011 wr@rosenauer.org
  - add all available icon sizes
* Tue Mar 29 2011 cfarrell@novell.com
  - license update: MPLv1.1 or GPLv2+ or LGPLv2+
    Sync licenses with Fedora. MPL does not state ^or later^
* Fri Mar 18 2011 wr@rosenauer.org
  - update to version 4.0rc2
  - fixed rpm macros delivered with devel package (bnc#679950)
* Wed Feb 23 2011 wr@rosenauer.org
  - update to version 4.0b12
  - rebased patches
* Fri Feb 04 2011 wr@rosenauer.org
  - update to version 4.0b11
    * loads of bugfixes compared to last beta
    * added "Do Not Track" option
  - rebased patches
  - disable testpilot
* Fri Jan 28 2011 wr@rosenauer.org
  - set correct desktop file name within KDE for 11.4 and up
  - add devel package with macros for extensions (from lnussel@suse.de)
* Sat Jan 22 2011 wr@rosenauer.org
  - update to version 4.0b10
  - removed obsolete firefox-shell-bmo624267.patch
  - testpilot moved to distribution/extensions
  - updated locale provides and removed bn-IN from locales
* Tue Jan 11 2011 wr@rosenauer.org
  - update to version 4.0b9
  - added x-scheme-handler for http and https to desktop file for
    newer Gnome environments
  - fixed default browser check/set for GIO (bmo#611953)
    (mozilla-shellservice.patch)
  - removed obsolete firefox-appname.patch (integrated into
    shellservice patch)
  - renamed desktop file to firefox.desktop for 11.4 and newer
    (bnc#664211)
  - removed support for 10.3 and older from the spec file
  - removed obsolete "Ximian" categories from desktop file
* Mon Jan 03 2011 meissner@suse.de
  - Mirror ac_add_options --disable-ipc from xulrunner for PowerPC.
* Wed Dec 15 2010 wr@rosenauer.org
  - update to version 4.0beta8
* Tue Nov 30 2010 wr@rosenauer.org
  - major update to version 4.0beta7
    * based on mozilla-xulrunner20
    * far too many internal changes to list
* Wed Oct 27 2010 wr@rosenauer.org
  - security update to 3.6.12 (bnc#649492)
    * MFSA 2010-73/CVE-2010-3765 (bmo#607222)
      Heap buffer overflow mixing document.write and DOM insertion
* Wed Oct 06 2010 wr@rosenauer.org
  - security update to 3.6.11 (bnc#645315)
    * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
      Miscellaneous memory safety hazards
    * MFSA 2010-65/CVE-2010-3179 (bmo#583077)
      Buffer overflow and memory corruption using document.write
    * MFSA 2010-66/CVE-2010-3180 (bmo#588929)
      Use-after-free error in nsBarProp
    * MFSA 2010-67/CVE-2010-3183 (bmo#598669)
      Dangling pointer vulnerability in LookupGetterOrSetter
    * MFSA 2010-68/CVE-2010-3177 (bmo#556734)
      XSS in gopher parser when parsing hrefs
    * MFSA 2010-69/CVE-2010-3178 (bmo#576616)
      Cross-site information disclosure via modal calls
    * MFSA 2010-70/CVE-2010-3170 (bmo#578697)
      SSL wildcard certificate matching IP addresses
    * MFSA 2010-71/CVE-2010-3182 (bmo#590753)
      Unsafe library loading vulnerabilities
    * MFSA 2010-72/CVE-2010-3173
      Insecure Diffie-Hellman key exchange
* Wed Sep 15 2010 wr@rosenauer.org
  - update to 3.6.10
    * fixing startup topcrash (bmo#594699)
* Thu Aug 26 2010 wr@rosenauer.org
  - security update to 3.6.9 (bnc#637303)
    * MFSA 2010-49/CVE-2010-3169
      Miscellaneous memory safety hazards
    * MFSA 2010-50/CVE-2010-2765 (bmo#576447)
      Frameset integer overflow vulnerability
    * MFSA 2010-51/CVE-2010-2767 (bmo#584512)
      Dangling pointer vulnerability using DOM plugin array
    * MFSA 2010-53/CVE-2010-3166 (bmo#579655)
      Heap buffer overflow in nsTextFrameUtils::TransformText
    * MFSA 2010-54/CVE-2010-2760 (bmo#585815)
      Dangling pointer vulnerability in nsTreeSelection
    * MFSA 2010-55/CVE-2010-3168 (bmo#576075)
      XUL tree removal crash and remote code execution
    * MFSA 2010-56/CVE-2010-3167 (bmo#576070)
      Dangling pointer vulnerability in nsTreeContentView
    * MFSA 2010-57/CVE-2010-2766 (bmo#580445)
      Crash and remote code execution in normalizeDocument
    * MFSA 2010-59/CVE-2010-2762 (bmo#584180)
      SJOW creates scope chains ending in outer object
    * MFSA 2010-61/CVE-2010-2768 (bmo#579744)
      UTF-7 XSS by overriding document charset using <object> type
      attribute
    * MFSA 2010-62/CVE-2010-2769 (bmo#520189)
      Copy-and-paste or drag-and-drop into designMode document allows
      XSS
    * MFSA 2010-63/CVE-2010-2764 (bmo#552090)
      Information leak via XMLHttpRequest statusText
* Wed Jul 28 2010 meissner@suse.de
  - disable crash reporter for non x86/x86_64 to make it build.
* Sat Jul 24 2010 wr@rosenauer.org
  - security update to 3.6.8 (bnc#622506)
    * MFSA 2010-48/CVE-2010-2755 (bmo#575836)
      Dangling pointer crash regression from plugin parameter array
      fix
* Fri Jul 16 2010 wr@rosenauer.org
  - security update to 3.6.7 (bnc#622506)
    * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
      Miscellaneous memory safety hazards
    * MFSA 2010-35/CVE-2010-1208 (bmo#572986)
      DOM attribute cloning remote code execution vulnerability
    * MFSA 2010-36/CVE-2010-1209 (bmo#552110)
      Use-after-free error in NodeIterator
    * MFSA 2010-37/CVE-2010-1214 (bmo#572985)
      Plugin parameter EnsureCachedAttrParamArrays remote code
      execution vulnerability
    * MFSA 2010-38/CVE-2010-1215 (bmo#567069)
      Arbitrary code execution using SJOW and fast native function
    * MFSA 2010-39/CVE-2010-2752 (bmo#574059)
      nsCSSValue::Array index integer overflow
    * MFSA 2010-40/CVE-2010-2753 (bmo#571106)
      nsTreeSelection dangling pointer remote code execution
      vulnerability
    * MFSA 2010-41/CVE-2010-1205 (bmo#570451)
      Remote code execution using malformed PNG image
    * MFSA 2010-42/CVE-2010-1213 (bmo#568148)
      Cross-origin data disclosure via Web Workers and importScripts
    * MFSA 2010-43/CVE-2010-1207 (bmo#571287)
      Same-origin bypass using canvas context
    * MFSA 2010-44/CVE-2010-1210 (bmo#564679)
      Characters mapped to U+FFFD in 8 bit encodings cause subsequent
      character to vanish
    * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
      Multiple location bar spoofing vulnerabilities
    * MFSA 2010-46/CVE-2010-0654 (bmo#524223)
      Cross-domain data theft using CSS
    * MFSA 2010-47/CVE-2010-2754 (bmo#568564)
      Cross-origin data leakage from script filename in error messages
* Sun Jun 27 2010 wr@rosenauer.org
  - update to 3.6.6 release
    * modifies the crash protection feature to increase the amount
      of time that plugins are allowed to be non-responsive before
      being terminated.
* Wed Jun 23 2010 wr@rosenauer.org
  - update to final 3.6.4 release (bnc#603356)
    * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
      CVE-2010-1203
      Crashes with evidence of memory corruption (rv:1.9.2.4)
    * MFSA 2010-28/CVE-2010-1198 (bmo#532246)
      Freed object reuse across plugin instances
    * MFSA 2010-29/CVE-2010-1196 (bmo#534666)
      Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
    * MFSA 2010-30/CVE-2010-1199 (bmo#554255)
      Integer Overflow in XSLT Node Sorting
    * MFSA 2010-31/CVE-2010-1125 (bmo#552255)
      focus() behavior can be used to inject or steal keystrokes
    * MFSA 2010-32/CVE-2010-1197 (bmo#537120)
      Content-Disposition: attachment ignored if
      Content-Type: multipart also present
    * MFSA 2010-33/CVE-2008-5913 (bmo#475585)
      User tracking across sites using Math.random()
* Mon Jun 07 2010 wr@rosenauer.org
  - update to 3.6.4(build6)
* Sun Apr 18 2010 wr@rosenauer.org
  - security update to 3.6.4 (Lorentz)
    * enable crashreporter also for x86-64
    * Flash runs in a separate process to avoid crashing Firefox
      (ix86 only; x86-64 still uses nspluginwrapper)
* Thu Apr 01 2010 wr@rosenauer.org
  - security update to 3.6.3
    * MFSA 2010-25/CVE-2010-1121 (bmo#555109)
      Re-use of freed object due to scope confusion
* Thu Mar 18 2010 wr@rosenauer.org
  - security update to version 3.6.2 (bnc#586567)
    * MFSA 2010-08/CVE-2010-1028
      WOFF heap corruption due to integer overflow
    * MFSA 2010-09/CVE-2010-0164 (bmo#547143)
      Deleted frame reuse in multipart/x-mixed-replace image
    * MFSA 2010-10/CVE-2010-0170 (bmo#541530)
      XSS via plugins and unprotected Location object
    * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167
      Crashes with evidence of memory corruption
    * MFSA 2010-12/CVE-2010-0171 (bmo#531364)
      XSS using addEventListener and setTimeout on a wrapped object
    * MFSA 2010-13/CVE-2010-0168 (bmo#540642)
      Content policy bypass with image preloading
    * MFSA 2010-14/CVE-2010-0169 (bmo#535806)
      Browser chrome defacement via cached XUL stylesheets
    * MFSA 2010-15/CVE-2010-0172 (bmo#537862)
      Asynchronous Auth Prompt attaches to wrong window
    * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
      Crashes with evidence of memory corruption
    * MFSA 2010-18/CVE-2010-0176 (bmo#538308)
      Dangling pointer vulnerability in nsTreeContentView
    * MFSA 2010-19/CVE-2010-0177 (bmo#538310)
      Dangling pointer vulnerability in nsPluginArray
    * MFSA 2010-20/CVE-2010-0178 (bmo#546909)
      Chrome privilege escalation via forced URL drag and drop
    * MFSA 2010-22/CVE-2009-3555 (bmo#545755)
      Update NSS to support TLS renegotiation indication
    * MFSA 2010-23/CVE-2010-0181 (bmo#452093)
      Image src redirect to mailto: URL opens email editor
    * MFSA 2010-24/CVE-2010-0182 (bmo#490790)
      XMLDocument::load() doesn't check nsIContentPolicy
* Mon Jan 18 2010 wr@rosenauer.org
  - update to 3.6rc2 (already named 3.6.0)
  - removed obsolete orbit-devel build requirement
* Wed Jan 06 2010 wr@rosenauer.org
  - major update to 3.6rc1
* Fri Dec 25 2009 wr@rosenauer.org
  - update to version 3.5.7 (bnc#568011)
    * DNS resolution in MakeSN of nsAuthSSPI causing issues for
      proxy servers that support NTLM auth (bmo#535193)
  - added missing lockdown preferences (bnc#567131)
* Thu Dec 17 2009 wr@rosenauer.org
  - readded firefox-ui-lockdown.patch (bnc#546158)
* Thu Dec 03 2009 wr@rosenauer.org
  - security update to version 3.5.6 (bnc#559807)
    * MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
      Crashes with evidence of memory corruption (rv:1.9.1.6)
    * MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
      Memory safety fixes in liboggplay media library
    * MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
      Integer overflow, crash in libtheora video library
    * MFSA 2009-68/CVE-2009-3983 (bmo#487872)
      NTLM reflection vulnerability
    * MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
      Location bar spoofing vulnerabilities
    * MFSA 2009-70/VE-2009-3986 (bmo#522430)
      Privilege escalation via chrome window.opener
  - fixed firefox-browser-css.patch (bnc#561027)
* Mon Nov 23 2009 wr@rosenauer.org
  - rebased patches for fuzz=0
* Thu Nov 05 2009 wr@rosenauer.org
  - update to version 3.5.5 (bnc#553172)
* Sat Oct 17 2009 wr@rosenauer.org
  - security update to version 3.5.4 (bnc#545277)
    * MFSA 2009-52/CVE-2009-3370 (bmo#511615)
      Form history vulnerable to stealing
    * MFSA 2009-53/CVE-2009-3274 (bmo#514823)
      Local downloaded file tampering
    * MFSA 2009-54/CVE-2009-3371 (bmo#514554)
      Crash with recursive web-worker calls
    * MFSA 2009-55/CVE-2009-3372 (bmo#500644)
      Crash in proxy auto-configuration regexp parsing
    * MFSA 2009-56/CVE-2009-3373 (bmo#511689)
      Heap buffer overflow in GIF color map parser
    * MFSA 2009-57/CVE-2009-3374 (bmo#505988)
      Chrome privilege escalation in XPCVariant::VariantDataToJS()
    * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862)
      Heap buffer overflow in string to number conversion
    * MFSA 2009-61/CVE-2009-3375 (bmo#503226)
      Cross-origin data theft through document.getSelection()
    * MFSA 2009-62/CVE-2009-3376 (bmo#511521)
      Download filename spoofing with RTL override
    * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378
      Upgrade media libraries to fix memory safety bugs
    * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383
      Crashes with evidence of memory corruption
  - removed upstreamed patch
    * firefox-bug506901.patch
* Wed Oct 07 2009 llunak@novell.com
  - fix KDE button order in one more place (bnc#170055)
* Fri Oct 02 2009 wr@rosenauer.org
  - improve UI colors to be usable with dark themes at all
    (firefox-browser-css.patch) (bnc#503351)
  - extend list of supported architectures as ABI identifier
    (mozilla-abi.patch) (bnc#543460)
* Sun Sep 13 2009 wr@rosenauer.org
  - added KDE integration patch from llunak@novell.com
    (firefox-kde.patch)
    * support for knotify, making -kde4-addon obsolete
    * KDE-specific support functional (bnc#170055)
  - do not build libnkgnomevfs (bmo#512671) (firefox-no-gnomevfs)
* Thu Sep 10 2009 wr@rosenauer.org
  - security update to version 3.5.3 (bnc#534458)
    * MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/
      CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075
      Crashes with evidence of memory corruption
    * MFSA 2009-49/CVE-2009-3077 (bmo#506871)
      TreeColumns dangling pointer vulnerability
    * MFSA 2009-50/CVE-2009-3078 (bmo#453827)
      Location bar spoofing via tall line-height Unicode characters
    * MFSA 2009-51/CVE-2009-3079 (bmo#454363)
      Chrome privilege escalation with FeedWriter
* Wed Aug 19 2009 wr@rosenauer.org
  - renamed patch firefox-contextmenu-gnome to firefox-cross-desktop
    as it contains more tweaks to handle non-Gnome environments and
    especially KDE integration:
    * added the ability to set the KDE default browser
      (still part of bnc#170055)
* Fri Aug 07 2009 wr@rosenauer.org
  - split -translations package into -common and -other
    (bnc#529180)
  - remove "set as background" from context menu if not running in
    Gnome (part of bnc#170055)
* Fri Jul 31 2009 wr@rosenauer.org
  - security update to version 3.5.2
    * MFSA 2009-38/CVE-2009-2470 (bmo#459524)
      Data corruption with SOCKS5 reply containing DNS name longer
      than 15 characters
    * MFSA 2009-44/CVE-2009-2654 (bmo#451898)
      Location bar and SSL indicator spoofing via window.open() on
      invalid URL
    * MFSA 2009-45
      Crashes with evidence of memory corruption
    * MFSA 2009-46 (bmo#498897)
      Chrome privilege escalation due to incorrectly cached wrapper
    * various other stability fixes
  - export MOZ_APP_LAUNCHER in the startscript (bmo#453689)
* Tue Jul 28 2009 wr@rosenauer.org
  - fixed %exclude usage
  - fixed preferences' advanced pane for fresh profiles (bmo#506901)
* Wed Jul 15 2009 wr@rosenauer.org
  - security update to version 3.5.1
    * MFSA 2009-41
      Corrupt JIT state after deep return from native function
* Mon Jul 06 2009 wr@rosenauer.org
  - added mozilla-linkorder.patch to fix build with --as-needed
* Tue Jun 30 2009 wr@rosenauer.org
  - update to final version 3.5 (20090623)
* Tue Jun 23 2009 wr@rosenauer.org
  - fixed build by linking to a real file
* Thu Jun 18 2009 wr@rosenauer.org
  - update to version 3.5rc2 (20090617)
  - BuildRequire mozilla-xulrunner191 = 1.9.1.0
* Sat Jun 06 2009 wr@rosenauer.org
  - update to version 3.5b99 (20090604)
  - BuildRequire mozilla-xulrunner191 = 1.9.1b99
* Wed May 27 2009 wr@rosenauer.org
  - fixed typos in improved xulrunner dependencies
* Mon May 11 2009 wr@rosenauer.org
  - use non-localized Downloads folder (bnc#501724)
* Mon May 04 2009 wr@rosenauer.org
  - update to new major version 3.5b4
    * based on Gecko 1.9.1 (mozilla-xulrunner191)
    * Private Browsing Mode
    * TraceMonkey JavaScript engine
    * Geolocation support
    * native JSON and web worker threads support
    * speculative parsing for faster content rendering
    * Some HTML5 support
  - updated firefox.schemas
  - improved firefox-no-update.patch
* Tue Apr 28 2009 wr@rosenauer.org
  - security update to 3.0.10
    * MFSA 2009-23/CVE-2009-1313 (bmo#489647)
      Crash in nsTextFrame::ClearTextRun()
* Thu Apr 16 2009 wr@rosenauer.org
  - security update to 3.0.9 (bnc#495473)
    * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305
      Crashes with evidence of memory corruption (rv:1.9.0.9)
    * MFSA 2009-15/CVE-2009-0652 (bmo#479336)
      URL spoofing with box drawing character
    * MFSA 2009-16/CVE-2009-1306 (bmo#474536)
      jar: scheme ignores the content-disposition: header on the
      inner URI
    * MFSA 2009-17/CVE-2009-1307 (bmo#481342)
      Same-origin violations when Adobe Flash loaded via
      view-source: scheme
    * MFSA 2009-18/CVE-2009-1308 (bmo#481558)
      XSS hazard using third-party stylesheets and XBL bindings
    * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433)
      Same-origin violations in XMLHttpRequest and
      XPCNativeWrapper.toString
    * MFSA 2009-20/CVE-2009-1310 (bmo#483086)
      Malicious search plugins can inject code into arbitrary sites
    * MFSA 2009-21/CVE-2009-1311 (bmo#471962)
      POST data sent to wrong site when saving web page with
      embedded frame
    * MFSA 2009-22/CVE-2009-1312 (bmo#475636)
      Firefox allows Refresh header to redirect to javascript: URIs
* Fri Mar 27 2009 wr@rosenauer.org
  - security update to 1.9.0.8 (bnc#488955,489411)
    * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
      Crash and remote code execution in XSL transformation
    * MFSA 2009-13/CVE-2009-1044 (bmo#484320)
      Arbitrary code execution via XUL tree moveToEdgeShift
  - allow RPM provides for stuff besides shared libraries
    (e.g. mime-types)
* Sun Mar 01 2009 wr@rosenauer.org
  - security update to 3.0.7 (bnc#478625)
    * MFSA 2009-07 - Crashes with evidence of memory corruption
      CVE-2009-0771 - Layout Engine Crashes
      CVE-2009-0772 - Layout Engine Crashes
      CVE-2009-0773 - crashes in the JavaScript engine
      CVE-2009-0774 - Layout Engine Crashes
    * MFSA 2009-08/CVE-2009-0775 - (bmo#474456)
      Mozilla Firefox XUL Linked Clones Double Free Vulnerability
    * MFSA 2009-09/CVE-2009-0776 (bmo#414540)
      XML data theft via RDFXMLDataSource and cross-domain redirect
    * MFSA 2009-10/CVE-2009-0040 (bmo#478901)
      Upgrade PNG library to fix memory safety hazards
    * MFSA 2009-11/CVE-2009-0777 (bmo#452979)
      URL spoofing with invisible control characters

Files

/usr/share/mozilla/firefox-45.0-18.x86_64-1315-symbols.zip


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Oct 10 13:02:36 2019