Hello community, here is the log from the commit of package xulrunner for openSUSE:Factory checked in at 2015-11-08 14:35:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xulrunner (Old) and /work/SRC/openSUSE:Factory/.xulrunner.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "xulrunner" Changes: -------- --- /work/SRC/openSUSE:Factory/xulrunner/xulrunner.changes 2015-09-30 05:51:50.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.xulrunner.new/xulrunner.changes 2015-11-08 14:36:05.000000000 +0100 @@ -1,0 +2,28 @@ +Sat Oct 31 09:32:17 UTC 2015 - wr@rosenauer.org + +- update to xulrunner 38.4.0 (bnc#952810) + * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 + Miscellaneous memory safety hazards + * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) + Trailing whitespace in IP address hostnames can bypass same-origin policy + * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) + Buffer overflow during image interactions in canvas + * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) + CORS preflight is bypassed when non-standard Content-Type headers + are received + * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) + Memory corruption in libjar through zip files + * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) + JavaScript garbage collection crash with Java applet + * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 + (bmo#1188010, bmo#1204061, bmo#1204155) + Vulnerabilities found through code inspection + * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) + Mixed content WebSocket policy bypass through workers + * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 + (bmo#1202868, bmo#1205157) + NSS and NSPR memory corruption issues + (fixed in mozilla-nspr and mozilla-nss packages) +- requires NSPR 4.10.10 and NSS 3.19.2.1 + +------------------------------------------------------------------- Old: ---- l10n-38.3.0.tar.xz xulrunner-38.3.0-source.tar.xz New: ---- l10n-38.4.0.tar.xz xulrunner-38.4.0-source.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xulrunner.spec ++++++ --- /var/tmp/diff_new_pack.JCgrRP/_old 2015-11-08 14:36:15.000000000 +0100 +++ /var/tmp/diff_new_pack.JCgrRP/_new 2015-11-08 14:36:15.000000000 +0100 @@ -17,10 +17,10 @@ # -%define version_internal 38.3.0 +%define version_internal 38.4.0 %define apiversion 38 -%define uaweight 3830000 -%define releasedate 2015091700 +%define uaweight 3840000 +%define releasedate 2015102700 %define shared_js 0 %define has_system_nspr 1 %define has_system_nss 1 @@ -67,8 +67,8 @@ %else BuildRequires: wireless-tools %endif -BuildRequires: mozilla-nspr-devel >= 4.10.8 -BuildRequires: mozilla-nss-devel >= 3.19.2 +BuildRequires: mozilla-nspr-devel >= 4.10.10 +BuildRequires: mozilla-nss-devel >= 3.19.2.1 BuildRequires: pkgconfig(libpulse) %if %suse_version > 1210 BuildRequires: pkgconfig(gstreamer-%gstreamer_ver) ++++++ compare-locales.tar.xz ++++++ ++++++ create-tar.sh ++++++ --- /var/tmp/diff_new_pack.JCgrRP/_old 2015-11-08 14:36:16.000000000 +0100 +++ /var/tmp/diff_new_pack.JCgrRP/_new 2015-11-08 14:36:16.000000000 +0100 @@ -2,8 +2,8 @@ CHANNEL="esr38" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_38_3_0esr_RELEASE" -VERSION="38.3.0" +RELEASE_TAG="FIREFOX_38_4_0esr_RELEASE" +VERSION="38.4.0" # mozilla if [ -d mozilla ]; then ++++++ l10n-38.3.0.tar.xz -> l10n-38.4.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/xulrunner/l10n-38.3.0.tar.xz /work/SRC/openSUSE:Factory/.xulrunner.new/l10n-38.4.0.tar.xz differ: char 26, line 1 ++++++ source-stamp.txt ++++++ --- /var/tmp/diff_new_pack.JCgrRP/_old 2015-11-08 14:36:16.000000000 +0100 +++ /var/tmp/diff_new_pack.JCgrRP/_new 2015-11-08 14:36:16.000000000 +0100 @@ -1,2 +1,2 @@ -REV=7b1115ea78f7 +REV=6afcba951b0f REPO=http://hg.mozilla.org/releases/mozilla-esr38 ++++++ xulrunner-38.3.0-source.tar.xz -> xulrunner-38.4.0-source.tar.xz ++++++ /work/SRC/openSUSE:Factory/xulrunner/xulrunner-38.3.0-source.tar.xz /work/SRC/openSUSE:Factory/.xulrunner.new/xulrunner-38.4.0-source.tar.xz differ: char 27, line 1