MozillaFirefox/MozillaFirefox.changes
author Wolfgang Rosenauer <wr@rosenauer.org>
Tue, 13 Mar 2018 20:14:45 +0100
changeset 1037 d61b64679bb4
parent 1036 4babd1755310
child 1039 b8f1c62354df
permissions -rw-r--r--
59.0 final
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
893
86f72f1e98a4 prepare Gtk3 based builds on a feature branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 892
diff changeset
     1
-------------------------------------------------------------------
1037
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
     2
Sun Mar 11 22:12:12 UTC 2018 - wr@rosenauer.org
1036
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1035
diff changeset
     3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1035
diff changeset
     4
- update to Firefox 59.0
1037
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
     5
  * Performance enhancements
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
     6
  * Drag-and-drop to rearrange Top Sites on the Firefox Home page
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
     7
  * added features for Firefox Screenshots
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
     8
  * Enhanced WebExtensions API
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
     9
  * Improved RTC capabilities
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    10
  MFSA 2018-06 (bsc#1085130)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    11
  * CVE-2018-5127 (bmo#1430557)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    12
    Buffer overflow manipulating SVG animatedPathSegList
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    13
  * CVE-2018-5128 (bmo#1431336)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    14
    Use-after-free manipulating editor selection ranges
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    15
  * CVE-2018-5129 (bmo#1428947)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    16
    Out-of-bounds write with malformed IPC messages
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    17
  * CVE-2018-5130 (bmo#1433005)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    18
    Mismatched RTP payload type can trigger memory corruption
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    19
  * CVE-2018-5131 (bmo#1440775)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    20
    Fetch API improperly returns cached copies of no-store/no-cache resources
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    21
  * CVE-2018-5132 (bmo#1408194)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    22
    WebExtension Find API can search privileged pages
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    23
  * CVE-2018-5133 (bmo#1430511, bmo#1430974)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    24
    Value of the app.support.baseURL preference is not properly sanitized
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    25
  * CVE-2018-5134 (bmo#1429379)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    26
    WebExtensions may use view-source: URLs to bypass content restrictions
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    27
  * CVE-2018-5135 (bmo#1431371)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    28
    WebExtension browserAction can inject scripts into unintended contexts
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    29
  * CVE-2018-5136 (bmo#1419166)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    30
    Same-origin policy violation with data: URL shared workers
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    31
  * CVE-2018-5137 (bmo#1432870)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    32
    Script content can access legacy extension non-contentaccessible resources
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    33
  * CVE-2018-5138 (bmo#1432624) (Android only)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    34
    Android Custom Tab address spoofing through long domain names
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    35
  * CVE-2018-5140 (bmo#1424261)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    36
    Moz-icon images accessible to web content through moz-icon: protocol
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    37
  * CVE-2018-5141 (bmo#1429093)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    38
    DOS attack through notifications Push API
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    39
  * CVE-2018-5142 (bmo#1366357)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    40
    Media Capture and Streams API permissions display incorrect origin
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    41
    with data: and blob: URLs
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    42
  * CVE-2018-5143 (bmo#1422643)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    43
    Self-XSS pasting javascript: URL with embedded tab into addressbar
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    44
  * CVE-2018-5126
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    45
    Memory safety bugs fixed in Firefox 59
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    46
  * CVE-2018-5125
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    47
    Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
1031
4b419fce88dc merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1030
diff changeset
    48
- requires NSPR 4.18 and NSS 3.35
4b419fce88dc merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1030
diff changeset
    49
- requires rust >= 1.22.1
1032
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
    50
- removed obsolete patches:
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
    51
  mozilla-alsa-sandbox.patch
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
    52
  mozilla-enable-csd.patch
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
    53
  firefox-no-default-ualocale.patch
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
    54
- removed l10n_changesets.txt since same information is now in
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
    55
  Firefox source tree (updated create-tar.sh now requires jq)
1031
4b419fce88dc merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1030
diff changeset
    56
4b419fce88dc merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1030
diff changeset
    57
-------------------------------------------------------------------
1030
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
    58
Fri Feb  9 12:06:31 UTC 2018 - wr@rosenauer.org
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
    59
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
    60
- correct requires and provides handling (boo#1076907)
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
    61
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
    62
-------------------------------------------------------------------
1029
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
    63
Tue Feb  6 07:03:42 UTC 2018 - fstrba@suse.com
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
    64
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
    65
- Added patch:
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
    66
  * mozilla-alsa-sandbox.patch: Fix bmo#1430274, ALSA sound (still
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
    67
    or again?) not working in Firefox 58 due to sandboxing.
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
    68
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
    69
-------------------------------------------------------------------
1028
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1027
diff changeset
    70
Mon Jan 29 22:32:21 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1027
diff changeset
    71
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1027
diff changeset
    72
- update to Firefox 58.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1027
diff changeset
    73
  MFSA 2018-05
1037
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
    74
  * Arbitrary code execution through unsanitized browser UI (bmo#1432966)
1029
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
    75
- use correct language packs
1027
7071f6ebfda6 CSD functionality
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1026
diff changeset
    76
- readd mozilla-enable-csd.patch as it only lands for FF59 upstream
7071f6ebfda6 CSD functionality
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1026
diff changeset
    77
- allow larger number of nested elements (mozilla-bmo256180.patch)
7071f6ebfda6 CSD functionality
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1026
diff changeset
    78
7071f6ebfda6 CSD functionality
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1026
diff changeset
    79
-------------------------------------------------------------------
1026
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    80
Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    81
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    82
- update to Firefox 58.0 (bsc#1077291)
1023
fce335a42db7 new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1020
diff changeset
    83
  * Added Nepali (ne-NP) locale
fce335a42db7 new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1020
diff changeset
    84
  * Added support for form autofill for credit card
fce335a42db7 new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1020
diff changeset
    85
  * Optimize page load by caching JavaScript internal representation
1026
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    86
  MFSA 2018-02
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    87
  * CVE-2018-5091 (bmo#1423086)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    88
    Use-after-free with DTMF timers
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    89
  * CVE-2018-5092 (bmo#1418074)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    90
    Use-after-free in Web Workers
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    91
  * CVE-2018-5093 (bmo#1415291)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    92
    Buffer overflow in WebAssembly during Memory/Table resizing
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    93
  * CVE-2018-5094 (bmo#1415883)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    94
    Buffer overflow in WebAssembly with garbage collection on
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    95
    uninitialized memory
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    96
  * CVE-2018-5095 (bmo#1418447)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    97
    Integer overflow in Skia library during edge builder allocation
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    98
  * CVE-2018-5097 (bmo#1387427)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
    99
    Use-after-free when source document is manipulated during XSLT
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   100
  * CVE-2018-5098 (bmo#1399400)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   101
    Use-after-free while manipulating form input elements
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   102
  * CVE-2018-5099 (bmo#1416878)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   103
    Use-after-free with widget listener
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   104
  * CVE-2018-5100 (bmo#1417405)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   105
    Use-after-free when IsPotentiallyScrollable arguments are freed
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   106
    from memory
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   107
  * CVE-2018-5101 (bmo#1417661)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   108
    Use-after-free with floating first-letter style elements
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   109
  * CVE-2018-5102 (bmo#1419363)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   110
    Use-after-free in HTML media elements
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   111
  * CVE-2018-5103 (bmo#1423159)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   112
    Use-after-free during mouse event handling
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   113
  * CVE-2018-5104 (bmo#1425000)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   114
    Use-after-free during font face manipulation
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   115
  * CVE-2018-5105 (bmo#1390882)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   116
    WebExtensions can save and execute files on local file system
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   117
    without user prompts
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   118
  * CVE-2018-5106 (bmo#1408708)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   119
    Developer Tools can expose style editor information cross-origin
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   120
    through service worker
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   121
  * CVE-2018-5107 (bmo#1379276)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   122
    Printing process will follow symlinks for local file access
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   123
  * CVE-2018-5108 (bmo#1421099)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   124
    Manually entered blob URL can be accessed by subsequent private browsing tabs
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   125
  * CVE-2018-5109 (bmo#1405599)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   126
    Audio capture prompts and starts with incorrect origin attribution
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   127
  * CVE-2018-5110 (bmo#1423275) (affects only OS X)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   128
    Cursor can be made invisible on OS X
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   129
  * CVE-2018-5111 (bmo#1321619)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   130
    URL spoofing in addressbar through drag and drop
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   131
  * CVE-2018-5112 (bmo#1425224)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   132
    Extension development tools panel can open a non-relative URL in the panel
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   133
  * CVE-2018-5113 (bmo#1425267)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   134
    WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   135
  * CVE-2018-5114 (bmo#1421324)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   136
    The old value of a cookie changed to HttpOnly remains accessible to scripts
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   137
  * CVE-2018-5115 (bmo#1409449)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   138
    Background network requests can open HTTP authentication in unrelated foreground tabs
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   139
  * CVE-2018-5116 (bmo#1396399)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   140
    WebExtension ActiveTab permission allows cross-origin frame content access
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   141
  * CVE-2018-5117 (bmo#1395508)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   142
    URL spoofing with right-to-left text aligned left-to-right
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   143
  * CVE-2018-5118 (bmo#1420049)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   144
    Activity Stream images can attempt to load local content through file:
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   145
  * CVE-2018-5119 (bmo#1420507)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   146
    Reader view will load cross-origin content in violation of CORS headers
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   147
  * CVE-2018-5121 (bmo#1402368) (affects only OS X)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   148
    OS X Tibetan characters render incompletely in the addressbar
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   149
  * CVE-2018-5122 (bmo#1413841)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   150
    Potential integer overflow in DoCrypt
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   151
  * CVE-2018-5090
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   152
    Memory safety bugs fixed in Firefox 58
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   153
  * CVE-2018-5089
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   154
    Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
1019
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   155
- requires NSS 3.34.1
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   156
- requires rust 1.21
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   157
- removed obsolete patches:
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   158
  mozilla-bindgen-systemlibs.patch
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   159
  mozilla-bmo1360278.patch
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   160
  mozilla-bmo1399611-csd.patch
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   161
  mozilla-rust-1.23.patch
1020
d2c159cb9bf2 rebased patches; updated spec file
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1019
diff changeset
   162
- rebased patches
1023
fce335a42db7 new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1020
diff changeset
   163
- updated man-page
1019
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   164
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   165
-------------------------------------------------------------------
1017
8ccb9c3cbe47 build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1016
diff changeset
   166
Tue Jan  9 18:48:02 UTC 2018 - wr@rosenauer.org
8ccb9c3cbe47 build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1016
diff changeset
   167
8ccb9c3cbe47 build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1016
diff changeset
   168
- fixed build with latest rust (mozilla-rust-1.23.patch)
8ccb9c3cbe47 build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1016
diff changeset
   169
8ccb9c3cbe47 build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1016
diff changeset
   170
-------------------------------------------------------------------
1016
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   171
Thu Jan  4 12:23:41 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   172
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   173
- update to Firefox 57.0.4
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   174
  MFSA 2018-1: Speculative execution side-channel attack ("Spectre")
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   175
  (boo#1074723)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   176
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   177
-------------------------------------------------------------------
1015
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   178
Wed Jan  3 08:29:38 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   179
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   180
- fixed regression introduced Oct 10th which made Firefox crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   181
  when cancelling the KDE file dialog (boo#1069962)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   182
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   183
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   184
Fri Dec 29 19:52:34 UTC 2017 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   185
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   186
- Mozilla Firefox 57.0.3:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   187
  * Fix a crash reporting issue that inadvertently sends background
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   188
    tab crash reports to Mozilla without user opt-in (bmo#1427111,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   189
    bsc#1074235)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   190
- Includes changes from 57.0.2:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   191
  * fixes for platforms other than GNU/Linux
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   192
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   193
-------------------------------------------------------------------
1012
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   194
Fri Dec  8 15:52:17 UTC 2017 - dimstar@opensuse.org
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   195
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   196
- Explicitly buildrequires python2-xml: The build system relies on
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   197
  it. We wrongly relied on other packages pulling it in for us.
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   198
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   199
-------------------------------------------------------------------
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   200
Thu Dec  7 11:12:31 UTC 2017 - dimstar@opensuse.org
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   201
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   202
- Escape the usage of %{VERSION} when calling out to rpm.
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   203
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   204
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   205
-------------------------------------------------------------------
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   206
Wed Nov 29 23:45:03 UTC 2017 - wr@rosenauer.org
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   207
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   208
- update to Firefox 57.0.1
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   209
  * CVE-2017-7843: Web worker in Private Browsing mode can write
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   210
    IndexedDB data (bsc#1072034, bmo#1410106)
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   211
  * CVE-2017-7844: Visited history information leak through SVG
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   212
    image (bsc#1072036, bmo#1420001)
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   213
  * Fix a video color distortion issue on YouTube and other video
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   214
    sites with some AMD devices (bmo#1417442)
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   215
  * Fix an issue with prefs.js when the profile path has non-ascii
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   216
    characters (bmo#1420427)
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   217
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   218
-------------------------------------------------------------------
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   219
Tue Nov 21 09:00:48 UTC 2017 - christophe@krop.fr
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   220
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   221
- Add mozilla-bmo1360278.patch
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   222
  Starting with Firefox 57, the context menu appears on key press.
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   223
  This patch creates a config entry to restore the
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   224
  old behaviour. Without the patch, the mouse gesture extensions
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   225
  require 2 clicks to work (bmo#1360278).
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   226
  The new config entry is named ui.context_menus.after_mouseup
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   227
  (default : false).
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   228
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   229
-------------------------------------------------------------------
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   230
Sat Nov 18 08:35:21 UTC 2017 - wr@rosenauer.org
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   231
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   232
- Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   233
  widget.allow-client-side-decoration=true
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   234
  (mozilla-bmo1399611-csd.patch)
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   235
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   236
-------------------------------------------------------------------
1011
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   237
Wed Nov 15 06:46:06 UTC 2017 - wr@rosenauer.org
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   238
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   239
- update to Firefox 57.0 (boo#1068101)
1008
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   240
  * Firefox Quantum
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   241
  * Photon UI
1011
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   242
  * Unified address and search bar
1008
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   243
  * AMD VP9 hardware video decoder support
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   244
  * Added support for Date/Time input
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   245
  * stricter security sandbox blocking filesystem reading and
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   246
    writing on Linux systems
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   247
  * middle mouse paste in the content area no longer navigates to
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   248
    URLs by default on Unix systems
1011
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   249
  MFSA 2017-24
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   250
  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   251
    Use-after-free of PressShell while restyling layout
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   252
  * CVE-2017-7830 (bmo#1408990)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   253
    Cross-origin URL information leak through Resource Timing API
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   254
  * CVE-2017-7831 (bmo#1392026)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   255
    Information disclosure of exposed properties on JavaScript proxy
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   256
    objects
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   257
  * CVE-2017-7832 (bmo#1408782)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   258
    Domain spoofing through use of dotless 'i' character followed
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   259
    by accent markers
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   260
  * CVE-2017-7833 (bmo#1370497)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   261
    Domain spoofing with Arabic and Indic vowel marker characters
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   262
  * CVE-2017-7834 (bmo#1358009)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   263
    data: URLs opened in new tabs bypass CSP protections
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   264
  * CVE-2017-7835 (bmo#1402363)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   265
    Mixed content blocking incorrectly applies with redirects
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   266
  * CVE-2017-7836 (bmo#1401339)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   267
    Pingsender dynamically loads libcurl on Linux and OS X
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   268
  * CVE-2017-7837 (bmo#1325923)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   269
    SVG loaded as <img> can use meta tags to set cookies
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   270
  * CVE-2017-7838 (bmo#1399540)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   271
    Failure of individual decoding of labels in international domain
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   272
    names triggers punycode display of entire IDN
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   273
  * CVE-2017-7839 (bmo#1402896)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   274
    Control characters before javascript: URLs defeats self-XSS
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   275
    prevention mechanism
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   276
  * CVE-2017-7840 (bmo#1366420)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   277
    Exported bookmarks do not strip script elements from user-supplied
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   278
    tags
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   279
  * CVE-2017-7842 (bmo#1397064)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   280
    Referrer Policy is not always respected for <link> elements
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   281
  * CVE-2017-7827
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   282
    Memory safety bugs fixed in Firefox 57
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   283
  * CVE-2017-7826
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   284
    Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
1004
f98f2fd265af update version requirements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1001
diff changeset
   285
- requires NSPR 4.17, NSS 3.33 and rustc 1.19
1005
6d716caa6abe 57.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1004
diff changeset
   286
- rebased patches
1008
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   287
- added mozilla-bindgen-systemlibs.patch to allow stylo build
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   288
  with system libs (bmo#1341234)
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   289
- removed mozilla-language.patch since the whole locale code
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   290
  changed in Firefox and is relying on ICU now
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   291
- removed obsolete mozilla-ucontext.patch
1004
f98f2fd265af update version requirements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1001
diff changeset
   292
f98f2fd265af update version requirements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1001
diff changeset
   293
-------------------------------------------------------------------
1001
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   294
Sat Oct 28 06:30:37 UTC 2017 - wr@rosenauer.org
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   295
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   296
- update to Firefox 56.0.2
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   297
  * Disable Form Autofill completely on user request (bmo#1404531)
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   298
  * Fix for video-related crashes on Windows 7 (bmo#1409141)
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   299
  * Correct detection for 64-bit GSSAPI authentication (bmo#1409275)
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   300
  * Fix for shutdown crash (bmo#1404105)
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   301
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   302
-------------------------------------------------------------------
1000
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   303
Tue Oct 10 11:47:49 UTC 2017 - wr@rosenauer.org
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   304
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   305
- update to Firefox 56.0.1
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   306
  * Block D3D11 when using Intel drivers on Windows 7 systems with
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   307
    partial AVX support (bmo#1403353)
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   308
  -> just to sync the version number
998
6c6109948e35 enable stylo (Quantum CSS) for TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 997
diff changeset
   309
- enable stylo for TW (requires LLVM >= 3.9)
1000
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   310
- queue KDE filepicker requests to avoid non-opening file dialogs
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   311
  happening in certain situations (contributed by Ignaz Forster)
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   312
- the placeholder dot in KDE file dialog in case of empty filenames
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   313
  was removed, apparently not required (anymore)
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   314
  (contributed by Ignaz Forster)
998
6c6109948e35 enable stylo (Quantum CSS) for TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 997
diff changeset
   315
6c6109948e35 enable stylo (Quantum CSS) for TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 997
diff changeset
   316
-------------------------------------------------------------------
997
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   317
Sun Oct  1 18:25:16 UTC 2017 - stefan.bruens@rwth-aachen.de
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   318
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   319
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   320
  script was not detecting aarch64 as a 64 bit architecture, thus
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   321
  used /usr/lib/browser-plugins/.
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   322
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   323
-------------------------------------------------------------------
996
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   324
Sat Sep 30 20:10:50 UTC 2017 - zaitor@opensuse.org
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   325
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   326
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   327
  pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   328
  pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   329
  pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   330
  looks for.
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   331
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   332
-------------------------------------------------------------------
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   333
Thu Sep 28 08:28:29 UTC 2017 - wr@rosenauer.org
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   334
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   335
- update to Firefox 56.0 (boo#1060445)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   336
  * Firefox Screenshots
994
9fc447b00040 Firefox 56.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 992
diff changeset
   337
  * Find Options/Preferences more quickly with new search function
9fc447b00040 Firefox 56.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 992
diff changeset
   338
  * Media is no longer auto-played when opened in a background tab
9fc447b00040 Firefox 56.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 992
diff changeset
   339
  * Enable CSS Grid Layout View
996
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   340
  MFSA 2017-21
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   341
  * CVE-2017-7793 (bmo#1371889)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   342
    Use-after-free with Fetch API
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   343
  * CVE-2017-7817 (bmo#1356596) (Android-only)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   344
    Firefox for Android address bar spoofing through fullscreen mode
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   345
  * CVE-2017-7818 (bmo#1363723)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   346
    Use-after-free during ARIA array manipulation
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   347
  * CVE-2017-7819 (bmo#1380292)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   348
    Use-after-free while resizing images in design mode
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   349
  * CVE-2017-7824 (bmo#1398381)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   350
    Buffer overflow when drawing and validating elements with ANGLE
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   351
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   352
    Use-after-free in TLS 1.2 generating handshake hashes
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   353
  * CVE-2017-7812 (bmo#1379842)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   354
    Drag and drop of malicious page content to the tab bar can open locally stored files
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   355
  * CVE-2017-7814 (bmo#1376036)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   356
    Blob and data URLs bypass phishing and malware protection warnings
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   357
  * CVE-2017-7813 (bmo#1383951)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   358
    Integer truncation in the JavaScript parser
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   359
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   360
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   361
  * CVE-2017-7815 (bmo#1368981)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   362
    Spoofing attack with modal dialogs on non-e10s installations
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   363
  * CVE-2017-7816 (bmo#1380597)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   364
    WebExtensions can load about: URLs in extension UI
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   365
  * CVE-2017-7821 (bmo#1346515)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   366
    WebExtensions can download and open non-executable files without user interaction
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   367
  * CVE-2017-7823 (bmo#1396320)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   368
    CSP sandbox directive did not create a unique origin
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   369
  * CVE-2017-7822 (bmo#1368859)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   370
    WebCrypto allows AES-GCM with 0-length IV
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   371
  * CVE-2017-7820 (bmo#1378207)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   372
    Xray wrapper bypass with new tab and web console
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   373
  * CVE-2017-7811
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   374
    Memory safety bugs fixed in Firefox 56
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   375
  * CVE-2017-7810
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   376
    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
994
9fc447b00040 Firefox 56.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 992
diff changeset
   377
- requires NSPR 4.16 and NSS 3.32.1
996
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   378
- rebased patches
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   379
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   380
-------------------------------------------------------------------
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   381
Thu Sep 28 07:53:13 UTC 2017 - dimstar@opensuse.org
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   382
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   383
- Add alsa-devel BuildRequires: we care for ALSA support to be
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   384
  built and thus need to ensure we get the dependencies in place.
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   385
  In the past, alsa-devel was pulled in by accident: we
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   386
  buildrequire libgnome-devel. This required esound-devel and that
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   387
  in turn pulled in alsa-devel for us. libgnome is being fixed to
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   388
  no longer require esound-devel.
994
9fc447b00040 Firefox 56.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 992
diff changeset
   389
9fc447b00040 Firefox 56.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 992
diff changeset
   390
-------------------------------------------------------------------
992
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   391
Mon Sep  4 18:27:44 UTC 2017 - wr@rosenauer.org
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   392
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   393
- update to Firefox 55.0.3
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   394
  * Fix an issue with addons when using a path containing non-ascii
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   395
    characters (bmo#1389160)
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   396
  * Fix file uploads to some websites, including YouTube (bmo#1383518)
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   397
- fix Google API key build integration
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   398
- add mozilla-ucontext.patch to fix Tumbleweed build
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   399
- do not enable XINPUT2 for now (boo#1053959)
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   400
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   401
-------------------------------------------------------------------
991
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   402
Fri Aug 11 08:32:30 UTC 2017 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   403
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   404
- update to Firefox 55.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   405
  * Fix a regression the tab restoration process (bmo#1388160)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   406
  * Fix a problem causing What's new pages not to be displayed (bmo#1386224)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   407
  * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   408
  * Disable the predictor prefetch (bmo#1388160)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   409
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   410
-------------------------------------------------------------------
985
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   411
Sat Aug  5 13:22:16 UTC 2017 - wr@rosenauer.org
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   412
991
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   413
- update to Firefox 55.0 (boo#1052829)
985
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   414
  * Browsing sessions with a high number of tabs are now restored
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   415
    in an instant
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   416
  * Sidebar (bookmarks, history, synced tabs) can now be moved to
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   417
    the right edge of the window
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   418
  * Fine-tune your browser performance from the Preferences/Options page.
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   419
  * Make screenshots of webpages, and save them locally or upload
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   420
    them to the cloud. This feature will undergo A/B testing and
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   421
    will not be visible for some users.
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   422
  * Added Belarusian (be) locale
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   423
  * Simplify print jobs from within print preview
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   424
  * Use virtual reality devices with the web with the introduction
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   425
    of WebVR
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   426
  * Search suggestions are now enabled by default for users who
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   427
    haven't explicitly opted-out
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   428
  * Search with any installed search engine directly from the
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   429
    location bar
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   430
  * IMPORTANT: Breaking profile changes - do not downgrade Firefox
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   431
    and use a profile that has been opened with Firefox 55+.
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   432
  * The Adobe Flash plugin is now click-to-activate by default and
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   433
    only allowed on http:// and https:// URL schemes. This change
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   434
    will be rolled out progressively and so will not be visible to
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   435
    all users immediately. For more information see the Firefox
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   436
    plugin roadmap
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   437
  * Modernized application update UI to be less intrusive and more
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   438
    aligned with the rest of the browser. Only users who have not
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   439
    restarted their browser 8 days after downloading an update or
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   440
    users who opted out of automatic updates will see this change.
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   441
  * Insecure sites can no longer access the Geolocation APIs to get
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   442
    access to your physical location
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   443
  * requires NSPR 4.15 and NSS 3.31
991
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   444
  MFSA 2017-18
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   445
  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   446
    XUL injection in the style editor in devtools
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   447
  * CVE-2017-7800 (bmo#1374047)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   448
    Use-after-free in WebSockets during disconnection
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   449
  * CVE-2017-7801 (bmo#1371259)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   450
    Use-after-free with marquee during window resizing
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   451
  * CVE-2017-7809 (bmo#1380284)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   452
    Use-after-free while deleting attached editor DOM node
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   453
  * CVE-2017-7784 (bmo#1376087)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   454
    Use-after-free with image observers
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   455
  * CVE-2017-7802 (bmo#1378147)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   456
    Use-after-free resizing image elements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   457
  * CVE-2017-7785 (bmo#1356985)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   458
    Buffer overflow manipulating ARIA attributes in DOM
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   459
  * CVE-2017-7786 (bmo#1365189)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   460
    Buffer overflow while painting non-displayable SVG
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   461
  * CVE-2017-7806 (bmo#1378113)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   462
    Use-after-free in layer manager with SVG
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   463
  * CVE-2017-7753 (bmo#1353312)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   464
    Out-of-bounds read with cached style data and pseudo-elements#
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   465
  * CVE-2017-7787 (bmo#1322896)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   466
    Same-origin policy bypass with iframes through page reloads
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   467
  * CVE-2017-7807 (bmo#1376459)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   468
    Domain hijacking through AppCache fallback
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   469
  * CVE-2017-7792 (bmo#1368652)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   470
    Buffer overflow viewing certificates with an extremely long OID
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   471
  * CVE-2017-7804 (bmo#1372849)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   472
    Memory protection bypass through WindowsDllDetourPatcher
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   473
  * CVE-2017-7791 (bmo#1365875)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   474
    Spoofing following page navigation with data: protocol and modal alerts
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   475
  * CVE-2017-7808 (bmo#1367531)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   476
    CSP information leak with frame-ancestors containing paths
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   477
  * CVE-2017-7782 (bmo#1344034)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   478
    WindowsDllDetourPatcher allocates memory without DEP protections
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   479
  * CVE-2017-7781 (bmo#1352039)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   480
    Elliptic curve point addition error when using mixed Jacobian-affine coordinates
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   481
  * CVE-2017-7794 (bmo#1374281)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   482
    Linux file truncation via sandbox broker
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   483
  * CVE-2017-7803 (bmo#1377426)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   484
    CSP containing 'sandbox' improperly applied
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   485
  * CVE-2017-7799 (bmo#1372509)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   486
    Self-XSS XUL injection in about:webrtc
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   487
  * CVE-2017-7783 (bmo#1360842)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   488
    DOS attack through long username in URL
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   489
  * CVE-2017-7788 (bmo#1073952)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   490
    Sandboxed about:srcdoc iframes do not inherit CSP directives
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   491
  * CVE-2017-7789 (bmo#1074642)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   492
    Failure to enable HSTS when two STS headers are sent for a connection
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   493
  * CVE-2017-7790 (bmo#1350460) (Windows-only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   494
    Windows crash reporter reads extra memory for some non-null-terminated registry values
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   495
  * CVE-2017-7796 (bmo#1234401) (Windows-only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   496
    Windows updater can delete any file named update.log
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   497
  * CVE-2017-7797 (bmo#1334776)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   498
    Response header name interning leaks across origins
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   499
  * CVE-2017-7780
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   500
    Memory safety bugs fixed in Firefox 55
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   501
  * CVE-2017-7779
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   502
    Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
985
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   503
- updated mozilla-kde.patch:
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   504
  * removed "downloadfinished" alert as Firefox reimplemented the
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   505
    whole thing (TODO: check if there is another function we should
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   506
    hook in)
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   507
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   508
-------------------------------------------------------------------
983
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   509
Tue Jul  4 20:08:47 UTC 2017 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   510
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   511
- update to Firefox 54.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   512
  * Fix a display issue of tab title (bmo#1357656)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   513
  * Fix a display issue of opening new tab (bmo#1371995)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   514
  * Fix a display issue when opening multiple tabs (bmo#1371962)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   515
  * Fix a tab display issue when downloading files (bmo#1373109)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   516
  * Fix a PDF printing issue (bmo#1366744)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   517
  * Fix a Netflix issue on Linux (bmo#1375708)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   518
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   519
-------------------------------------------------------------------
982
53443ffb496a Firefox 54.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 981
diff changeset
   520
Thu Jun 15 13:56:05 UTC 2017 - wr@rosenauer.org
53443ffb496a Firefox 54.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 981
diff changeset
   521
53443ffb496a Firefox 54.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 981
diff changeset
   522
- update to Firefox 54.0
981
593707d5c013 added changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 979
diff changeset
   523
  * Clearer and more detailed information for download items in the
593707d5c013 added changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 979
diff changeset
   524
    download panel
593707d5c013 added changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 979
diff changeset
   525
  * Added Burmese (my) locale
593707d5c013 added changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 979
diff changeset
   526
  * Bookmarks created on mobile devices are now shown in
593707d5c013 added changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 979
diff changeset
   527
    "Mobile Bookmarks” folder in the drop down list from the toolbar
593707d5c013 added changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 979
diff changeset
   528
    and Bookmarks option in the menu bar in Desktop Firefox
982
53443ffb496a Firefox 54.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 981
diff changeset
   529
  * added support for multiple content processes (e10s-multi)
979
f82a374a310d Firefox 54.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 977
diff changeset
   530
- requires NSPR 4.14 and NSS 3.30.2
f82a374a310d Firefox 54.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 977
diff changeset
   531
- requires rust 1.15.1
f82a374a310d Firefox 54.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 977
diff changeset
   532
- removed mozilla-shared-nss-db.patch as it seems to be a rather
f82a374a310d Firefox 54.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 977
diff changeset
   533
  unused feature
f82a374a310d Firefox 54.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 977
diff changeset
   534
f82a374a310d Firefox 54.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 977
diff changeset
   535
-------------------------------------------------------------------
977
224d8137f02c remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 967
diff changeset
   536
Thu Jun  1 04:25:05 UTC 2017 - kah0922@gmail.com
224d8137f02c remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 967
diff changeset
   537
224d8137f02c remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 967
diff changeset
   538
- remove -fno-inline-small-functions and explicitely optimize with
224d8137f02c remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 967
diff changeset
   539
  -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)
224d8137f02c remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 967
diff changeset
   540
224d8137f02c remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 967
diff changeset
   541
-------------------------------------------------------------------
967
188c3f40f0da recent changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 964
diff changeset
   542
Wed Apr 26 12:37:38 UTC 2017 - wr@rosenauer.org
964
218a4e337cfe use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 962
diff changeset
   543
218a4e337cfe use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 962
diff changeset
   544
- switch to Mozilla's geolocation service (boo#1026989)
218a4e337cfe use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 962
diff changeset
   545
- removed mozilla-preferences.patch obsoleted by overriding via
218a4e337cfe use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 962
diff changeset
   546
  firefox.js
967
188c3f40f0da recent changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 964
diff changeset
   547
- fixed KDE integration to avoid crash caused by filepicker
188c3f40f0da recent changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 964
diff changeset
   548
  (boo#1015998)
964
218a4e337cfe use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 962
diff changeset
   549
218a4e337cfe use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 962
diff changeset
   550
-------------------------------------------------------------------
960
42e50afb9638 Firefox 53.0 (build6)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 959
diff changeset
   551
Mon Apr 17 12:52:10 UTC 2017 - wr@rosenauer.org
42e50afb9638 Firefox 53.0 (build6)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 959
diff changeset
   552
42e50afb9638 Firefox 53.0 (build6)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 959
diff changeset
   553
- update to Firefox 53.0
956
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   554
  * requires NSS 3.29.5
951
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   555
  * Lightweight themes are now applied in private browsing windows
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   556
  * Reader Mode now displays estimated reading time for the page
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   557
  * Two new 'compact' themes available in Firefox, dark and light,
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   558
    based on the Firefox Developer Edition theme
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   559
  * Ended Firefox Linux support for processors older than Pentium 4
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   560
    and AMD Opteron
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   561
  * Refresh of the media controls user interface
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   562
  * Shortened titles on tabs are faded out instead of using ellipsis
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   563
    for improved readability
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   564
  * Media playback on new tabs is blocked until the tab is visible
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   565
  * Permission notifications have a cleaner design and cannot be
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   566
    easily missed
962
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   567
  MFSA 2017-10
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   568
  * CVE-2017-5456 (bmo#1344415)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   569
    Sandbox escape allowing local file system access
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   570
  * CVE-2017-5442 (bmo#1347979)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   571
    Use-after-free during style changes
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   572
  * CVE-2017-5443 (bmo#1342661)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   573
    Out-of-bounds write during BinHex decoding
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   574
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   575
     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   576
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   577
    Firefox ESR 52.1
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   578
  * CVE-2017-5464 (bmo#1347075)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   579
    Memory corruption with accessibility and DOM manipulation
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   580
  * CVE-2017-5465 (bmo#1347617)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   581
    Out-of-bounds read in ConvolvePixel
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   582
  * CVE-2017-5466 (bmo#1353975)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   583
    Origin confusion when reloading isolated data:text/html URL
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   584
  * CVE-2017-5467 (bmo#1347262)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   585
    Memory corruption when drawing Skia content
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   586
  * CVE-2017-5460 (bmo#1343642)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   587
    Use-after-free in frame selection
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   588
  * CVE-2017-5461 (bmo#1344380)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   589
    Out-of-bounds write in Base64 encoding in NSS
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   590
  * CVE-2017-5448 (bmo#1346648)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   591
    Out-of-bounds write in ClearKeyDecryptor
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   592
  * CVE-2017-5449 (bmo#1340127)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   593
    Crash during bidirectional unicode manipulation with animation
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   594
  * CVE-2017-5446 (bmo#1343505)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   595
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   596
  * CVE-2017-5447 (bmo#1343552)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   597
    Out-of-bounds read during glyph processing
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   598
  * CVE-2017-5444 (bmo#1344461)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   599
    Buffer overflow while parsing application/http-index-format content
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   600
  * CVE-2017-5445 (bmo#1344467)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   601
    Uninitialized values used while parsing application/http-index-format
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   602
    content
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   603
  * CVE-2017-5468 (bmo#1329521)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   604
    Incorrect ownership model for Private Browsing information
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   605
  * CVE-2017-5469 (bmo#1292534)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   606
    Potential Buffer overflow in flex-generated code
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   607
  * CVE-2017-5440 (bmo#1336832)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   608
    Use-after-free in txExecutionState destructor during XSLT processing
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   609
  * CVE-2017-5441 (bmo#1343795)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   610
    Use-after-free with selection during scroll events
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   611
  * CVE-2017-5439 (bmo#1336830)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   612
    Use-after-free in nsTArray Length() during XSLT processing
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   613
  * CVE-2017-5438 (bmo#1336828)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   614
    Use-after-free in nsAutoPtr during XSLT processing
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   615
  * CVE-2017-5437 (bmo#1343453)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   616
    Vulnerabilities in Libevent library
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   617
  * CVE-2017-5436 (bmo#1345461)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   618
    Out-of-bounds write with malicious font in Graphite 2
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   619
  * CVE-2017-5435 (bmo#1350683)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   620
    Use-after-free during transaction processing in the editor
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   621
  * CVE-2017-5434 (bmo#1349946)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   622
    Use-after-free during focus handling
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   623
  * CVE-2017-5433 (bmo#1347168)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   624
    Use-after-free in SMIL animation functions
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   625
  * CVE-2017-5432 (bmo#1346654)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   626
    Use-after-free in text input selection
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   627
  * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   628
     bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686,
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   629
     bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621,
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   630
     bmo#1349719, bmo#1353476)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   631
    Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   632
  * CVE-2017-5459 (bmo#1333858)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   633
    Buffer overflow in WebGL
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   634
  * CVE-2017-5458 (bmo#1229426)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   635
    Drag and drop of javascript: URLs can allow for self-XSS
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   636
  * CVE-2017-5455 (bmo#1341191)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   637
    Sandbox escape through internal feed reader APIs
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   638
  * CVE-2017-5454 (bmo#1349276)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   639
    Sandbox escape allowing file system read access through file picker
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   640
  * CVE-2017-5451 (bmo#1273537)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   641
    Addressbar spoofing with onblur event
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   642
  * CVE-2017-5453 (bmo#1321247)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   643
    HTML injection into RSS Reader feed preview page through
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   644
    TITLE element
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   645
  * CVE-2017-5462 (bmo#1345089)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
   646
    DRBG flaw in NSS
951
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   647
- removed browser(npapi) provides as these plugins are deprecated
953
6b282f295753 53.0b4 (complete)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 951
diff changeset
   648
- switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for
6b282f295753 53.0b4 (complete)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 951
diff changeset
   649
  Leap 42
6b282f295753 53.0b4 (complete)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 951
diff changeset
   650
- Gtk2 is not longer an option; switched to Gtk3
956
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   651
- apply MOZ_USE_XINPUT2=1 for better touchpad and touchscreen support
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   652
  (boo#1032003)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   653
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   654
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   655
Mon Apr  3 06:16:26 UTC 2017 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   656
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   657
- update to Firefox 52.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   658
  * Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   659
  * Fix loading tab icons on session restore (bmo#1338009)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   660
  * Fix a crash on startup on Linux (bmo#1345413)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   661
  * Fix new installs erroneously not prompting to change the default
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   662
    browser setting (bmo#1343938)
953
6b282f295753 53.0b4 (complete)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 951
diff changeset
   663
6b282f295753 53.0b4 (complete)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 951
diff changeset
   664
-------------------------------------------------------------------
6b282f295753 53.0b4 (complete)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 951
diff changeset
   665
Mon Mar 20 15:35:57 UTC 2017 - wr@rosenauer.org
6b282f295753 53.0b4 (complete)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 951
diff changeset
   666
6b282f295753 53.0b4 (complete)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 951
diff changeset
   667
- disable rust usage for everything but x86(-64)
956
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
   668
- explicitely add libffi build requirement
951
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   669
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
   670
-------------------------------------------------------------------
946
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 945
diff changeset
   671
Fri Mar 17 15:43:29 UTC 2017 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 945
diff changeset
   672
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 945
diff changeset
   673
- update to Firefox 52.0.1 (boo#1029822)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 945
diff changeset
   674
  MFSA 2017-08
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 945
diff changeset
   675
  CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 945
diff changeset
   676
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 945
diff changeset
   677
-------------------------------------------------------------------
945
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   678
Thu Mar  9 12:30:14 UTC 2017 - wr@rosenauer.org
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   679
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   680
- reenable ALSA support which was removed by default upstream
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   681
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   682
-------------------------------------------------------------------
944
ce8a98f8d8d7 Firefox 52.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 943
diff changeset
   683
Sat Mar  4 16:57:45 UTC 2017 - wr@rosenauer.org
ce8a98f8d8d7 Firefox 52.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 943
diff changeset
   684
945
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   685
- update to Firefox 52.0 (boo#1028391)
944
ce8a98f8d8d7 Firefox 52.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 943
diff changeset
   686
  * requires NSS >= 3.28.3
942
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   687
  * Pages containing insecure password fields now display a warning
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   688
    directly within username and password fields.
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   689
  * Send and open a tab from one device to another with Sync
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   690
  * Removed NPAPI support for plugins other than Flash. Silverlight,
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   691
    Java, Acrobat and the like are no longer supported.
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   692
  * Removed Battery Status API to reduce fingerprinting of users by
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   693
    trackers
945
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   694
  * MFSA 2017-05
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   695
    CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   696
                   (bmo#1334933)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   697
    CVE-2017-5401: Memory Corruption when handling ErrorResult
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   698
                   (bmo#1328861)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   699
    CVE-2017-5402: Use-after-free working with events in FontFace
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   700
                   objects (bmo#1334876)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   701
    CVE-2017-5403: Use-after-free using addRange to add range to an
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   702
                   incorrect root object (bmo#1340186)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   703
    CVE-2017-5404: Use-after-free working with ranges in selections
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   704
                   (bmo#1340138)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   705
    CVE-2017-5406: Segmentation fault in Skia with canvas operations
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   706
                   (bmo#1306890)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   707
    CVE-2017-5407: Pixel and history stealing via floating-point
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   708
                   timing side channel with SVG filters (bmo#1336622)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   709
    CVE-2017-5410: Memory corruption during JavaScript garbage
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   710
                   collection incremental sweeping (bmo#1330687)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   711
    CVE-2017-5408: Cross-origin reading of video captions in violation
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   712
                   of CORS (bmo#1313711)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   713
    CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   714
    CVE-2017-5413: Segmentation fault during bidirectional operations
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   715
                   (bmo#1337504)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   716
    CVE-2017-5414: File picker can choose incorrect default directory
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   717
                   (bmo#1319370)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   718
    CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   719
    CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   720
    CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   721
                   (bmo#791597)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   722
    CVE-2017-5426: Gecko Media Plugin sandbox is not started if
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   723
                   seccomp-bpf filter is running (bmo#1257361)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   724
    CVE-2017-5427: Non-existent chrome.manifest file loaded during
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   725
                   startup (bmo#1295542)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   726
    CVE-2017-5418: Out of bounds read when parsing HTTP digest
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   727
                   authorization responses (bmo#1338876)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   728
    CVE-2017-5419: Repeated authentication prompts lead to DOS
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   729
                   attack (bmo#1312243)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   730
    CVE-2017-5420: Javascript: URLs can obfuscate addressbar
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   731
                   location (bmo#1284395)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   732
    CVE-2017-5405: FTP response codes can cause use of
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   733
                   uninitialized values for ports (bmo#1336699)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   734
    CVE-2017-5421: Print preview spoofing (bmo#1301876)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   735
    CVE-2017-5422: DOS attack by using view-source: protocol
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   736
                   repeatedly in one hyperlink (bmo#1295002)
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   737
    CVE-2017-5399: Memory safety bugs fixed in Firefox 52
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   738
    CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
7b1e775ff77a FF52 as released
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 944
diff changeset
   739
                   Firefox ESR 45.8
942
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   740
- removed obsolete patches
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   741
  * mozilla-binutils-visibility.patch
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   742
  * mozilla-check_return.patch
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   743
  * mozilla-disable-skia-be.patch
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   744
  * mozilla-skia-overflow.patch
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   745
  * mozilla-skia-ppc-endianess.patch
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   746
- rebased patches
943
ace605efe50f latest beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 942
diff changeset
   747
- enable rust usage for Tumbleweed
942
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   748
66115255ad6f prepare FF51 (currently 51.0b5)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 940
diff changeset
   749
-------------------------------------------------------------------
940
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   750
Fri Jan 27 20:25:59 UTC 2017 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   751
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   752
- Mozilla Firefox 51.0.1:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   753
  - Multiprocess incompatibility did not correctly register with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   754
    some add-ons (bmo#1333423)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   755
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   756
-------------------------------------------------------------------
935
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   757
Fri Jan 20 13:57:56 UTC 2017 - wr@rosenauer.org
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   758
940
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   759
- update to Firefox 51.0
935
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   760
  * requires NSPR >= 4.13.1, NSS >= 3.28.1
936
096e59808e91 more changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 935
diff changeset
   761
  * Added support for FLAC (Free Lossless Audio Codec) playback
096e59808e91 more changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 935
diff changeset
   762
  * Added support for WebGL 2
096e59808e91 more changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 935
diff changeset
   763
  * Added Georgian (ka) and Kabyle (kab) locales
096e59808e91 more changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 935
diff changeset
   764
  * Support saving passwords for forms without 'submit' events
096e59808e91 more changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 935
diff changeset
   765
  * Improved video performance for users without GPU acceleration
096e59808e91 more changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 935
diff changeset
   766
  * Zoom indicator is shown in the URL bar if the zoom level is not
096e59808e91 more changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 935
diff changeset
   767
    at default level
096e59808e91 more changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 935
diff changeset
   768
  * View passwords from the prompt before saving them
096e59808e91 more changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 935
diff changeset
   769
  * Remove Belarusian (be) locale
096e59808e91 more changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 935
diff changeset
   770
  * Use Skia for content rendering (Linux)
940
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   771
  * MFSA 2017-01
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   772
    CVE-2017-5375: Excessive JIT code allocation allows bypass of
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   773
                   ASLR and DEP (bmo#1325200, boo#1021814)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   774
    CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   775
    CVE-2017-5377: Memory corruption with transforms to create
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   776
                   gradients in Skia (bmo#1306883, boo#1021826)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   777
    CVE-2017-5378: Pointer and frame data leakage of Javascript objects
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   778
                   (bmo#1312001, bmo#1330769, boo#1021818)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   779
    CVE-2017-5379: Use-after-free in Web Animations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   780
                   (bmo#1309198,boo#1021827)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   781
    CVE-2017-5380: Potential use-after-free during DOM manipulations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   782
                   (bmo#1322107, boo#1021819)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   783
    CVE-2017-5390: Insecure communication methods in Developer Tools
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   784
                   JSON viewer (bmo#1297361, boo#1021820)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   785
    CVE-2017-5389: WebExtensions can install additional add-ons via
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   786
                   modified host requests (bmo#1308688, boo#1021828)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   787
    CVE-2017-5396: Use-after-free with Media Decoder
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   788
                   (bmo#1329403, boo#1021821)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   789
    CVE-2017-5381: Certificate Viewer exporting can be used to navigate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   790
                   and save to arbitrary filesystem locations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   791
		   (bmo#1017616, boo#1021830)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   792
    CVE-2017-5382: Feed preview can expose privileged content errors
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   793
                   and exceptions (bmo#1295322, boo#1021831)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   794
    CVE-2017-5383: Location bar spoofing with unicode characters
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   795
                   (bmo#1323338, bmo#1324716, boo#1021822)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   796
    CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   797
                   (bmo#1255474, boo#1021832)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   798
    CVE-2017-5385: Data sent in multipart channels ignores referrer-policy
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   799
                   response headers (bmo#1295945, boo#1021833)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   800
    CVE-2017-5386: WebExtensions can use data: protocol to affect other
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   801
                   extensions (bmo#1319070, boo#1021823)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   802
    CVE-2017-5394: Android location bar spoofing using fullscreen and
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   803
                   JavaScript events (bmo#1222798)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   804
    CVE-2017-5391: Content about: pages can load privileged about: pages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   805
                   (bmo#1309310, boo#1021835)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   806
    CVE-2017-5392: Weak references using multiple threads on weak proxy
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   807
                   objects lead to unsafe memory usage (bmo#1293709)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   808
		   (Android only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   809
    CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   810
                   mozAddonManager (bmo#1309282, boo#1021837)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   811
    CVE-2017-5395: Android location bar spoofing during scrolling
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   812
                   (bmo#1293463) (Android only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   813
    CVE-2017-5387: Disclosure of local file existence through TRACK
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   814
                   tag error messages (bmo#1295023, boo#1021839)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   815
    CVE-2017-5388: WebRTC can be used to generate a large amount of
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   816
                   UDP traffic for DDOS attacks
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   817
		   (bmo#1281482, boo#1021840)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   818
    CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   819
    CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   820
                   Firefox ESR 45.7 (boo#1021824)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   821
- switch Firefox to Gtk3 for Tumbleweed
935
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   822
- removed obsolete patches
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   823
  * mozilla-flex_buffer_overrun.patch
939
3604ed712e16 51.0 as submitted to official openSUSE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 938
diff changeset
   824
- updated RPM locale support tag
3604ed712e16 51.0 as submitted to official openSUSE
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 938
diff changeset
   825
- improve recognition of LANGUAGE env variable (boo#1017174)
940
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   826
- add upstream patch to fix PPC64LE (bmo#1319389)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   827
  (mozilla-skia-ppc-endianess.patch)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   828
- fix build without skia (big endian archs) (bmo#1319374)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 939
diff changeset
   829
  (mozilla-disable-skia-be.patch)
935
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   830
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   831
-------------------------------------------------------------------
933
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   832
Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   833
935
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   834
- update to Firefox 50.1.0 (boo#1015422)
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   835
  * MFSA 2016-94
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   836
    CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628)
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   837
    CVE-2016-9899: Use-after-free while manipulating DOM events and
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   838
                   audio elements (bmo#1317409)
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   839
    CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   840
    CVE-2016-9896: Use-after-free with WebVR (bmo#1315543)
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   841
    CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   842
    CVE-2016-9898: Use-after-free in Editor while manipulating
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   843
                   DOM subtrees (bmo#1314442)
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   844
    CVE-2016-9900: Restricted external resources can be loaded by
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   845
                   SVG images through data URLs (bmo#1319122)
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   846
    CVE-2016-9904: Cross-origin information leak in shared atoms
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   847
                   (bmo#1317936)
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   848
    CVE-2016-9901: Data from Pocket server improperly sanitized
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   849
                   before execution (bmo#1320057)
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   850
    CVE-2016-9902: Pocket extension does not validate the origin
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   851
                   of events (bmo#1320039)
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   852
    CVE-2016-9903: XSS injection vulnerability in add-ons SDK
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   853
                   (bmo#1315435)
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   854
    CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   855
    CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and
9ae2b79d3bb1 prepare FF 51 -> 51.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 933
diff changeset
   856
                   Firefox ESR 45.6
933
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   857
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   858
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   859
Fri Dec  9 17:57:22 UTC 2016 - cgrobertson@novell.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   860
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   861
- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   862
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   863
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   864
Thu Dec  1 02:49:45 UTC 2016 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   865
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   866
- update to Firefox 50.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   867
  * Firefox crashes with 3rd party Chinese IME when using IME text
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   868
    (50.0.1)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   869
  security fixes (in 50.0.1): (boo#1012807)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   870
  * MFSA 2016-91
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   871
    CVE-2016-9078: data: URL can inherit wrong origin after an
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   872
                   HTTP redirect (bmo#1317641)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   873
  security fixes (in 50.0.2) (boo#1012964)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   874
  * MFSA 2016-92
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   875
    CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   876
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 932
diff changeset
   877
-------------------------------------------------------------------
932
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   878
Mon Nov 14 21:07:03 UTC 2016 - wr@rosenauer.org
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   879
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   880
- update to Firefox 50.0 (boo#1009026)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   881
  * requires NSS 3.26.2
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   882
  new features
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   883
  * Updates to keyboard shortcuts
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   884
    Set a preference to have Ctrl+Tab cycle through tabs in recently
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   885
    used order
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   886
    View a page in Reader Mode by using Ctrl+Alt+R
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   887
  * Added option to Find in page that allows users to limit search to
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   888
    whole words only
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   889
  * Added download protection for a large number of executable file
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   890
    types on Windows, Mac and Linux
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   891
  * Fixed rendering of dashed and dotted borders with rounded corners
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   892
    (border-radius)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   893
  * Added a built-in Emoji set for operating systems without native
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   894
    Emoji fonts (Windows 8.0 and lower and Linux)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   895
  * Blocked versions of libavcodec older than 54.35.1
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   896
  * additional locale
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   897
  security fixes:
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   898
  * MFSA 2016-89
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   899
    CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   900
                   (bmo#1292443)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   901
    CVE-2016-5292: URL parsing causes crash (bmo#1288482)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   902
    CVE-2016-5293: Write to arbitrary file with updater and moz
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   903
                   maintenance service using updater.log hardlink
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   904
		   (Windows only) (bmo#1246945)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   905
    CVE-2016-5294: Arbitrary target directory for result files of
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   906
                   update process (Windows only) (bmo#1246972)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   907
    CVE-2016-5297: Incorrect argument length checking in Javascript
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   908
                   (bmo#1303678)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   909
    CVE-2016-9064: Addons update must verify IDs match between
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   910
                   current and new versions (bmo#1303418)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   911
    CVE-2016-9065: Firefox for Android location bar spoofing usingfullscreen
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   912
                   (Android only) (bmo#1306696)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   913
    CVE-2016-9066: Integer overflow leading to a buffer overflow in
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   914
                   nsScriptLoadHandler (bmo#1299686)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   915
    CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   916
                   (bmo#1301777, bmo#1308922 (CVE-2016-9069))
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   917
    CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   918
    CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   919
                   (bmo#1300083) (Windows only)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   920
    CVE-2016-9075: WebExtensions can access the mozAddonManager API
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   921
                   and use it to gain elevated privileges (bmo#1295324)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   922
    CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   923
                   to cross-origin images, allowing timing attacks on them
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   924
		   (bmo#1298552)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   925
    CVE-2016-5291: Same-origin policy violation using local HTML file
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   926
                    and saved shortcut file (bmo#1292159)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   927
    CVE-2016-5295: Mozilla Maintenance Service: Ability to read
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   928
                   arbitrary files as SYSTEM (Windows only) (bmo#1247239)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   929
    CVE-2016-5298: SSL indicator can mislead the user about the real
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   930
                   URL visited (bmo#1227538) (Android only)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   931
    CVE-2016-5299: Firefox AuthToken in broadcast protected with
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   932
                   signature-level permission can be accessed by an
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   933
		   application installed beforehand that defines the
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   934
		   same permissions (bmo#1245791) (Android only)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   935
    CVE-2016-9061: API Key (glocation) in broadcast protected with
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   936
                   signature-level permission can be accessed by an
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   937
		   application installed beforehand that defines the
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   938
		   same permissions (Android only) (bmo#1245795)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   939
    CVE-2016-9062: Private browsing browser traces (android) in
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   940
                   browser.db and wal file (Android only) (bmo#1294438)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   941
    CVE-2016-9070: Sidebar bookmark can have reference to chrome window
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   942
                   (bmo#1281071)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   943
    CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   944
                   (bmo#1289273)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   945
    CVE-2016-9074: Insufficient timing side-channel resistance in
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   946
                   divSpoiler (bmo#1293334) (fixed via NSS 3.26.1)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   947
    CVE-2016-9076: select dropdown menu can be used for URL bar
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   948
                   spoofing on e10s (bmo#1276976)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   949
    CVE-2016-9063: Possible integer overflow to fix inside XML_Parse
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   950
                   in expat (bmo#1274777)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   951
    CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   952
                   (bmo#1285003)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   953
    CVE-2016-5289: Memory safety bugs fixed in Firefox 50
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   954
    CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   955
- make aarch64 build more similar to x86_64 build (remove conditionals
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   956
  that don't seem to be necessary anymore)
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   957
a58cc7936ce7 Firefox 50.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 931
diff changeset
   958
-------------------------------------------------------------------
931
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   959
Mon Oct 24 09:41:17 UTC 2016 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   960
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   961
- Mozilla Firefox 49.0.2:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   962
  * CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   963
  * CVE-2016-5288: Web content can read cache entries (bsc#1006476)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   964
  * Asynchronous rendering of the Flash plugins is now enabled by
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   965
    default
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   966
  * Change D3D9 default fallback preference to prevent graphical
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   967
    artifacts
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   968
  * Network issue prevents some users from seeing the Firefox UI on
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   969
    startup
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   970
  * Web compatibility issue with file uploads
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   971
  * Web compatibility issue with Array.prototype.values
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   972
  * Diagnostic information on timing for tab switching
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   973
  * Fix a Canvas filters graphics issue affecting HTML5 apps
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   974
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 930
diff changeset
   975
-------------------------------------------------------------------
930
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   976
Wed Oct 12 20:42:28 UTC 2016 - badshah400@gmail.com
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   977
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   978
- Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   979
  and fixes have been incorporated by upstream.
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   980
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   981
-------------------------------------------------------------------
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   982
Fri Sep 23 20:36:39 UTC 2016 - astieger@suse.com
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   983
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   984
- Mozilla Firefox 49.0.1:
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   985
  * Mitigate a startup crash issue caused by Websense - bmo#1304783
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   986
fdfd88b0c2d7 latest updates including 49.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 929
diff changeset
   987
-------------------------------------------------------------------
929
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   988
Tue Sep 20 07:09:52 UTC 2016 - wr@rosenauer.org
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   989
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   990
- update to Firefox 49.0 (boo#999701)
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   991
  new features
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   992
  * Updated Firefox Login Manager to allow HTTPS pages to use saved
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   993
    HTTP logins.
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   994
  * Added features to Reader Mode that make it easier on the eyes and
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   995
    the ears
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   996
  * Improved video performance for users on systems that support
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   997
    SSE3 without hardware acceleration
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   998
  * Added context menu controls to HTML5 audio and video that let users
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
   999
    loops files or play files at 1.25x speed
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1000
  * Improvements in about:memory reports for tracking font memory usage
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1001
  security related
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1002
  * MFSA 2016-85
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1003
    CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1004
    mozilla::net::IsValidReferrerPolicy
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1005
    CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1006
    nsCaseTransformTextRunFactory::TransformString
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1007
    CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1008
    PropertyProvider::GetSpacingInternal
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1009
    CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1010
    CVE-2016-5273 (bmo#1280387) - crash in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1011
    mozilla::a11y::HyperTextAccessible::GetChildOffset
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1012
    CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1013
    mozilla::a11y::DocAccessible::ProcessInvalidationList
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1014
    CVE-2016-5274 (bmo#1282076) - use-after-free in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1015
    nsFrameManager::CaptureFrameState
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1016
    CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1017
    CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1018
    mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1019
    CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1020
    nsBMPEncoder::AddImageFrame
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1021
    CVE-2016-5279 (bmo#1249522) - Full local path of files is available
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1022
    to web pages after drag and drop
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1023
    CVE-2016-5280 (bmo#1289970) - Use-after-free in
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1024
    mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1025
    CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1026
    CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1027
    from non-whitelisted schemes
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1028
    CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1029
    reveal cross-origin data
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1030
    CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1031
    CVE-2016-5256 - Memory safety bugs fixed in Firefox 49
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1032
    CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1033
- removed obsolete patches:
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1034
  * mozilla-aarch64-48bit-va.patch
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1035
  * mozilla-exclude-nametablecpp.patch
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1036
  * mozilla-old_configure-bmo1282843.patch
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1037
- added patch mozilla-skia-overflow.patch (bmo#1304114)
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1038
- requires NSS 3.25
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1039
9fc2ebe6d7f1 Firefox 49.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 928
diff changeset
  1040
-------------------------------------------------------------------
928
4663386a04de update to 48.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 927
diff changeset
  1041
Tue Aug 30 20:25:38 UTC 2016 - astieger@suse.com
4663386a04de update to 48.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 927
diff changeset
  1042
4663386a04de update to 48.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 927
diff changeset
  1043
- Mozilla Firefox 48.0.2:
4663386a04de update to 48.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 927
diff changeset
  1044
  * Mitigate a startup crash issue caused on Windows (bmo#1291738)
4663386a04de update to 48.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 927
diff changeset
  1045
4663386a04de update to 48.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 927
diff changeset
  1046
-------------------------------------------------------------------
927
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1047
Sat Aug 20 10:58:26 UTC 2016 - astieger@suse.com
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1048
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1049
- Mozilla Firefox 48.0.1:
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1050
  * Fix an audio regression impacting some major websites
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1051
    (bmo#1295296)
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1052
  * Fix a top crash in the JavaScript engine (bmo#1290469)
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1053
  * Fix a startup crash issue caused by Websense (bmo#1291738)
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1054
  * Fix a different behavior with e10s / non-e10s on <select> and
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1055
    mouse events (bmo#1291078)
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1056
  * Fix a top crash caused by plugin issues (bmo#1264530)
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1057
  * Fix a shutdown issue (bmo#1276920)
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1058
  * Fix a crash in WebRTC
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1059
300ed867f7fd 48.0.1 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 926
diff changeset
  1060
-------------------------------------------------------------------
925
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
  1061
Mon Aug 15 11:24:00 UTC 2016 - wr@rosenauer.org
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
  1062
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
  1063
- added upstream patch so system plugins/extensions are correctly
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
  1064
  loaded again on x86-64 (bmo#1282843)
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
  1065
  (mozilla-old_configure-bmo1282843.patch)
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
  1066
05d175c5957e added upstream patch so system plugins/extensions are correctly
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 924
diff changeset
  1067
-------------------------------------------------------------------
926
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
  1068
Fri Aug  5 13:47:12 UTC 2016 - pcerny@suse.com
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
  1069
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
  1070
- Fix for possible buffer overrun (bsc#990856)
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
  1071
  CVE-2016-6354 (bmo#1292534)
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
  1072
  [mozilla-flex_buffer_overrun.patch]
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
  1073
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
  1074
-------------------------------------------------------------------
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
  1075
Wed Aug  3 03:38:47 UTC 2016 - badshah400@gmail.com
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
  1076
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
  1077
- Update mozilla-gtk3_20.patch to latest version from Fedora.
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
  1078
6ab8b16f232c merge latest changes from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 925
diff changeset
  1079
-------------------------------------------------------------------
923
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
  1080
Mon Aug  1 12:37:05 UTC 2016 - wr@rosenauer.org
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
  1081
924
199d5cf40e86 changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 923
diff changeset
  1082
- update to Firefox 48.0 (boo#991809)
923
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
  1083
  * requires NSS 3.24
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
  1084
  * Process separation (e10s) is enabled for some of you
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
  1085
  * Add-ons that have not been verified and signed by Mozilla will not load
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
  1086
  * WebRTC embetterments
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
  1087
  * The media parser has been redeveloped using the Rust programming
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
  1088
    language
3cc9f17ca9bb prepare FF48
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 921
diff changeset
  1089
  * better Canvas performance with speedy Skia support
924