Bump version to 2.10.92
Minor fix
Bump libtool revision
Minor cleanup
Bug 38737 - Wishlist: support FC_POSTSCRIPT_NAME
Add the PostScript name into the cache and the matcher.
Scoring the better font against the PostScript name by
the forward-matching.
Fix a SIGSEGV on FcPatternGet* with NULL pattern
Fix crash with FcConfigSetCurrent(NULL)
Do not copy FC_*LANG_OBJECT even if it's not available on the pattern
those objects are linked to the corresponding string objects.
this may causes inconsistency that those objects has more values
than them.
Bug 59456 - Adding a --sysroot like option to fc-cache
Add an ability to set the system root to generate the caches.
In order to do this, new APIs, FcConfigGetSysRoot() and
FcConfigSetSysRoot() is available.
Fix a memory leak
Fix broken sort order with FcFontSort()
which was introduced by 4eab908c8679a797ac7016b77a93ee41bb11b0fc
Fix a crash when the object is non-builtin object
Fix a typo
Bug 60783 - Add Liberation Sans Narrow to 30-metric-aliases.conf
Add Liberation Sans Narrow as an alias for Arial Narrow
Bug 60748 - broken conf.d/10-autohint.conf and conf.d/10-unhinted.conf
Move the target of recipes to the "pattern" from the "font".
This is to ensure the targeted objects is updated by them
prior to FcDefaultSubstitute() so that it can adds the default
values properly.
Accept digits as part of OpenType script tags
They've been used since 2005.
Add Culmus foundry to the vendor list
Maps fonts produced by the Culmus project
<http://culmus.sourceforge.net>
to the XLFD foundry name culmus.
For TrueType fonts, maps the vendor code CLM from the TrueType vendor
id field.
For Type1 fonts, which use heuristics to guess mappings to XLFD
foundries from
words in the copyright notice, add the names of the main contributors
to
the Culmus product to recognize the fonts under their copyright.
Patch from Maxim Iorsh
Use LOG_COMPILER and AM_TESTS_ENVIRONMENT
TESTS_ENVIRONMENT is deprecated and should be reserved to the user to
override the test environment
<ext>_LOG_COMPILER is meant to contain the program that runs the test
with <ext> extension
LOG_COMPILER is for extensionless tests
AM_TESTS_ENVIRONMENT is meant to set the environment for the tests
https://bugs.freedesktop.org/show_bug.cgi?id=60192
Signed-off-by: Quentin Glidic <sardemff7+git@sardemff7.net>
Bump the cache version to 4
Update _FcMatchers definition logic
to make it easier to maintain. also added FC_HASH_OBJECT to be matched
in the pattern, prior to FC_FILE_OBJECT.
Bug 60312 - DIST_SUBDIRS should never appear in a conditional
As it is documented like this:
If SUBDIRS is defined conditionally using Automake conditionals,
Automake will define DIST_SUBDIRS automatically from the possible
values of SUBDIRS in all conditions.
So we don't need to re-define DIST_SUBDIRS in Makefile.am unless
we use AC_SUBST to define SUBDIRS.
Patch from Quentin Glidic
Bug 50733 - Add font-file hash?
Add "hash" object which contains SHA256 hash value (so far) computed
from the font file.
Use AM_MISSING_PROG instead of hardcoding missing
Revert "test: Use SH_LOG_COMPILER and AM_TESTS_ENVIRONMENT"
This reverts commit 2146b0307a3476892723104481f27f8484451c52.
That change introduces incompatibility and seems not working with
older releases of automake, including automake 1.12.2.
test: Use SH_LOG_COMPILER and AM_TESTS_ENVIRONMENT
TESTS_ENVIRONMENT is deprecated and should be reserved to the user to
override the test environment
<ext>_LOG_COMPILER is meant to contain the program that runs the test
with <ext> extension
AM_TESTS_ENVIRONMENT is meant to set the environment for the tests
https://bugs.freedesktop.org/show_bug.cgi?id=60192
Signed-off-by: Quentin Glidic <sardemff7+git@sardemff7.net>
Use AM_MISSING_PROG instead of hardcoding missing
Modernize configure.ac
Bug 23757 - Add mode="delete" to <edit>
Add two edit mode, "delete" and "delete_all".
what values are being deleted depends on <test> as documented.
if the target object is same to what is tested, matching value there
will be deleted. otherwise all of values in the object will be
deleted.
so this would means both edit mode will not take any expressions.
e.g.
Given that the testing is always true here, the following rules:
<match>
<test name="foo" compare="eq">
<string>bar</string>
</test>
<edit name="foo" mode="delete"/>
</match>
will removes "bar" string from "foo" object. and:
<match>
<test name="foo" compare="eq">
<string>foo</string>
</test>
<edit name="bar" mode="delete"/>
</match>
will removes all of values in "bar" object.
build: Only use PKG_INSTALLDIR if available
It's only in pkg-config 0.27 or newer, but 0.25 at least is still
fairly widespread.
Use the PKG_INSTALLDIR macro.
Bug 59385 - Do the right thing for intermixed edit and test elements
This changes allows to have multiple mathcing rules in one <match>
block
in the same order.
remove the unnecessary code
Add another approach to FC_PRGNAME for Solaris 10 or before
Patch from Raimund Steger
Fix installation on MinGW32
Patch from LRN
Fix mkstemp absence for some platform
Patch from LRN and modified to make more generic.
Add missing file descriptor to F_DUPFD_CLOEXEC
Patch from Matthieu Herrb
Fix readlink failure
As reported by Raimund Steger.
Better fix for 2fe5ddfd
Drop realpath() and fix breakage on Win32
Fix FC_PRGNAME default
As reported by Raimund Steger.
Fix fc-cache crash caused by looking up NULL object incorrectly
We were returning a skiplist node when looking up NULL!
Minor
Remove unused checks for common functions
The check results of these were never actually used.
Improve FcGetPrgname() to work on BSD
Bug 59379 - FC_PRGNAME
Can be used for per-application configuration.
Bug 50497 - RFE: Add OpenType feature tags support
Add FC_FONT_FEATURES to store the feature tags to be enabled.
Fix the build fail on MinGW
Reported at
http://lists.freedesktop.org/archives/fontconfig/2013-January/004601.html
just warn at the runtime instead of the compile time. it somewhat
works
on even MinGW since FcMakeTempfile() isn't used on Win32 so far.
Minor
Copy all values from pattern to font if the font doesn't have
the element
Bug 59376 - FcFontRenderPrepare enhancement
Ensure we find the uninstalled fontconfig header
Patch from Colin Walters.
Respect $NOCONFIGURE
Patch from Colin Walters.
Version 1.25:
Enhancements to ticket processing. There are now two tables:
TICKET and TICKETCHNG. There is one row in TICKETCHNG for each
ticket artifact. Fields from ticket artifacts go into either
or both of TICKET and TICKETCHNG, whichever contain matching
column names. Default ticket edit and viewing scripts are
updated to use TICKETCHNG. The TH1 scripting language is enhanced
to support this, including the new "query" command for doing
SQL queries against the repository database. All changes should
be backwards compatible.
Add the ability to moderate ticket and wiki changes. Unmoderated
changes do not sync and may be deleted by the moderator if
found to contain spam or other objectionable content.
Add javascript so that clicking on a node of the timeline graph
selects that node. Then clicking on a second node shows a diff
between the two nodes. Clicking on the selected node unselects
it.
Warn of unresolved merge conflicts in "fossil status" and
disallow commits of unresolved conflicts unless the --allow-conflict
option is used.
Add javascript so that clicking on column headers in a ticket
report sorts by the indicated column.
Add the "fossil cat" command which is basically an alias for
"fossil finfo -p".
Hyperlinks with the class "button" are rendered as submenu
buttons on embedded documentation.
The check-in comment editor on windows now defaults to NotePad.exe.
Correctly deal with BOMs in check-in comments. Also attempt to
convert check-in comments to UTF8 from other encodings.
Allow the deletion of multiple stash entries using multiple
arguments to the "fossil stash rm" command.
Enhance the "fossil server DIRECTORY" command to serve static
content files contained in DIRECTORY. For security, only files
with a recognized suffix (such as *.html, *.jpg, *.txt, etc)
will be delivered as static content, and *.fossil files are
not on the list of recognized suffixes. There are additional
restrictions on the names of the files.
Allow the "fossil ui" command to specify a directory as long
as the the --notfound option is used.
Add a configuration option that causes timeline messages to be
rendered as text/x-fossil-plain (which is the same as text/plain
except that hyperlinks inside of [...] are decorated.)
Only decorate [...] in check-in comments and tickets if the
contented text really is a valid hyperlink target.
Improvements to the side-by-side diff algorithm, for a more
human-friendly display in some complex cases.
Added [utime] and [stime] commands to TH1. These commands can
be used for things such as displaying the page rendering time
in the footer.
Add the ability to pass command-line options of "fossil rebuild"
to "fossil all rebuild".
Add the --deanalyze option to "fossil rebuild" (and "fossil
all rebuild")
Do not run the graphical merging tool nor leave merge-droppings
after a dry-run merge. Display an improved merge-summary message
at the end of the merge.
Add options to "fossil commit" to override the various sanity
checks. Options added: --allow-empty, --allow-fork, --allow-older,
and --allow-conflict.
Optionally require a CAPTCHA (controlled by a setting on the
Admin/Access webpage) when a user who is not logged in tries
to edit wiki, or a ticket, or an attachment.
Improvements to the "ssh://" sync protocol, to help it move
past noisey motd comments.
Add the uf=FILE-SHA1-HASH query parameter to the timeline,
causing the timeline to show only check-ins that contain the
specific file identified by FILE-SHA1-HASH. ("uf" stands for
"uses file".)
Enhance the file change annotator so that it follows the file
across name changes.
Fix the server-side of the sync protocol so that it will not
generate a delta loop when a file changes from its original
state, through two or more intermediate states, and back to
the original state, all within a single sync.
Show much less output during a sync operation, unless the
--verbose option is used.
Set the action= attribute of <form> elements using javascript,
as an addition defense against spam-bots.
Disallow invalid UTF8 characters (such as characters in the
surrogate pair range) in filenames.
Judge the UserAgent strings issued by the NetSurf webbrowser
to be coming from a human, not from a bot.
Add the zlib sources to the Fossil source tree (under compat/zlib)
and use those sources when compiling on (windows) systems that
do not have a zlib library installed by default.
Prompt the user with the option to convert non-UTF8 files into
UTF8 when committing.
Allow the characters *[]? in filenames.
Allow the --context option on diff commands to have a value of
0.
Added the "dbstat" command.
Enhanced "fossil merge" so that if the VERSION argument is
omitted, Fossil tries to merge any forks of the current branch.
Improved detection of forks in a commit race.
Added the --analyze option to "fossil rebuild".
Version 1.24:
Added support for WYSIWYG editing of wiki pages. WYSIWYG is
turned off by default and can be turned on by setting a
configuration option.
Allow style= attribute to occur in HTML markup on wiki pages.
Added the --tk option to the "fossi diff" and "fossil stash
diff" commands, causing color-coded diff output to be displayed
in a Tcl/Tk GUI window. This option only works if Tcl/Tk is
installed on the host.
On windows, make the "gdiff" command default to use WinDiff.exe.
Update the "fossil stash" command so that it always prompts
for a comment if the -m option is omitted.
Enhance the timeline webpages so that a=, b=, c=, d=, p=, and
dp= query parameters (and others) can all accept any valid
checkin name (such as branch names or labels) instead of just
SHA1 hashes.
Added the "fossil stash show" command.
Added the "fileage" webpage with links to this page from the
check-in information page and from the file browser.
Added --age and -t options to the "fossil ls" command.
Added the --setmtime option to "fossil update". When used, the
mtime of all mananged files is set to the time when the most
recent version of the file was checked in.
Changed the "vdiff" webpage to show the complete text of files
that were added or removed (the equivelent of using the -N or
--newfile options with the "fossil diff" command-line.)
Added the --temp option to "fossil clean" and "fossil extra",
causing those commands to only look at temporary files generated
by Fossil, such as merge-conflict reports or aborted check-in
messages.
Enhance the raw page download so that it can guess the mimetype
of attachments based on the filename.
Change the behavior of the from= and to= query parameters on
the timeline page so that by default the path between the two
specified check-ins avoids merges.
Add the --baseurl option to "fossil server" and "fossil http"
commands, so that those commands can be used with reverse
proxies.
If unable to determine the command-line user, do not guess.
Instead issue an error message. This helps prevent check-ins
from accidentally occurring under the wrong username.
Include branch information in the output of file change listings
(the "finfo" webpage).
Make the simplified view of file history, rather than the full
view, the default.
In the "fossil configuration" command, allow the "css" option
for synchronizing, importing, or exporting just the CSS file.
This makes it easier to share CSS files across repositories by
exporting from one and importing to another.
Add the (unsupported) "fossil test-orphans" command.
Add the --template option to the "fossil init" command, to
facilitate creating new repositories based on a template
repository.
Add the diff-binary setting, which if enabled causes binary
files to be passed to the "gdiff" command for it to deal with,
rather than simply printing a "cannot diff binary files" error.
Add the --unified option to the "fossil diff" command to force
a unified diff even if the --tk option (which normally implies
a side-by-side diff) is used.
Present a choice of nearby branches and versions to diff against
on the check-in information page.
Add the --force option to the "fossil merge" command that will
force the merge to occur even if it would be a no-op. This is
sometimes useful for documentation purposes.
Add another built-in skin: "Enhanced Default". Other minor
tweaks to the existing skins.
Add the "urllist" webpage, showing a list of URLs by which a
server instance of Fossil has been accessed. Requires
"Administrator" privileges. A link is on the "Setup" main page.
Enable dynamic loading of the Tcl runtime for installations
that want to use Tcl as part of their configuration. This
reduces the size of the Fossil binary and allows any version
of Tcl 8.4 or later to be used.
Merge the latest SQLite changes from upstream.
Lots of minor bug fixes.
0.20.2
======
Changes since 0.20.1:
- Fix some typos in docs and warning messages.
- Fix argument order issue introduced with the va_list fix in 0.20.1.
- Add some tests for this bug.
Bugs fixed in this release:
- https://bugzilla.gnome.org/show_bug.cgi?id=695591
- https://bugzilla.gnome.org/show_bug.cgi?id=696762
All contributors to this release:
Jens Georg <mail@jensge.org>
Benjamin Kerensa <bkerensa@ubuntu.com>
Version 1.41 December 31, 2012
* Set filenames in italics.
* Suppress option/filename handling in EXAMPLES section.
* Add Croatian translation.
* Add Serbian translation.
Overview of changes leading to 0.9.15
Thursday, April 05, 2013
=====================================
- Build fixes.
- Fix crasher in graphite2 shaper.
- Fix Arabic mark width zeroing regression.
- Don't compose Hangul jamo into Unicode syllables.
Overview of changes leading to 0.9.14
Thursday, March 21, 2013
=====================================
- Build fixes.
- Fix time-consuming sanitize with malicious fonts.
- Implement hb_buffer_deserialize_glyphs() for both json and text.
- Do not ignore Hangul filler characters.
- Indic fixes:
* Fix Malayalam pre-base reordering interaction with post-forms.
* Further adjust ZWJ handling. Should fix known regressions from
0.9.13.
0.6.36
------
* Pull Request #35: In `Buildout issue 64
<https://github.com/buildout/buildout/issues/64>`_, it was reported that
under Python 3, installation of distutils scripts could attempt to copy
the ``__pycache__`` directory as a file, causing an error, apparently only
under Windows. Easy_install now skips all directories when processing
metadata scripts.
Version 1.6.0
- Re-org of code into multiple files, split HTML and Unix listdir() into
separate functions, various code cleanups and optimizations.
- Fixed a memory leak in listdir() when memory was allocated early and not
freed before function exit.
- Fixed possible buffer overflow where symbolic links are followed.
- Fixed links printing "argetm" before the name of the link when the LINK
setting for DIR_COLORS is set to target (Markus Schnalke
<meillo@marmaro.de>)
- More fully support dir colors -- added support for su, sg, tw, ow, & st
options (and "do" in theory).
- Use the environment variable "TREE_COLORS" instead of "LS_COLORS" for
color information if it exists.
- Added --si flag to print filesizes in SI (powers of 1000) units (Ulrich
Eckhardt)
- Added -Q to quote filenames in double quotes. Does not override -N or -q.
- Control characters are no longer printed in carrot notation, but as
backslashed octal, ala ls, except for codes 7-13 which are printed as
\a, \b, \t, \n, \v, \f and \r respectively. Spaces and backslashes are
also now backslashed as per ls, for better input to scripts unless -Q
is in use (where "'s are backslashed.) (Ujjwal Kumar)
- Added -U for unsorted listings (directory order).
- Added -c for sorting by last status change (ala ls -c).
- --dirsfirst is now a meta-sort and does not override -c, -v, -r or -t, but
is disabled by -U.
- After many requests, added the ability to process the entire tree before
emitting output. Used for the new options --du, which works like the du
command: sums the amount of space under each directory and prints a total
amount used in the report and the --prune option which will prune all empty
directories from the output (makes the -P option output much more readable.)
It should be noted that this will be slow to output when processing large
directory trees and can consume copious amounts of memory, use at your own
peril.
- Added -X option to emit the directory tree in XML format (turns colorization
off always.)
- Added --timefmt option to specify the format of time display (implies -D).
Uses the strftime format.
Version 1.5.3
- Properly quote directories for the system command when tree is relaunched
using the -R option.
- Fixed possible indentation problem if dirs[*] is not properly zeroed
(Martin Nagy).
- Use strcoll() instead of strcmp() to sort files based on locale if set.
- Change "const static" to "static const" to remove some compiler warnings
for Solaris (Kamaraju Kusumanchi).
- Actually use TREE_CHARSET if it's defined.
- Automatically select UTF-8 charset if TREE_CHARSET is not set, and the
locale is set to *UTF-8 (overridden with --charset option.)
Version 1.5.2.2
- Set locale before checking MB_CUR_MAX.
- Added HP-NonStop platform support (Craig McDaniel <craigmcd@gmail.com>)
- Fixed to support 32 bit UID/GIDs.
- Added Solaris build options to Makefile (edit and uncomment to use).
Provided by Wang Quanhong
Version 1.5.2.1
- Added strverscmp.c file for os's without strverscmp. Source file is
attributed to: Jean-Franois Bignolles <bignolle@ecoledoc.ibp.fr>
- Try different approach to MB_CUR_MAX problem.
- Changed the argument to printit() to be signed char to avoid warnings.
Version 1.5.2
- Added --filelimit X option to not descend directories that have more than
X number of files in them.
- Added -v option for version sorting (also called natural sorting) ala ls.
Version 1.5.1.2
- Fixed compile issues related to MB_CUR_MAX on non-linux machines.
- Removed unecessary features.h
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A possible buffer overflow during H.264 format negotiation. The format
attribute resource for H.264 video performs an unsafe read against a media
attribute when parsing the SDP.
This vulnerability only affected Asterisk 11.
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
Changelog:
FIXED
Security fixes can be found here
FIXED
Adjusting font size when composing emails should be easier (Bug 824926)
Fixed in Thunderbird 17.0.5
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
