Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 36922354
en ru br
Репозитории ALT
S:118.0-alt1
4.1: 3.0.9-alt0.M41.1
+updates:3.0.4-alt0.M41.2
4.0: 2.0.0.18-alt0.M40.1
3.0: 1.0.7-alt3
+updates:1.0.8-alt0.M30.1
www.altlinux.org/Changes

Группа :: Сети/WWW
Пакет: firefox

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

14 ноября 2008 Michael Shigorin <mike at altlinux.org> 2.0.0.18-alt0.M40.1

  • New bugfix version 2.0.0.18 built for M40
  • Fixed:
     + MFSA 2008-58 Parsing error in E4X default namespace
     + MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
     + MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
     + MFSA 2008-55 Crash and remote code execution in nsFrameManager
     + MFSA 2008-54 Buffer overflow in http-index-format parser
     + MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
     + MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
     + MFSA 2008-50 Crash and remote code execution via __proto__ tampering
     + MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
     + MFSA 2008-48 Image stealing via canvas and HTTP redirect
     + MFSA 2008-47 Information stealing via local shortcut files

2 октября 2008 Michael Shigorin <mike at altlinux.org> 2.0.0.17-alt0.M40.1

  • New bugfix version 2.0.0.17 built for M40
  • Fixed:
     + MFSA 2008-45 XBM image uninitialized memory reading
     + MFSA 2008-44 resource: traversal vulnerabilities
     + MFSA 2008-43 BOM characters stripped from JavaScript before execution
     + MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
     + MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
     + MFSA 2008-40 Forced mouse drag
     + MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
     + MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
     + MFSA 2008-37 UTF-8 URL stack buffer overflow

8 августа 2008 Michael Shigorin <mike at altlinux.org> 2.0.0.16-alt0.M40.1

  • New bugfix version 2.0.0.16
  • Fixed:
    + MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
    + MFSA 2008-34 Remote code execution by overflowing CSS reference counter

2 июля 2008 Michael Shigorin <mike at altlinux.org> 2.0.0.15-alt1

  • New bugfix version 2.0.0.15
  • Fixed:
       + MFSA 2008-33 Crash and remote code execution in block reflow
       + MFSA 2008-32 Remote site run as local file via Windows URL shortcut
       + MFSA 2008-31 Peer-trusted certs can use alt names to spoof
       + MFSA 2008-30 File location URL in directory listings not escaped properly
       + MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
       + MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
       + MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
       + MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
       + MFSA 2008-24 Chrome script loading from fastload file
       + MFSA 2008-23 Signed JAR tampering
       + MFSA 2008-22 XSS through JavaScript same-origin violation
       + MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

2 июля 2008 Michael Shigorin <mike at altlinux.org> 2.0.0.15-alt0.M40.1

  • built for M40

7 мая 2008 Michael Shigorin <mike at altlinux.org> 2.0.0.14-alt1

  • New bugfix version 2.0.0.14
  • Fixed:
       + MFSA 2008-20 Crash in JavaScript garbage collector

7 мая 2008 Michael Shigorin <mike at altlinux.org> 2.0.0.14-alt0.M40.1

  • built for M40

29 марта 2008 Alexey Gladkov <legion at altlinux.ru> 2.0.0.13-alt1

  • New bugfix version 2.0.0.13
  • Fixed:
       + MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
       + MFSA 2008-18 Java socket connection to any local port via LiveConnect
       + MFSA 2008-17 Privacy issue with SSL Client Authentication
       + MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
       + MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
       + MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution

21 февраля 2008 Alexey Gladkov <legion at altlinux.ru> 2.0.0.12-alt1

  • New bugfix version 2.0.0.12
  • Fixed:
       + MFSA 2008-11 Web forgery overwrite with div overlay
       + MFSA 2008-10 URL token stealing via stylesheet redirect
       + MFSA 2008-09 Mishandling of locally-saved plain text files
       + MFSA 2008-08 File action dialog tampering
       + MFSA 2008-07 Possible information disclosure in BMP decoder
       + MFSA 2008-06 Web browsing history and forward navigation stealing
       + MFSA 2008-05 Directory traversal via chrome: URI
       + MFSA 2008-04 Stored password corruption
       + MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
       + MFSA 2008-02 Multiple file input focus stealing vulnerabilities
       + MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)

7 декабря 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.11-alt1

  • New bugfix version 2.0.0.11
  • Add SDK libs.
  • Firefox 2.0.0.11 fixed a bug introduced by the 2.0.0.10 update
     in the <canvas> feature that affected some web pages and extensions.
  • Fixed:
       + MFSA 2007-39 Referer-spoofing via window.location race condition
       + MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
       + MFSA 2007-37 jar: URI scheme XSS hazard

8 ноября 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.9-alt1

  • New bugfix version 2.0.0.9
    -Fixed:
       + Bug 400406 - Firefox will ignore the 'clear' CSS property when
         used beneath a box that is using the 'float' property.
       + Bug 396695 - Add-ons are disabled after updating.
       + Bug 400421 - Removing a single area element from an image map
         will cause the entire map to disappear.

19 октября 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.8-alt1

  • New bugfix version 2.0.0.8
    -Fixed:
       + MFSA 2007-36 URIs with invalid  mishandled by Windows
       + MFSA 2007-35 XPCNativeWrapper pollution using Script object
       + MFSA 2007-34 Possible file stealing through sftp protocol
       + MFSA 2007-33 XUL pages can hide the window titlebar
       + MFSA 2007-32 File input focus stealing vulnerability
       + MFSA 2007-31 Browser digest authentication request splitting
       + MFSA 2007-30 onUnload Tailgating
       + MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)

23 сентября 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.7-alt1

  • New bugfix version 2.0.0.7
    -Fixed:
       + MFSA 2007-28 Code execution via QuickTime Media-link files

1 августа 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.6-alt1

  • New bugfix version 2.0.0.6
  • Fixed:
       + MFSA 2007-27 Unescaped URIs passed to external programs
       + MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows

27 июля 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.5-alt2

  • Fix desktop file.
  • Add search plugins: wikipedia (en, ru).
  • Update search plugins: yandex.

18 июля 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.5-alt1

  • New bugfix version 2.0.0.5
  • Fixed:
       + MFSA 2007-25 XPCNativeWrapper pollution
       + MFSA 2007-24 Unauthorized access to wyciwyg:// documents
       + MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
       + MFSA 2007-22 File type confusion due to %00 in name
       + MFSA 2007-21 Privilege escallation using an event handler attached to an element not in the document
       + MFSA 2007-20 Frame spoofing while window is loading
       + MFSA 2007-19 XSS using addEventListener and setTimeout
       + MFSA 2007-18 Crashes with evidence of memory corruption

19 июня 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.4-alt1

  • New bugfix version 2.0.0.4
  • Add alternatives.
  • Add intl.locale.matchOS by default (patch41: 01_locale.dpatch).
  • Fix normal icons (bug#11756).
  • Fix desktop file (bug#10558)
  • Fix extension compatibility check.
  • Fixed:
       + MFSA 2007-17 XUL Popup Spoofing
       + MFSA 2007-16 XSS using addEventListener
       + MFSA 2007-14 Path Abuse in Cookies
       + MFSA 2007-13 Persistent Autocomplete Denial of Service
       + MFSA 2007-12 Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4)
       + MFSA 2007-11 FTP PASV port-scanning

25 февраля 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.2-alt1

  • New bugfix version 2.0.0.2
  • Remove version from requires in *.pc.
  • Fixed:
       + MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
       + MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
       + MFSA 2007-05 XSS and local file access by opening blocked popups
       + MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
       + MFSA 2007-03 Information disclosure through cache collisions
       + MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
       + MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2)

28 января 2007 Alexey Gladkov <legion at altlinux.ru> 2.0.0.1-alt1

  • New minor version 2.0.0.1
  • Fixed:
       + MFSA 2006-76 XSS using outer window's Function object
       + MFSA 2006-75 RSS Feed-preview referrer leak
       + MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
       + MFSA 2006-72 XSS by setting img.src to javascript: URI
       + MFSA 2006-71 LiveConnect crash finalizing JS objects
       + MFSA 2006-70 Privilege escalation using watch point
       + MFSA 2006-69 CSS cursor image buffer overflow (Windows only)
       + MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)

23 ноября 2006 Alexey Gladkov <legion at altlinux.ru> 2.0-alt2

  • Add %pre script.
  • Remove version specific paths.

28 октября 2006 Alexey Gladkov <legion at altlinux.ru> 2.0-alt1

  • New major version 2.0 .
  • Don't build libxul.
  • Add support for printing via Pango.
  • Change printer paper size at A4.
  • Check compatibility disabled.
  • Patch disabling OS_TEST autoguessing for %ix86 builds on x86_64 host.

15 сентября 2006 Alexey Gladkov <legion at altlinux.ru> 1.5.0.7-alt1

  • New version 1.5.0.7 .
  • Fixed:
       + MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
       + MFSA 2006-62 Popup-blocker cross-site scripting (XSS)
       + MFSA 2006-61 Frame spoofing using document.open()
       + MFSA 2006-60 RSA Signature Forgery
       + MFSA 2006-59 Concurrency-related vulnerability
       + MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
       + MFSA 2006-57 JavaScript Regular Expression Heap Corruption

30 августа 2006 Alexey Gladkov <legion at altlinux.ru> 1.5.0.6-alt4

  • Add libgtkembedmoz.so, firefox-gtkembedmoz.pc .
  • Update BuildRequires.

16 августа 2006 Alexey Gladkov <legion at altlinux.ru> 1.5.0.6-alt3

  • bugfix build.
  • Patch to enable intl.locale.matchOS was removed.
  • Added default download directory.

9 августа 2006 Alexey Gladkov <legion at altlinux.ru> 1.5.0.6-alt2

  • bugfix build.
  • Added patch to handle #9863 (history #4352).

5 августа 2006 Alexey Gladkov <legion at altlinux.ru> 1.5.0.6-alt1

  • New version 1.5.0.6 .
  • Fixed:
       + Fixed an issue with playing Windows Media content
       + MFSA 2006-56  chrome: scheme loading remote content
       + MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
       + MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)
       + MFSA 2006-53 UniversalBrowserRead privilege escalation
       + MFSA 2006-52 PAC privilege escalation using Function.prototype.call
       + MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()"
       + MFSA 2006-50 JavaScript engine vulnerabilities
       + MFSA 2006-48 JavaScript new Function race condition
       + MFSA 2006-47 Native DOM methods can be hijacked across domains
       + MFSA 2006-46 Memory corruption with simultaneous events
       + MFSA 2006-45 Javascript navigator Object Vulnerability
       + MFSA 2006-44 Code execution through deleted frame reference

8 июня 2006 Alexey Gladkov <legion at altlinux.ru> 1.5.0.4-alt1

  • New version.
  • Fixed:
       + MFSA 2006-43 Privilege escalation using addSelectionListener
       + MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
       + MFSA 2006-41 File stealing by changing input type (variant)
       + MFSA 2006-39 "View Image" local resource linking (Windows)
       + MFSA 2006-38 Buffer overflow in crypto.signText()
       + MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
       + MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
       + MFSA 2006-35 Privilege escalation through XUL persist
       + MFSA 2006-34 XSS viewing javascript: frames or images from context menu
       + MFSA 2006-33 HTTP response smuggling
       + MFSA 2006-32 Fixes for crashes with potential memory corruption
       + MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

12 мая 2006 Alexey Gladkov <legion at altlinux.ru> 1.5.0.3-alt1

  • New version.
  • Build libxul library.
  • Fixed:
       + MFSA 2006-30 Deleted object reference when designMode="on".

15 марта 2006 Alexey Gladkov <legion at altlinux.ru> 1.5.0.1-alt2

  • bugfix build.
  • include fix
  • plugins directory fix;

13 февраля 2006 Alexey Gladkov <legion at altlinux.ru> 1.5.0.1-alt1

  • New version 1.5.0.1
  • Buildrequires updated for xorg-7.0
  • run-firefox script bugfix:
     * usage update
     * plugins search path (x86_64)
     * unparseable commands handling
  • bugfix: #7334, #7682, #8757, #8784, #9017

4 декабря 2005 Alexey Gladkov <legion at altlinux.ru> 1.5-alt1

  • New version 1.5 .
  • Spec cleanup.
  • Build with external rpm-build-firefox .
  • Build with system NSS and NSPR.
  • Unused libraries removed.
  • Rpm mascros bugfix.
     * fix for new rpm.
     * change extension installation sheme (again).
  • Default preference tunning.
  • Startup script rewritten. Now it is single script.
     * command line shortcut added: altfaq:NUM .
  • SVG support enabled.
  • directory /usr/share/firefox-@version@/extensions was added to extensions search path .
     * this location is controled by the option extensions.dir.extensions .
  • Bug: #7682, #7801, #7856, #7949 fixed.

16 августа 2005 Alexey Gladkov <legion at altlinux.ru> 1.0.6-alt4

  • major bugfix.
  • build with official branding.
  • x86_64 compatibility addon (patch20, patch21).

7 августа 2005 Alexey Gladkov <legion at altlinux.ru> 1.0.6-alt3

  • release version.
  • firsttime script added.
  • SVG support disabled.
  • Patch #2 bugfix (bug: #7682)

24 июля 2005 LAKostis <lakostis at altlinux.ru> 1.0.6-alt2.cvs

  • fix -nox patch.
  • add gssapi detection and build fixes from mhz@.

19 июля 2005 LAKostis <lakostis at altlinux.ru> 1.0.6-alt1.cvs

  • new version from aviary branch fixing various bugs:
     + MFSA2005-54
     + Restore API compatibility for extensions and web applications
       that did not work in Firefox 1.0.5.

11 июля 2005 LAKostis <lakostis at altlinux.ru> 1.0.5-alt2.cvs

  • new version from aviary branch;

22 июня 2005 LAKostis <lakostis at altlinux.ru> 1.0.5-alt1.cvs

  • new version from aviary branch fixing various security bugs;
  • fix: #4846, #5101, #7126 (legion).
  • if_{with,without} debug - added (legion).
  • keyword 'altbug:' added, patch2 updated (legion).
  • postin/postun-scripts scripts bugfixes (legion).
  • triggers added for trash cleanup (legion).

20 июня 2005 LAKostis <lakostis at altlinux.ru> 1.0.5-alt0.cvs

  • new version from aviary branch;
  • fix #6595;
  • add switches for svg/xprint easy builds.
  • update alt-prefs-tuning.patch (disable annoying default browser dialog).

12 июня 2005 LAKostis <lakostis at altlinux.ru> 1.0.4-alt1

  • new version;
  • SA15601 security fix;
  • BuildRequires cleanup (remove xorg-x11-libs-static).

21 апреля 2005 Alexey Gladkov <legion at altlinux.ru> 1.0.3-alt1

  • new version;
  • requires fix;

13 апреля 2005 Alexey Gladkov <legion at altlinux.ru> 1.0.2-alt1

  • new version;
  • RPATH fix;
  • NoX patch was rewritten;

6 марта 2005 Alexey Gladkov <legion at altlinux.ru> 1.0.1-alt2

  • rpm macros was updated;

25 февраля 2005 Alexey Gladkov <legion at altlinux.ru> 1.0.1-alt1

  • new version;
  • patch9 was added (mozilla Bug #123315);
  • patch10, patch11 was added (#6151);

14 февраля 2005 Alexey Gladkov <legion at altlinux.ru> 1.0-alt7

  • plugins path bugfix;
  • svg support added;
  • x86_64 compatibility added (thx mouse@);

1 февраля 2005 Alexey Gladkov <legion at altlinux.ru> 1.0-alt6

  • update patch firefox-1.0-20050201-alt-nox.patch
     * uninstall-global-theme command-line option was added;
     * update-register command-line option was added;
  • firefox-1.0-alt-rpm-scripts.tar.bz2 bugfix;

27 января 2005 Alexey Gladkov <legion at altlinux.ru> 1.0-alt5

  • disable svg support becouse svg layout lead to segfault
     when mozilla compile with gcc3.4 .
  • search plugins was moved into the standalone rpm package.

19 января 2005 Alexey Gladkov <legion at altlinux.ru> 1.0-alt4

  • Rebuilt with libstdc++.so.6.

5 января 2005 Alexey Gladkov <legion at altlinux.ru> 1.0-alt3

  • new version;
  • browser-plugins-npapi support added;
  • new icons default icons(thx shrek@);
  • option uninstall-global-extension was fixed;

3 ноября 2004 Alexey Gladkov <legion at altlinux.ru> 1.0-alt2.rc1

  • extension sheme changes;
  • postin/preun scripts chenges;

18 октября 2004 Alexey Gladkov <legion at altlinux.ru> 1.0-alt2.PR

  • new default extensions added;
  • protocol 'mailto' external handler added;
  • firefox.macro changed;
  • postun script changed;
  • icons changed;

30 сентября 2004 Alexey Gladkov <legion at altlinux.ru> 1.0-alt1.PR

  • New version 1.0PR;
  • New extension scheme;
  • Add:
       * New option 'run-without-x' added (mouse, legion);
       * SVG support added;
       * Certificate (ALT Linux CA Root) added;
       * ALT Linux BTS search plugin added;
       * RPATH added to all binary files;
  • bug #4284 fixed;

28 мая 2004 Alexey Gladkov <legion at altlinux.ru> 0.8-alt4

  • Move back some changes at alt3 build.
  • Bug #4157 fixed.

30 апреля 2004 Alexey Gladkov <legion at altlinux.ru> 0.8-alt3.1

  • viewsource protocol was added.

29 апреля 2004 Alexey Gladkov <legion at altlinux.ru> 0.8-alt3

  • Minimize buildin extensions;
  • Disable debug output;
  • Disable some options:
     + disable JavaScript debug library;
     + disable LDAP support;
     + disable logging facilities;
  • Necko protocols cleanup;

24 февраля 2004 Alexey Gladkov <legion at altlinux.ru> 0.8-alt2

  • Splash screen added (thx sadist@);
  • Search plugins added;
  • Remove devel package Conflicts;
  • Change rebuild-database.sh script. Script must be run only as root;
  • Change locale hack.

11 февраля 2004 Alexey Gladkov <legion at altlinux.ru> 0.8-alt1

  • Mozilla Firebird becomes Mozilla Firefox. Mozilla's next
     generation browser has changed names (again);
  • New version;

11 января 2004 Alexey Gladkov <legion at altlinux.ru> 0.7-alt2

  • Spec changes.
  • run-mozilla.sh script patch.

30 декабря 2003 Alexey Gladkov <legion at altlinux.ru> 0.7-alt1

  • first build for ALT Linux.
  • rpm macro created.
  • new scheme loading extensions added (thx force@)
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin