MozillaFirefox/MozillaFirefox.changes
author Wolfgang Rosenauer <wr@rosenauer.org>
Thu, 08 Nov 2018 17:56:27 +0100
branchfirefox63
changeset 1077 d8601c72c87b
parent 1076 2823eb50c9a9
child 1078 9f49c406dc11
permissions -rw-r--r--
63.0.1
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
893
86f72f1e98a4 prepare Gtk3 based builds on a feature branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 892
diff changeset
     1
-------------------------------------------------------------------
1077
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
     2
Thu Nov  8 14:59:13 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
     3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
     4
- update to Firefox 63.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
     5
  * Snippets are not loaded due to missing element (bmo#1503047)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
     6
  * Print preview always shows 30& scale when it is actually
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
     7
    Shrink To Fit (bmo#1501952)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
     8
  * Dialog displayed when closing multiple windows shows unreplaced
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
     9
    %1$S placeholder in Japanese and potentially other locales
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    10
    (bmo#1500823)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    12
-------------------------------------------------------------------
1075
0831123bc28a final 63.0 release preparations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1074
diff changeset
    13
Mon Oct 29 14:07:51 UTC 2018 - wr@rosenauer.org
0831123bc28a final 63.0 release preparations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1074
diff changeset
    14
0831123bc28a final 63.0 release preparations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1074
diff changeset
    15
- update to Firefox 63.0
1074
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
    16
  * WebExtensions now run in their own process on Linux
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
    17
  * The Ctrl+Tab shortcut now displays thumbnail previews of your
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
    18
    tabs and cycles through tabs in recently used order. This new
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
    19
    default behavior is activated only in new profiles and can be
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
    20
    changed in preferences.
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
    21
  * Added support for Web Components custom elements and shadow DOM
1077
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    22
  MFSA 2018-26 (bsc#1112852)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    23
  * CVE-2018-12391 (bmo#1478843) (Android-only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    24
    HTTP Live Stream audio data is accessible cross-origin
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    25
  * CVE-2018-12392 (bmo#1492823)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    26
    Crash with nested event loops
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    27
  * CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    28
    Integer overflow during Unicode conversion while loading JavaScript
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    29
  * CVE-2018-12395 (bmo#1467523)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    30
    WebExtension bypass of domain restrictions through header rewriting
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    31
  * CVE-2018-12396 (bmo#1483602)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    32
    WebExtension content scripts can execute in disallowed contexts
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    33
  * CVE-2018-12397 (bmo#1487478)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    34
    Missing warning prompt when WebExtension requests local file access
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    35
  * CVE-2018-12398 (bmo#1460538, bmo#1488061)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    36
    CSP bypass through stylesheet injection in resource URIs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    37
  * CVE-2018-12399 (bmo#1490276)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    38
    Spoofing of protocol registration notification bar
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    39
  * CVE-2018-12400 (bmo#1448305) (Android only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    40
    Favicons are cached in private browsing mode on Firefox for Android
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    41
  * CVE-2018-12401 (bmo#1422456)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    42
    DOS attack through special resource URI parsing
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    43
  * CVE-2018-12402 (bmo#1469916)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    44
    SameSite cookies leak when pages are explicitly saved
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    45
  * CVE-2018-12403 (bmo#1484753)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    46
    Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    47
  * CVE-2018-12388 (bmo#1472639, bmo#1485698, bmo#1301547, bmo#1471427,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    48
    bmo#1379411, bmo#1482122, bmo#1486314, bmo#1487167)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    49
    Memory safety bugs fixed in Firefox 63
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    50
  * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    51
    bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    52
    bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    53
    bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    54
    Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
1074
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
    55
- requires NSPR 4.20, NSS 3.39 and Rust 1.28
1077
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
    56
- latest rust does not provide rust-std so stop requiring it
1073
63a32fb3b602 merge from firefox62 and prepare for 63beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1072
diff changeset
    57
63a32fb3b602 merge from firefox62 and prepare for 63beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1072
diff changeset
    58
-------------------------------------------------------------------
1076
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
    59
Thu Oct 25 14:39:04 UTC 2018 - guillaume.gardet@opensuse.org
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
    60
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
    61
- Update _constraints for armv6/7
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
    62
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
    63
-------------------------------------------------------------------
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
    64
Thu Oct 25 08:50:24 UTC 2018 - guillaume.gardet@opensuse.org
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
    65
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
    66
- Add patch to fix build on armv7:
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
    67
  * mozilla-bmo1463035.patch
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
    68
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
    69
-------------------------------------------------------------------
1072
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
    70
Tue Oct  2 21:28:31 UTC 2018 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
    71
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
    72
- Mozilla Firefox 62.0.3:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
    73
  MFSA 2018-24
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
    74
  * CVE-2018-12386 (bsc#1110506, bmo#1493900)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
    75
    Type confusion in JavaScript allowed remote code execution
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
    76
  * CVE-2018-12387 (bsc#1110507, bmo#1493903)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
    77
    Array.prototype.push stack pointer vulnerability may enable
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
    78
    exploits in the sandboxed content process
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
    79
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
    80
-------------------------------------------------------------------
1071
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    81
Sat Sep 22 09:03:53 UTC 2018 - astieger@suse.com
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    82
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    83
- Mozilla Firefox 62.0.2:
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    84
  MFSA 2018-22
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    85
  * CVE-2018-12385 (boo#1109363, bmo#1490585)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    86
    Crash in TransportSecurityInfo due to cached data
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    87
  * Unvisited bookmarks can once again be autofilled in the address
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    88
    bar
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    89
  * Fix WebGL rendering issues
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    90
  * Fix fallback on startup when a language pack is missing
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    91
  * Avoid crash when sharing a profile with newer (as yet
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    92
    unreleased) versions of Firefox
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    93
  * Do not undo removal of search engines when using a language
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    94
    pack
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    95
  * Fixed rendering of some web sites
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    96
  * Restored compatibility with some sites using deprecated TLS
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    97
    settings
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    98
- disable rust debug symbols to fix build on %ix86
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
    99
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   100
-------------------------------------------------------------------
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   101
Mon Sep  3 10:47:43 UTC 2018 - wr@rosenauer.org
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   102
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   103
- update to Firefox 62.0
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   104
  * Firefox Home (the default New Tab) now allows users to display
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   105
    up to 4 rows of top sites, Pocket stories, and highlights
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   106
  * "Reopen in Container" tab menu option appears for users with
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   107
    Containers that lets them choose to reopen a tab in a different
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   108
    container
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   109
  * In advance of removing all trust for Symantec-issued certificates
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   110
    in Firefox 63, a preference was added that allows users to distrust
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   111
    certificates issued by Symantec. To use this preference, go to
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   112
    about:config in the address bar and set the preference
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   113
    "security.pki.distrust_ca_policy" to 2.
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   114
  * Support for CSS Shapes, allowing for richer web page layouts.
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   115
    This goes hand in hand with a brand new Shape Path Editor in the
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   116
    CSS inspector.
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   117
  * CSS Variable Fonts (OpenType Font Variations) support, which makes
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   118
    it possible to create beautiful typography with a single font file
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   119
  * Added Canadian English (en-CA) locale
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   120
  MFSA 2018-20 (bsc#1107343)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   121
  * CVE-2018-12377 (bmo#1470260)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   122
    Use-after-free in refresh driver timers
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   123
  * CVE-2018-12378 (bmo#1459383)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   124
    Use-after-free in IndexedDB
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   125
  * CVE-2018-12379 (bmo#1473113) (updater is disabled for us)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   126
    Out-of-bounds write with malicious MAR file
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   127
  * CVE-2017-16541 (bmo#1412081)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   128
    Proxy bypass using automount and autofs
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   129
  * CVE-2018-12381 (bmo#1435319)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   130
    Dragging and dropping Outlook email message results in page navigation
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   131
  * CVE-2018-12382 (bmo#1479311) (Android only)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   132
    Addressbar spoofing with javascript URI on Firefox for Android
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   133
  * CVE-2018-12383 (bmo#1475775)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   134
    Setting a master password post-Firefox 58 does not delete
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   135
    unencrypted previously stored passwords
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   136
  * CVE-2018-12375
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   137
    Memory safety bugs fixed in Firefox 62
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   138
  * CVE-2018-12376
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   139
    Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
1066
3f18b0f2a868 merge from firefox61 and specify next beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1065
diff changeset
   140
- requires NSS >= 3.38
1071
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   141
- removed obsolete patch
1067
735b140fb042 rebased patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1066
diff changeset
   142
  mozilla-bmo1464766.patch
1066
3f18b0f2a868 merge from firefox61 and specify next beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1065
diff changeset
   143
3f18b0f2a868 merge from firefox61 and specify next beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1065
diff changeset
   144
-------------------------------------------------------------------
1065
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   145
Thu Aug  9 14:22:00 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   146
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   147
- update to Firefox 61.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   148
  * Improved website rendering with the Retained Display List feature
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   149
    enabled (bmo#1474402)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   150
  * Fixed broken DevTools panels with certain extensions installed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   151
    (bmo#1474379)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   152
  * Fixed a crash for users with some accessibility tools enabled
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   153
    (bmo#1474007)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   154
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   155
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   156
Mon Jul  9 07:22:09 UTC 2018 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   157
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   158
- Mozilla Firefox 61.0.1:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   159
  * Fix missing content on the New Tab Page and the Home section of
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   160
    the Preferences page (bmo#1471375)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   161
  * Fixed loss of bookmarks under rare circumstances when upgrading
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   162
    from Firefox 60 (bmo#1472127)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   163
  * Improved playback of Twitch 1080p video streams (bmo#1469257)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   164
  * Web pages no longer lose focus when a browser popup window is
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   165
    opened (bmo#1471415)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   166
  * Re-allowed downloading files from FTP sites via the "Save Link
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   167
    As" option when linked from HTTP pages (bmo#1470295)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   168
  * Fixed extensions being unable to override the default homepage
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   169
    in certain situations (bmo#1466846)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   170
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   171
-------------------------------------------------------------------
1061
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   172
Sat Jun 23 07:25:51 UTC 2018 - wr@rosenauer.org
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   173
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   174
- update to Firefox 61.0
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   175
  * Performance enhancements
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   176
  * Various improvements for dark theme support will provide a more
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   177
    consistent experience across the entire Firefox UI
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   178
  * OpenSearch plugins offered by web pages can now be added from the
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   179
    page action menu for easier installation
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   180
  * Improved support for allowing WebExtensions to manage and hide tabs
1065
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   181
  MFSA 2018-15 (bsc#1098998)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   182
  * CVE-2018-12359 (bmo#1459162)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   183
    Buffer overflow using computed size of canvas element
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   184
  * CVE-2018-12360 (bmo#1459693)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   185
    Use-after-free when using focus()
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   186
  * CVE-2018-12361 (bmo#1463244)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   187
    Integer overflow in SwizzleData
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   188
  * CVE-2018-12358 (bmo#1467852)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   189
    Same-origin bypass using service worker and redirection
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   190
  * CVE-2018-12362 (bmo#1452375)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   191
    Integer overflow in SSSE3 scaler
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   192
  * CVE-2018-5156 (bmo#1453127)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   193
    Media recorder segmentation fault when track type is changed during capture
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   194
  * CVE-2018-12363 (bmo#1464784)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   195
    Use-after-free when appending DOM nodes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   196
  * CVE-2018-12364 (bmo#1436241)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   197
    CSRF attacks through 307 redirects and NPAPI plugins
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   198
  * CVE-2018-12365 (bmo#1459206)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   199
    Compromised IPC child process can list local filenames
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   200
  * CVE-2018-12371 (bmo#1465686) 
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   201
    Integer overflow in Skia library during edge builder allocation
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   202
  * CVE-2018-12366 (bmo#1464039)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   203
    Invalid data handling during QCMS transformations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   204
  * CVE-2018-12367 (bmo#1462891)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   205
    Timing attack mitigation of PerformanceNavigationTiming
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   206
  * CVE-2018-12369 (bmo#1454909)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   207
    WebExtension security permission checks bypassed by embedded experiments
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   208
  * CVE-2018-12370 (bmo#1456652)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   209
    SameSite cookie protections bypassed when exiting Reader View
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   210
  * CVE-2018-5186 (bmo#1464872,bmo#1463329,bmo#1419373,bmo#1412882,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   211
    bmo#1413033,bmo#1444673,bmo#1454448,bmo#1453505,bmo#1438671)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   212
    Memory safety bugs fixed in Firefox 61
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   213
  * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   214
    bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   215
    bmo#1463884)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   216
    Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   217
  * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   218
    bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   219
    bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   220
    bmo#1464079,bmo#1463494,bmo#1458048)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   221
    Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
1054
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   222
- requires NSS 3.37.3
1065
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   223
- requires python >= 3.5 to build
1055
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   224
- removed obsolete patches
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   225
  mozilla-i586-DecoderDoctorLogger.patch
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   226
  mozilla-i586-domPrefs.patch
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   227
  mozilla-fix-skia-aarch64.patch
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   228
  mozilla-bmo1375074.patch
1065
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   229
  mozilla-enable-csd.patch
1057
b70ce330958c successfull RPM build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1056
diff changeset
   230
- patch for new no-return warnings (mozilla-no-return.patch)
1059
936bf8851c57 try to make langpacks work again
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1057
diff changeset
   231
- do not disable system installed locales (mozilla-bmo1464766.patch)
1054
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   232
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   233
-------------------------------------------------------------------
1056
90e1f32cf034 several changes to make upstream tarballs a good neighbour for locale fetching and HG checkouts
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1055
diff changeset
   234
Fri Jun  8 10:52:13 UTC 2018 - bjorn.lie@gmail.com
1054
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   235
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   236
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   237
  conditional --disable-gconf to configure: no longer pull in
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   238
  obsolete gconf2 for Tumbleweed.
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   239
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   240
-------------------------------------------------------------------
1052
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   241
Thu Jun  7 12:11:06 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   242
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   243
- update to Firefox 60.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   244
  * requires NSS 3.36.4
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   245
  MFSA 2018-14 (bsc#1096449)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   246
  * CVE-2018-6126 (bmo#1462682)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   247
    Heap buffer overflow rasterizing paths in SVG with Skia
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   248
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   249
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   250
Wed Jun  6 18:57:52 UTC 2018 - guillaume.gardet@opensuse.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   251
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   252
- Add upstream patch to fix boo#1093059 instead of '-ffixed-x28'
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   253
  workaround:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   254
  * mozilla-bmo1375074.patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   255
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   256
-------------------------------------------------------------------
1051
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   257
Sat May 26 15:53:25 UTC 2018 - wr@rosenauer.org
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   258
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   259
- fixed "open with" option under KDE (boo#1094747)
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   260
- workaround crash on startup on aarch64 (boo#1093059)
1052
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   261
  (contributed by guillaume.gardet@arm.com)
1051
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   262
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   263
-------------------------------------------------------------------
1049
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   264
Wed May 23 08:49:09 UTC 2018 - guillaume.gardet@opensuse.org
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   265
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   266
- Disable webrtc for aarch64 due to bmo#1434589
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   267
- Add patch to fix skia build on AArch64:
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   268
  * mozilla-fix-skia-aarch64.patch
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   269
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   270
-------------------------------------------------------------------
1048
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   271
Thu May 17 14:01:18 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   272
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   273
- update to Firefox 60.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   274
  * Avoid overly long cycle collector pauses with some add-ons installed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   275
    (bmo#1449033)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   276
  * After unckecking the "Sponsored Stories" option, the New Tab page
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   277
    now immediately stops displaying "Sponsored content" cards (bmo#1458906)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   278
  * On touchscreen devices, fixed momentum scrolling on non-zoomable pages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   279
    (bmo#1457743)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   280
  * Use the right default background when opening tabs or windows in
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   281
    high contrast mode (bmo#1458956)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   282
  * Restored translations of the Preferences panels when using a
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   283
    language pack (bmo#1461590)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   284
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   285
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   286
Mon May 14 13:37:38 UTC 2018 - pcerny@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   287
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   288
- parellelise locales building
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   289
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   290
-------------------------------------------------------------------
1047
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   291
Mon May  7 08:32:28 UTC 2018 - wr@rosenauer.org
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   292
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   293
- update to Firefox 60.0
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   294
  * Added a policy engine that allows customized Firefox deployments
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   295
    in enterprise environments, using Windows Group Policy or a
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   296
    cross-platform JSON file
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   297
  * Applied Quantum CSS to render browser UI
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   298
  * Added support for Web Authentication, allowing the use of USB
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   299
    tokens for authentication to web sites
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   300
  * Locale added: Occitan (oc)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   301
  MFSA 2018-11 (bsc#1092548)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   302
  * CVE-2018-5154 (bmo#1443092)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   303
    Use-after-free with SVG animations and clip paths
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   304
  * CVE-2018-5155 (bmo#1448774)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   305
    Use-after-free with SVG animations and text paths
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   306
  * CVE-2018-5157 (bmo#1449898)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   307
    Same-origin bypass of PDF Viewer to view protected PDF files
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   308
  * CVE-2018-5158 (bmo#1452075)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   309
    Malicious PDF can inject JavaScript into PDF Viewer
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   310
  * CVE-2018-5159 (bmo#1441941)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   311
    Integer overflow and out-of-bounds write in Skia
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   312
  * CVE-2018-5160 (bmo#1436117)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   313
    Uninitialized memory use by WebRTC encoder
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   314
  * CVE-2018-5152 (bmo#1415644, bmo#1427289)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   315
    WebExtensions information leak through webRequest API
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   316
  * CVE-2018-5153 (bmo#1436809)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   317
    Out-of-bounds read in mixed content websocket messages
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   318
  * CVE-2018-5163 (bmo#1426353)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   319
    Replacing cached data in JavaScript Start-up Bytecode Cache
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   320
  * CVE-2018-5164 (bmo#1416045)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   321
    CSP not applied to all multipart content sent with
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   322
    multipart/x-mixed-replace
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   323
  * CVE-2018-5166 (bmo#1437325)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   324
    WebExtension host permission bypass through filterReponseData
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   325
  * CVE-2018-5167 (bmo#1447969)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   326
    Improper linkification of chrome: and javascript: content in
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   327
    web console and JavaScript debugger
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   328
  * CVE-2018-5168 (bmo#1449548)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   329
    Lightweight themes can be installed without user interaction
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   330
  * CVE-2018-5169 (bmo#1319157)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   331
    Dragging and dropping link text onto home button can set home page
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   332
    to include chrome pages
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   333
  * CVE-2018-5172 (bmo#1436482)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   334
    Pasted script from clipboard can run in the Live Bookmarks page
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   335
    or PDF viewer
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   336
  * CVE-2018-5173 (bmo#1438025)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   337
    File name spoofing of Downloads panel with Unicode characters
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   338
  * CVE-2018-5174 (bmo#1447080) (Windows-only)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   339
    Windows Defender SmartScreen UI runs with less secure behavior
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   340
    for downloaded files in Windows 10 April 2018 Update
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   341
  * CVE-2018-5175 (bmo#1432358)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   342
    Universal CSP bypass on sites using strict-dynamic in their policies
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   343
  * CVE-2018-5176 (bmo#1442840)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   344
    JSON Viewer script injection
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   345
  * CVE-2018-5177 (bmo#1451908)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   346
    Buffer overflow in XSLT during number formatting
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   347
  * CVE-2018-5165 (bmo#1451452)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   348
    Checkbox for enabling Flash protected mode is inverted in 32-bit
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   349
    Firefox
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   350
  * CVE-2018-5180 (bmo#1444086)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   351
    heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   352
  * CVE-2018-5181 (bmo#1424107)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   353
    Local file can be displayed in noopener tab through drag and
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   354
    drop of hyperlink
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   355
  * CVE-2018-5182 (bmo#1435908)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   356
    Local file can be displayed from hyperlink dragged and dropped
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   357
    on addressbar
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   358
  * CVE-2018-5151
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   359
    Memory safety bugs fixed in Firefox 60
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   360
  * CVE-2018-5150
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   361
    Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
1046
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   362
- removed obsolete patches
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   363
  0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
1047
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   364
  mozilla-bmo1005535.patch
1046
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   365
- requires NSPR 4.19 and NSS 3.36.1
1047
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   366
- requires rust 1.24 or higher
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   367
- use upstream source archive and detached signature for
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   368
  source verification
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   369
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   370
-------------------------------------------------------------------
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   371
Thu May  3 14:33:37 UTC 2018 - guillaume.gardet@opensuse.org
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   372
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   373
- Fix armv7 build by:
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   374
  * adding RUSTFLAGS="-Cdebuginfo=0"
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   375
  * updating _constraints for %arm
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   376
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   377
-------------------------------------------------------------------
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   378
Wed May  2 20:46:37 UTC 2018 - wr@rosenauer.org
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   379
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   380
- do not try CSD on kwin (boo#1091592)
1046
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   381
- fix build in openSUSE:Leap:42.3:Update, use gcc7
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   382
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   383
-------------------------------------------------------------------
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   384
Tue May  1 14:26:24 UTC 2018 - astieger@suse.com
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   385
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   386
- Mozilla Firefox 59.0.3:
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   387
  * fixes for platforms other than GNU/Linux
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   388
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   389
-------------------------------------------------------------------
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   390
Fri Apr 20 12:31:52 UTC 2018 - mliska@suse.cz
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   391
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   392
- Add 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   393
  in order to fix boo#1090362.
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   394
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   395
-------------------------------------------------------------------
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   396
Mon Apr  2 00:55:45 UTC 2018 - badshah400@gmail.com
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   397
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   398
- Add back mozilla-enable-csd.patch: New rebased version from
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   399
  Fedora for version 59.0.x.
1044
142a0c92607c merge latest from 59.x
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1043
diff changeset
   400
142a0c92607c merge latest from 59.x
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1043
diff changeset
   401
-------------------------------------------------------------------
1043
5ba4fbb8bed7 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1041
diff changeset
   402
Tue Mar 27 14:07:11 UTC 2018 - schwab@suse.de
5ba4fbb8bed7 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1041
diff changeset
   403
5ba4fbb8bed7 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1041
diff changeset
   404
- Reduce constraints on aarch64
5ba4fbb8bed7 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1041
diff changeset
   405
5ba4fbb8bed7 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1041
diff changeset
   406
-------------------------------------------------------------------
1041
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   407
Tue Mar 27 06:40:25 UTC 2018 - wr@rosenauer.org
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   408
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   409
- update to Firefox 59.0.2
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   410
  * Invalid page rendering with hardware acceleration enabled (bmo#1435472)
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   411
  * Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   412
    that use those keys with resistFingerprinting enabled (bmo#1433592)
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   413
  * High CPU / memory churn caused by third-party software on some
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   414
    computers (bmo#1446280)
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   415
  * Users who have configured an "automatic proxy configuration URL"
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   416
    and want to reload their proxy settings from the URL will find
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   417
    the Reload button disabled in the Connection Settings dialog when
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   418
    they select Preferences/Options>Network Proxy>Settings... (bmo#1445991)
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   419
  * URL Fragment Identifiers Break Service Worker Responses (bmo#1443850)
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   420
  * User's trying to cancel a print around the time it completes will
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   421
    continue to get intermittent crashes (bmo#1441598)
1043
5ba4fbb8bed7 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1041
diff changeset
   422
  MFSA 2018-10 (bsc#1087059)
1041
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   423
  * CVE-2018-5148 (bmo#1440717)
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   424
    Use-after-free in compositor
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   425
- removed obsolete patch mozilla-bmo1446062.patch
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   426
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   427
-------------------------------------------------------------------
1040
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   428
Wed Mar 21 17:14:24 UTC 2018 - cgrobertson@suse.com
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   429
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   430
- Added patches:
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   431
  * mozilla-i586-DecoderDoctorLogger.patch - bmo#1447070
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   432
    fixes non-unified build error
1041
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   433
  * mozilla-i586-domPrefs.patch - DOMPrefs.h
1040
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   434
    fixes 32bit build error
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   435
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   436
-------------------------------------------------------------------
1039
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   437
Fri Mar 16 06:40:11 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   438
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   439
- update to Firefox 59.0.1 (bsc#1085671)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   440
  MFSA 2018-08
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   441
  * CVE-2018-5146 (bmo#1446062)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   442
    Vorbis audio processing out of bounds write
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   443
  * CVE-2018-5147 (bmo#1446365)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   444
    Out of bounds memory write in libtremor
1040
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   445
    (mozilla-bmo1446062.patch)
1039
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   446
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   447
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   448
Wed Mar 14 19:27:07 UTC 2018 - cgrobertson@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   449
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   450
- Added patch:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   451
  * mozilla-bmo1005535.patch:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   452
    Enable skia_gpu on big endian platforms.
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   453
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   454
-------------------------------------------------------------------
1037
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   455
Sun Mar 11 22:12:12 UTC 2018 - wr@rosenauer.org
1036
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1035
diff changeset
   456
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1035
diff changeset
   457
- update to Firefox 59.0
1037
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   458
  * Performance enhancements
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   459
  * Drag-and-drop to rearrange Top Sites on the Firefox Home page
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   460
  * added features for Firefox Screenshots
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   461
  * Enhanced WebExtensions API
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   462
  * Improved RTC capabilities
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   463
  MFSA 2018-06 (bsc#1085130)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   464
  * CVE-2018-5127 (bmo#1430557)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   465
    Buffer overflow manipulating SVG animatedPathSegList
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   466
  * CVE-2018-5128 (bmo#1431336)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   467
    Use-after-free manipulating editor selection ranges
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   468
  * CVE-2018-5129 (bmo#1428947)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   469
    Out-of-bounds write with malformed IPC messages
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   470
  * CVE-2018-5130 (bmo#1433005)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   471
    Mismatched RTP payload type can trigger memory corruption
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   472
  * CVE-2018-5131 (bmo#1440775)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   473
    Fetch API improperly returns cached copies of no-store/no-cache resources
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   474
  * CVE-2018-5132 (bmo#1408194)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   475
    WebExtension Find API can search privileged pages
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   476
  * CVE-2018-5133 (bmo#1430511, bmo#1430974)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   477
    Value of the app.support.baseURL preference is not properly sanitized
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   478
  * CVE-2018-5134 (bmo#1429379)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   479
    WebExtensions may use view-source: URLs to bypass content restrictions
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   480
  * CVE-2018-5135 (bmo#1431371)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   481
    WebExtension browserAction can inject scripts into unintended contexts
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   482
  * CVE-2018-5136 (bmo#1419166)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   483
    Same-origin policy violation with data: URL shared workers
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   484
  * CVE-2018-5137 (bmo#1432870)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   485
    Script content can access legacy extension non-contentaccessible resources
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   486
  * CVE-2018-5138 (bmo#1432624) (Android only)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   487
    Android Custom Tab address spoofing through long domain names
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   488
  * CVE-2018-5140 (bmo#1424261)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   489
    Moz-icon images accessible to web content through moz-icon: protocol
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   490
  * CVE-2018-5141 (bmo#1429093)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   491
    DOS attack through notifications Push API
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   492
  * CVE-2018-5142 (bmo#1366357)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   493
    Media Capture and Streams API permissions display incorrect origin
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   494
    with data: and blob: URLs
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   495
  * CVE-2018-5143 (bmo#1422643)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   496
    Self-XSS pasting javascript: URL with embedded tab into addressbar
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   497
  * CVE-2018-5126
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   498
    Memory safety bugs fixed in Firefox 59
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   499
  * CVE-2018-5125
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   500
    Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
1031
4b419fce88dc merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1030
diff changeset
   501
- requires NSPR 4.18 and NSS 3.35
4b419fce88dc merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1030
diff changeset
   502
- requires rust >= 1.22.1
1032
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
   503
- removed obsolete patches:
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
   504
  mozilla-alsa-sandbox.patch
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
   505
  mozilla-enable-csd.patch
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
   506
  firefox-no-default-ualocale.patch
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
   507
- removed l10n_changesets.txt since same information is now in
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
   508
  Firefox source tree (updated create-tar.sh now requires jq)
1031
4b419fce88dc merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1030
diff changeset
   509
4b419fce88dc merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1030
diff changeset
   510
-------------------------------------------------------------------
1039
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   511
Fri Feb  9 13:37:46 UTC 2018 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   512
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   513
- Mozilla Firefox 58.0.2:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   514
  * Blocklisted graphics drivers related to off main thread painting
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   515
    crashes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   516
  * Fix tab crash during printing
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   517
  * Fix clicking links and scrolling emails on Microsoft Hotmail
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   518
    and Outlook (OWA) webmail
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   519
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   520
-------------------------------------------------------------------
1030
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
   521
Fri Feb  9 12:06:31 UTC 2018 - wr@rosenauer.org
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
   522
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
   523
- correct requires and provides handling (boo#1076907)
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
   524
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
   525
-------------------------------------------------------------------
1029
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
   526
Tue Feb  6 07:03:42 UTC 2018 - fstrba@suse.com
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
   527
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
   528
- Added patch:
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
   529
  * mozilla-alsa-sandbox.patch: Fix bmo#1430274, ALSA sound (still
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
   530
    or again?) not working in Firefox 58 due to sandboxing.
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
   531
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
   532
-------------------------------------------------------------------
1028
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1027
diff changeset
   533
Mon Jan 29 22:32:21 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1027
diff changeset
   534
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1027
diff changeset
   535
- update to Firefox 58.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1027
diff changeset
   536
  MFSA 2018-05
1037
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   537
  * Arbitrary code execution through unsanitized browser UI (bmo#1432966)
1029
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
   538
- use correct language packs
1027
7071f6ebfda6 CSD functionality
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1026
diff changeset
   539
- readd mozilla-enable-csd.patch as it only lands for FF59 upstream
7071f6ebfda6 CSD functionality
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1026
diff changeset
   540
- allow larger number of nested elements (mozilla-bmo256180.patch)
7071f6ebfda6 CSD functionality
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1026
diff changeset
   541
7071f6ebfda6 CSD functionality
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1026
diff changeset
   542
-------------------------------------------------------------------
1026
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   543
Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   544
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   545
- update to Firefox 58.0 (bsc#1077291)
1023
fce335a42db7 new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1020
diff changeset
   546
  * Added Nepali (ne-NP) locale
fce335a42db7 new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1020
diff changeset
   547
  * Added support for form autofill for credit card
fce335a42db7 new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1020
diff changeset
   548
  * Optimize page load by caching JavaScript internal representation
1026
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   549
  MFSA 2018-02
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   550
  * CVE-2018-5091 (bmo#1423086)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   551
    Use-after-free with DTMF timers
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   552
  * CVE-2018-5092 (bmo#1418074)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   553
    Use-after-free in Web Workers
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   554
  * CVE-2018-5093 (bmo#1415291)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   555
    Buffer overflow in WebAssembly during Memory/Table resizing
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   556
  * CVE-2018-5094 (bmo#1415883)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   557
    Buffer overflow in WebAssembly with garbage collection on
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   558
    uninitialized memory
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   559
  * CVE-2018-5095 (bmo#1418447)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   560
    Integer overflow in Skia library during edge builder allocation
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   561
  * CVE-2018-5097 (bmo#1387427)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   562
    Use-after-free when source document is manipulated during XSLT
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   563
  * CVE-2018-5098 (bmo#1399400)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   564
    Use-after-free while manipulating form input elements
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   565
  * CVE-2018-5099 (bmo#1416878)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   566
    Use-after-free with widget listener
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   567
  * CVE-2018-5100 (bmo#1417405)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   568
    Use-after-free when IsPotentiallyScrollable arguments are freed
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   569
    from memory
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   570
  * CVE-2018-5101 (bmo#1417661)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   571
    Use-after-free with floating first-letter style elements
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   572
  * CVE-2018-5102 (bmo#1419363)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   573
    Use-after-free in HTML media elements
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   574
  * CVE-2018-5103 (bmo#1423159)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   575
    Use-after-free during mouse event handling
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   576
  * CVE-2018-5104 (bmo#1425000)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   577
    Use-after-free during font face manipulation
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   578
  * CVE-2018-5105 (bmo#1390882)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   579
    WebExtensions can save and execute files on local file system
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   580
    without user prompts
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   581
  * CVE-2018-5106 (bmo#1408708)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   582
    Developer Tools can expose style editor information cross-origin
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   583
    through service worker
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   584
  * CVE-2018-5107 (bmo#1379276)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   585
    Printing process will follow symlinks for local file access
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   586
  * CVE-2018-5108 (bmo#1421099)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   587
    Manually entered blob URL can be accessed by subsequent private browsing tabs
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   588
  * CVE-2018-5109 (bmo#1405599)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   589
    Audio capture prompts and starts with incorrect origin attribution
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   590
  * CVE-2018-5110 (bmo#1423275) (affects only OS X)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   591
    Cursor can be made invisible on OS X
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   592
  * CVE-2018-5111 (bmo#1321619)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   593
    URL spoofing in addressbar through drag and drop
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   594
  * CVE-2018-5112 (bmo#1425224)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   595
    Extension development tools panel can open a non-relative URL in the panel
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   596
  * CVE-2018-5113 (bmo#1425267)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   597
    WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   598
  * CVE-2018-5114 (bmo#1421324)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   599
    The old value of a cookie changed to HttpOnly remains accessible to scripts
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   600
  * CVE-2018-5115 (bmo#1409449)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   601
    Background network requests can open HTTP authentication in unrelated foreground tabs
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   602
  * CVE-2018-5116 (bmo#1396399)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   603
    WebExtension ActiveTab permission allows cross-origin frame content access
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   604
  * CVE-2018-5117 (bmo#1395508)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   605
    URL spoofing with right-to-left text aligned left-to-right
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   606
  * CVE-2018-5118 (bmo#1420049)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   607
    Activity Stream images can attempt to load local content through file:
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   608
  * CVE-2018-5119 (bmo#1420507)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   609
    Reader view will load cross-origin content in violation of CORS headers
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   610
  * CVE-2018-5121 (bmo#1402368) (affects only OS X)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   611
    OS X Tibetan characters render incompletely in the addressbar
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   612
  * CVE-2018-5122 (bmo#1413841)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   613
    Potential integer overflow in DoCrypt
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   614
  * CVE-2018-5090
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   615
    Memory safety bugs fixed in Firefox 58
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   616
  * CVE-2018-5089
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
   617
    Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
1019
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   618
- requires NSS 3.34.1
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   619
- requires rust 1.21
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   620
- removed obsolete patches:
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   621
  mozilla-bindgen-systemlibs.patch
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   622
  mozilla-bmo1360278.patch
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   623
  mozilla-bmo1399611-csd.patch
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   624
  mozilla-rust-1.23.patch
1020
d2c159cb9bf2 rebased patches; updated spec file
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1019
diff changeset
   625
- rebased patches
1023
fce335a42db7 new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1020
diff changeset
   626
- updated man-page
1019
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   627
b0c883afdffa initial preparation for 58 cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1017
diff changeset
   628
-------------------------------------------------------------------
1017
8ccb9c3cbe47 build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1016
diff changeset
   629
Tue Jan  9 18:48:02 UTC 2018 - wr@rosenauer.org
8ccb9c3cbe47 build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1016
diff changeset
   630
8ccb9c3cbe47 build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1016
diff changeset
   631
- fixed build with latest rust (mozilla-rust-1.23.patch)
8ccb9c3cbe47 build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1016
diff changeset
   632
8ccb9c3cbe47 build with latest rust
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1016
diff changeset
   633
-------------------------------------------------------------------
1016
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   634
Thu Jan  4 12:23:41 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   635
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   636
- update to Firefox 57.0.4
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   637
  MFSA 2018-1: Speculative execution side-channel attack ("Spectre")
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   638
  (boo#1074723)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   639
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1015
diff changeset
   640
-------------------------------------------------------------------
1015
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   641
Wed Jan  3 08:29:38 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   642
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   643
- fixed regression introduced Oct 10th which made Firefox crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   644
  when cancelling the KDE file dialog (boo#1069962)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   645
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   646
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   647
Fri Dec 29 19:52:34 UTC 2017 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   648
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   649
- Mozilla Firefox 57.0.3:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   650
  * Fix a crash reporting issue that inadvertently sends background
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   651
    tab crash reports to Mozilla without user opt-in (bmo#1427111,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   652
    bsc#1074235)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   653
- Includes changes from 57.0.2:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   654
  * fixes for platforms other than GNU/Linux
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   655
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1012
diff changeset
   656
-------------------------------------------------------------------
1012
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   657
Fri Dec  8 15:52:17 UTC 2017 - dimstar@opensuse.org
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   658
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   659
- Explicitly buildrequires python2-xml: The build system relies on
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   660
  it. We wrongly relied on other packages pulling it in for us.
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   661
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   662
-------------------------------------------------------------------
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   663
Thu Dec  7 11:12:31 UTC 2017 - dimstar@opensuse.org
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   664
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   665
- Escape the usage of %{VERSION} when calling out to rpm.
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   666
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   667
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   668
-------------------------------------------------------------------
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   669
Wed Nov 29 23:45:03 UTC 2017 - wr@rosenauer.org
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   670
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   671
- update to Firefox 57.0.1
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   672
  * CVE-2017-7843: Web worker in Private Browsing mode can write
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   673
    IndexedDB data (bsc#1072034, bmo#1410106)
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   674
  * CVE-2017-7844: Visited history information leak through SVG
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   675
    image (bsc#1072036, bmo#1420001)
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   676
  * Fix a video color distortion issue on YouTube and other video
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   677
    sites with some AMD devices (bmo#1417442)
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   678
  * Fix an issue with prefs.js when the profile path has non-ascii
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   679
    characters (bmo#1420427)
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   680
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   681
-------------------------------------------------------------------
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   682
Tue Nov 21 09:00:48 UTC 2017 - christophe@krop.fr
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   683
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   684
- Add mozilla-bmo1360278.patch
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   685
  Starting with Firefox 57, the context menu appears on key press.
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   686
  This patch creates a config entry to restore the
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   687
  old behaviour. Without the patch, the mouse gesture extensions
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   688
  require 2 clicks to work (bmo#1360278).
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   689
  The new config entry is named ui.context_menus.after_mouseup
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   690
  (default : false).
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   691
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   692
-------------------------------------------------------------------
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   693
Sat Nov 18 08:35:21 UTC 2017 - wr@rosenauer.org
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   694
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   695
- Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   696
  widget.allow-client-side-decoration=true
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   697
  (mozilla-bmo1399611-csd.patch)
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   698
0c59a30173da several changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1011
diff changeset
   699
-------------------------------------------------------------------
1011
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   700
Wed Nov 15 06:46:06 UTC 2017 - wr@rosenauer.org
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   701
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   702
- update to Firefox 57.0 (boo#1068101)
1008
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   703
  * Firefox Quantum
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   704
  * Photon UI
1011
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   705
  * Unified address and search bar
1008
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   706
  * AMD VP9 hardware video decoder support
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   707
  * Added support for Date/Time input
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   708
  * stricter security sandbox blocking filesystem reading and
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   709
    writing on Linux systems
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   710
  * middle mouse paste in the content area no longer navigates to
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   711
    URLs by default on Unix systems
1011
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   712
  MFSA 2017-24
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   713
  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   714
    Use-after-free of PressShell while restyling layout
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   715
  * CVE-2017-7830 (bmo#1408990)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   716
    Cross-origin URL information leak through Resource Timing API
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   717
  * CVE-2017-7831 (bmo#1392026)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   718
    Information disclosure of exposed properties on JavaScript proxy
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   719
    objects
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   720
  * CVE-2017-7832 (bmo#1408782)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   721
    Domain spoofing through use of dotless 'i' character followed
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   722
    by accent markers
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   723
  * CVE-2017-7833 (bmo#1370497)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   724
    Domain spoofing with Arabic and Indic vowel marker characters
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   725
  * CVE-2017-7834 (bmo#1358009)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   726
    data: URLs opened in new tabs bypass CSP protections
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   727
  * CVE-2017-7835 (bmo#1402363)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   728
    Mixed content blocking incorrectly applies with redirects
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   729
  * CVE-2017-7836 (bmo#1401339)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   730
    Pingsender dynamically loads libcurl on Linux and OS X
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   731
  * CVE-2017-7837 (bmo#1325923)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   732
    SVG loaded as <img> can use meta tags to set cookies
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   733
  * CVE-2017-7838 (bmo#1399540)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   734
    Failure of individual decoding of labels in international domain
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   735
    names triggers punycode display of entire IDN
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   736
  * CVE-2017-7839 (bmo#1402896)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   737
    Control characters before javascript: URLs defeats self-XSS
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   738
    prevention mechanism
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   739
  * CVE-2017-7840 (bmo#1366420)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   740
    Exported bookmarks do not strip script elements from user-supplied
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   741
    tags
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   742
  * CVE-2017-7842 (bmo#1397064)
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   743
    Referrer Policy is not always respected for <link> elements
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   744
  * CVE-2017-7827
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   745
    Memory safety bugs fixed in Firefox 57
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   746
  * CVE-2017-7826
85bd01789b6f Firefo 57.0 final release (incl. changelogs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1008
diff changeset
   747
    Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
1004
f98f2fd265af update version requirements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1001
diff changeset
   748
- requires NSPR 4.17, NSS 3.33 and rustc 1.19
1005
6d716caa6abe 57.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1004
diff changeset
   749
- rebased patches
1008
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   750
- added mozilla-bindgen-systemlibs.patch to allow stylo build
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   751
  with system libs (bmo#1341234)
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   752
- removed mozilla-language.patch since the whole locale code
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   753
  changed in Firefox and is relying on ICU now
77c890186192 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1005
diff changeset
   754
- removed obsolete mozilla-ucontext.patch
1004
f98f2fd265af update version requirements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1001
diff changeset
   755
f98f2fd265af update version requirements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1001
diff changeset
   756
-------------------------------------------------------------------
1001
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   757
Sat Oct 28 06:30:37 UTC 2017 - wr@rosenauer.org
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   758
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   759
- update to Firefox 56.0.2
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   760
  * Disable Form Autofill completely on user request (bmo#1404531)
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   761
  * Fix for video-related crashes on Windows 7 (bmo#1409141)
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   762
  * Correct detection for 64-bit GSSAPI authentication (bmo#1409275)
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   763
  * Fix for shutdown crash (bmo#1404105)
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   764
7339b115a221 Firefox 56.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1000
diff changeset
   765
-------------------------------------------------------------------
1000
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   766
Tue Oct 10 11:47:49 UTC 2017 - wr@rosenauer.org
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   767
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   768
- update to Firefox 56.0.1
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   769
  * Block D3D11 when using Intel drivers on Windows 7 systems with
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   770
    partial AVX support (bmo#1403353)
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   771
  -> just to sync the version number
998
6c6109948e35 enable stylo (Quantum CSS) for TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 997
diff changeset
   772
- enable stylo for TW (requires LLVM >= 3.9)
1000
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   773
- queue KDE filepicker requests to avoid non-opening file dialogs
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   774
  happening in certain situations (contributed by Ignaz Forster)
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   775
- the placeholder dot in KDE file dialog in case of empty filenames
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   776
  was removed, apparently not required (anymore)
bfa8722a06ad update to 56.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 998
diff changeset
   777
  (contributed by Ignaz Forster)
998
6c6109948e35 enable stylo (Quantum CSS) for TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 997
diff changeset
   778
6c6109948e35 enable stylo (Quantum CSS) for TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 997
diff changeset
   779
-------------------------------------------------------------------
997
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   780
Sun Oct  1 18:25:16 UTC 2017 - stefan.bruens@rwth-aachen.de
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   781
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   782
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   783
  script was not detecting aarch64 as a 64 bit architecture, thus
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   784
  used /usr/lib/browser-plugins/.
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   785
ca8a6ac7fbf6 - Correct plugin directory for aarch64 (boo#1061207). The wrapper
Stefan Br?ns <stefan.bruens@rwth-aachen.de>
parents: 996
diff changeset
   786
-------------------------------------------------------------------
996
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   787
Sat Sep 30 20:10:50 UTC 2017 - zaitor@opensuse.org
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   788
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   789
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   790
  pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   791
  pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   792
  pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   793
  looks for.
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   794
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   795
-------------------------------------------------------------------
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   796
Thu Sep 28 08:28:29 UTC 2017 - wr@rosenauer.org
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   797
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   798
- update to Firefox 56.0 (boo#1060445)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   799
  * Firefox Screenshots
994
9fc447b00040 Firefox 56.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 992
diff changeset
   800
  * Find Options/Preferences more quickly with new search function
9fc447b00040 Firefox 56.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 992
diff changeset
   801
  * Media is no longer auto-played when opened in a background tab
9fc447b00040 Firefox 56.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 992
diff changeset
   802
  * Enable CSS Grid Layout View
996
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   803
  MFSA 2017-21
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   804
  * CVE-2017-7793 (bmo#1371889)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   805
    Use-after-free with Fetch API
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   806
  * CVE-2017-7817 (bmo#1356596) (Android-only)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   807
    Firefox for Android address bar spoofing through fullscreen mode
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   808
  * CVE-2017-7818 (bmo#1363723)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   809
    Use-after-free during ARIA array manipulation
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   810
  * CVE-2017-7819 (bmo#1380292)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   811
    Use-after-free while resizing images in design mode
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   812
  * CVE-2017-7824 (bmo#1398381)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   813
    Buffer overflow when drawing and validating elements with ANGLE
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   814
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   815
    Use-after-free in TLS 1.2 generating handshake hashes
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   816
  * CVE-2017-7812 (bmo#1379842)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   817
    Drag and drop of malicious page content to the tab bar can open locally stored files
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   818
  * CVE-2017-7814 (bmo#1376036)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   819
    Blob and data URLs bypass phishing and malware protection warnings
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   820
  * CVE-2017-7813 (bmo#1383951)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   821
    Integer truncation in the JavaScript parser
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   822
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   823
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   824
  * CVE-2017-7815 (bmo#1368981)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   825
    Spoofing attack with modal dialogs on non-e10s installations
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   826
  * CVE-2017-7816 (bmo#1380597)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   827
    WebExtensions can load about: URLs in extension UI
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   828
  * CVE-2017-7821 (bmo#1346515)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   829
    WebExtensions can download and open non-executable files without user interaction
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   830
  * CVE-2017-7823 (bmo#1396320)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   831
    CSP sandbox directive did not create a unique origin
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   832
  * CVE-2017-7822 (bmo#1368859)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   833
    WebCrypto allows AES-GCM with 0-length IV
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   834
  * CVE-2017-7820 (bmo#1378207)
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   835
    Xray wrapper bypass with new tab and web console
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   836
  * CVE-2017-7811
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   837
    Memory safety bugs fixed in Firefox 56
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   838
  * CVE-2017-7810
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   839
    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
994
9fc447b00040 Firefox 56.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 992
diff changeset
   840
- requires NSPR 4.16 and NSS 3.32.1
996
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   841
- rebased patches
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   842
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   843
-------------------------------------------------------------------
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   844
Thu Sep 28 07:53:13 UTC 2017 - dimstar@opensuse.org
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   845
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   846
- Add alsa-devel BuildRequires: we care for ALSA support to be
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   847
  built and thus need to ensure we get the dependencies in place.
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   848
  In the past, alsa-devel was pulled in by accident: we
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   849
  buildrequire libgnome-devel. This required esound-devel and that
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   850
  in turn pulled in alsa-devel for us. libgnome is being fixed to
84d25951c2db - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
zaitor@opensuse.org
parents: 994
diff changeset
   851
  no longer require esound-devel.
994
9fc447b00040 Firefox 56.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 992
diff changeset
   852
9fc447b00040 Firefox 56.0b12
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 992
diff changeset
   853
-------------------------------------------------------------------
992
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   854
Mon Sep  4 18:27:44 UTC 2017 - wr@rosenauer.org
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   855
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   856
- update to Firefox 55.0.3
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   857
  * Fix an issue with addons when using a path containing non-ascii
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   858
    characters (bmo#1389160)
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   859
  * Fix file uploads to some websites, including YouTube (bmo#1383518)
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   860
- fix Google API key build integration
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   861
- add mozilla-ucontext.patch to fix Tumbleweed build
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   862
- do not enable XINPUT2 for now (boo#1053959)
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   863
b2ba34e0dc10 Firefox 55.0.3 and some other fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 991
diff changeset
   864
-------------------------------------------------------------------
991
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   865
Fri Aug 11 08:32:30 UTC 2017 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   866
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   867
- update to Firefox 55.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   868
  * Fix a regression the tab restoration process (bmo#1388160)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   869
  * Fix a problem causing What's new pages not to be displayed (bmo#1386224)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   870
  * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   871
  * Disable the predictor prefetch (bmo#1388160)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   872
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   873
-------------------------------------------------------------------
985
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   874
Sat Aug  5 13:22:16 UTC 2017 - wr@rosenauer.org
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   875
991
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   876
- update to Firefox 55.0 (boo#1052829)
985
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   877
  * Browsing sessions with a high number of tabs are now restored
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   878
    in an instant
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   879
  * Sidebar (bookmarks, history, synced tabs) can now be moved to
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   880
    the right edge of the window
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   881
  * Fine-tune your browser performance from the Preferences/Options page.
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   882
  * Make screenshots of webpages, and save them locally or upload
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   883
    them to the cloud. This feature will undergo A/B testing and
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   884
    will not be visible for some users.
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   885
  * Added Belarusian (be) locale
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   886
  * Simplify print jobs from within print preview
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   887
  * Use virtual reality devices with the web with the introduction
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   888
    of WebVR
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   889
  * Search suggestions are now enabled by default for users who
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   890
    haven't explicitly opted-out
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   891
  * Search with any installed search engine directly from the
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   892
    location bar
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   893
  * IMPORTANT: Breaking profile changes - do not downgrade Firefox
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   894
    and use a profile that has been opened with Firefox 55+.
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   895
  * The Adobe Flash plugin is now click-to-activate by default and
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   896
    only allowed on http:// and https:// URL schemes. This change
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   897
    will be rolled out progressively and so will not be visible to
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   898
    all users immediately. For more information see the Firefox
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   899
    plugin roadmap
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   900
  * Modernized application update UI to be less intrusive and more
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   901
    aligned with the rest of the browser. Only users who have not
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   902
    restarted their browser 8 days after downloading an update or
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   903
    users who opted out of automatic updates will see this change.
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   904
  * Insecure sites can no longer access the Geolocation APIs to get
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   905
    access to your physical location
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   906
  * requires NSPR 4.15 and NSS 3.31
991
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   907
  MFSA 2017-18
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   908
  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   909
    XUL injection in the style editor in devtools
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   910
  * CVE-2017-7800 (bmo#1374047)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   911
    Use-after-free in WebSockets during disconnection
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   912
  * CVE-2017-7801 (bmo#1371259)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   913
    Use-after-free with marquee during window resizing
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   914
  * CVE-2017-7809 (bmo#1380284)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   915
    Use-after-free while deleting attached editor DOM node
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   916
  * CVE-2017-7784 (bmo#1376087)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   917
    Use-after-free with image observers
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   918
  * CVE-2017-7802 (bmo#1378147)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   919
    Use-after-free resizing image elements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   920
  * CVE-2017-7785 (bmo#1356985)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   921
    Buffer overflow manipulating ARIA attributes in DOM
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   922
  * CVE-2017-7786 (bmo#1365189)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   923
    Buffer overflow while painting non-displayable SVG
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   924
  * CVE-2017-7806 (bmo#1378113)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   925
    Use-after-free in layer manager with SVG
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   926
  * CVE-2017-7753 (bmo#1353312)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   927
    Out-of-bounds read with cached style data and pseudo-elements#
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   928
  * CVE-2017-7787 (bmo#1322896)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   929
    Same-origin policy bypass with iframes through page reloads
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   930
  * CVE-2017-7807 (bmo#1376459)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   931
    Domain hijacking through AppCache fallback
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   932
  * CVE-2017-7792 (bmo#1368652)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   933
    Buffer overflow viewing certificates with an extremely long OID
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   934
  * CVE-2017-7804 (bmo#1372849)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   935
    Memory protection bypass through WindowsDllDetourPatcher
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   936
  * CVE-2017-7791 (bmo#1365875)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   937
    Spoofing following page navigation with data: protocol and modal alerts
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   938
  * CVE-2017-7808 (bmo#1367531)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   939
    CSP information leak with frame-ancestors containing paths
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   940
  * CVE-2017-7782 (bmo#1344034)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   941
    WindowsDllDetourPatcher allocates memory without DEP protections
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   942
  * CVE-2017-7781 (bmo#1352039)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   943
    Elliptic curve point addition error when using mixed Jacobian-affine coordinates
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   944
  * CVE-2017-7794 (bmo#1374281)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   945
    Linux file truncation via sandbox broker
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   946
  * CVE-2017-7803 (bmo#1377426)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   947
    CSP containing 'sandbox' improperly applied
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   948
  * CVE-2017-7799 (bmo#1372509)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   949
    Self-XSS XUL injection in about:webrtc
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   950
  * CVE-2017-7783 (bmo#1360842)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   951
    DOS attack through long username in URL
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   952
  * CVE-2017-7788 (bmo#1073952)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   953
    Sandboxed about:srcdoc iframes do not inherit CSP directives
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   954
  * CVE-2017-7789 (bmo#1074642)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   955
    Failure to enable HSTS when two STS headers are sent for a connection
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   956
  * CVE-2017-7790 (bmo#1350460) (Windows-only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   957
    Windows crash reporter reads extra memory for some non-null-terminated registry values
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   958
  * CVE-2017-7796 (bmo#1234401) (Windows-only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   959
    Windows updater can delete any file named update.log
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   960
  * CVE-2017-7797 (bmo#1334776)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   961
    Response header name interning leaks across origins
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   962
  * CVE-2017-7780
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   963
    Memory safety bugs fixed in Firefox 55
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   964
  * CVE-2017-7779
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 986
diff changeset
   965
    Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
985
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   966
- updated mozilla-kde.patch:
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   967
  * removed "downloadfinished" alert as Firefox reimplemented the
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   968
    whole thing (TODO: check if there is another function we should
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   969
    hook in)
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   970
038d048a3940 Firefox 55.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 983
diff changeset
   971
-------------------------------------------------------------------
983
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   972
Tue Jul  4 20:08:47 UTC 2017 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   973
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   974
- update to Firefox 54.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   975
  * Fix a display issue of tab title (bmo#1357656)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   976
  * Fix a display issue of opening new tab (bmo#1371995)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   977
  * Fix a display issue when opening multiple tabs (bmo#1371962)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   978
  * Fix a tab display issue when downloading files (bmo#1373109)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   979
  * Fix a PDF printing issue (bmo#1366744)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   980
  * Fix a Netflix issue on Linux (bmo#1375708)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   981
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 982
diff changeset
   982
-------------------------------------------------------------------
982
53443ffb496a Firefox 54.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 981
diff changeset
   983
Thu Jun 15 13:56:05 UTC 2017 - wr@rosenauer.org
53443ffb496a Firefox 54.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 981
diff changeset
   984
53443ffb496a Firefox 54.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 981
diff changeset
   985
- update to Firefox 54.0
981
593707d5c013 added changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 979
diff changeset
   986
  * Clearer and more detailed information for download items in the
593707d5c013 added changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 979
diff changeset
   987
    download panel
593707d5c013 added changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 979
diff changeset
   988
  * Added Burmese (my) locale
593707d5c013 added changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 979
diff changeset
   989
  * Bookmarks created on mobile devices are now shown in
593707d5c013 added changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 979
diff changeset
   990
    "Mobile Bookmarks” folder in the drop down list from the toolbar
593707d5c013 added changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 979
diff changeset
   991
    and Bookmarks option in the menu bar in Desktop Firefox
982
53443ffb496a Firefox 54.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 981
diff changeset
   992
  * added support for multiple content processes (e10s-multi)
979
f82a374a310d Firefox 54.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 977
diff changeset
   993
- requires NSPR 4.14 and NSS 3.30.2
f82a374a310d Firefox 54.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 977
diff changeset
   994
- requires rust 1.15.1
f82a374a310d Firefox 54.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 977
diff changeset
   995
- removed mozilla-shared-nss-db.patch as it seems to be a rather
f82a374a310d Firefox 54.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 977
diff changeset
   996
  unused feature
f82a374a310d Firefox 54.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 977
diff changeset
   997
f82a374a310d Firefox 54.0b13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 977
diff changeset
   998
-------------------------------------------------------------------
977
224d8137f02c remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 967
diff changeset
   999
Thu Jun  1 04:25:05 UTC 2017 - kah0922@gmail.com
224d8137f02c remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 967
diff changeset
  1000
224d8137f02c remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 967
diff changeset
  1001
- remove -fno-inline-small-functions and explicitely optimize with
224d8137f02c remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 967
diff changeset
  1002
  -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)
224d8137f02c remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 967
diff changeset
  1003
224d8137f02c remove -fno-inline-small-functions and explicitely optimize with
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 967
diff changeset
  1004
-------------------------------------------------------------------
967
188c3f40f0da recent changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 964
diff changeset
  1005
Wed Apr 26 12:37:38 UTC 2017 - wr@rosenauer.org
964
218a4e337cfe use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 962
diff changeset
  1006
218a4e337cfe use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 962
diff changeset
  1007
- switch to Mozilla's geolocation service (boo#1026989)
218a4e337cfe use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 962
diff changeset
  1008
- removed mozilla-preferences.patch obsoleted by overriding via
218a4e337cfe use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 962
diff changeset
  1009
  firefox.js
967
188c3f40f0da recent changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 964
diff changeset
  1010
- fixed KDE integration to avoid crash caused by filepicker
188c3f40f0da recent changes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 964
diff changeset
  1011
  (boo#1015998)
964
218a4e337cfe use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 962
diff changeset
  1012
218a4e337cfe use mozilla geolocation api instead of broken google one
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 962
diff changeset
  1013
-------------------------------------------------------------------
960
42e50afb9638 Firefox 53.0 (build6)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 959
diff changeset
  1014
Mon Apr 17 12:52:10 UTC 2017 - wr@rosenauer.org
42e50afb9638 Firefox 53.0 (build6)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 959
diff changeset
  1015
42e50afb9638 Firefox 53.0 (build6)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 959
diff changeset
  1016
- update to Firefox 53.0
956
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 954
diff changeset
  1017
  * requires NSS 3.29.5
951
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
  1018
  * Lightweight themes are now applied in private browsing windows
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
  1019
  * Reader Mode now displays estimated reading time for the page
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
  1020
  * Two new 'compact' themes available in Firefox, dark and light,
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
  1021
    based on the Firefox Developer Edition theme
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
  1022
  * Ended Firefox Linux support for processors older than Pentium 4
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
  1023
    and AMD Opteron
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
  1024
  * Refresh of the media controls user interface
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
  1025
  * Shortened titles on tabs are faded out instead of using ellipsis
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
  1026
    for improved readability
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
  1027
  * Media playback on new tabs is blocked until the tab is visible
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
  1028
  * Permission notifications have a cleaner design and cannot be
f7a8fa97a57e merge latest changes from firefox52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 946
diff changeset
  1029
    easily missed
962
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1030
  MFSA 2017-10
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1031
  * CVE-2017-5456 (bmo#1344415)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1032
    Sandbox escape allowing local file system access
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1033
  * CVE-2017-5442 (bmo#1347979)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1034
    Use-after-free during style changes
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1035
  * CVE-2017-5443 (bmo#1342661)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1036
    Out-of-bounds write during BinHex decoding
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1037
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1038
     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1039
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1040
    Firefox ESR 52.1
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1041
  * CVE-2017-5464 (bmo#1347075)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1042
    Memory corruption with accessibility and DOM manipulation
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1043
  * CVE-2017-5465 (bmo#1347617)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1044
    Out-of-bounds read in ConvolvePixel
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1045
  * CVE-2017-5466 (bmo#1353975)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1046
    Origin confusion when reloading isolated data:text/html URL
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1047
  * CVE-2017-5467 (bmo#1347262)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1048
    Memory corruption when drawing Skia content
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1049
  * CVE-2017-5460 (bmo#1343642)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1050
    Use-after-free in frame selection
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1051
  * CVE-2017-5461 (bmo#1344380)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1052
    Out-of-bounds write in Base64 encoding in NSS
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1053
  * CVE-2017-5448 (bmo#1346648)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1054
    Out-of-bounds write in ClearKeyDecryptor
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1055
  * CVE-2017-5449 (bmo#1340127)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1056
    Crash during bidirectional unicode manipulation with animation
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1057
  * CVE-2017-5446 (bmo#1343505)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1058
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1059
  * CVE-2017-5447 (bmo#1343552)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1060
    Out-of-bounds read during glyph processing
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1061
  * CVE-2017-5444 (bmo#1344461)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1062
    Buffer overflow while parsing application/http-index-format content
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1063
  * CVE-2017-5445 (bmo#1344467)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1064
    Uninitialized values used while parsing application/http-index-format
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1065
    content
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1066
  * CVE-2017-5468 (bmo#1329521)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1067
    Incorrect ownership model for Private Browsing information
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1068
  * CVE-2017-5469 (bmo#1292534)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1069
    Potential Buffer overflow in flex-generated code
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1070
  * CVE-2017-5440 (bmo#1336832)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1071
    Use-after-free in txExecutionState destructor during XSLT processing
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1072
  * CVE-2017-5441 (bmo#1343795)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1073
    Use-after-free with selection during scroll events
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1074
  * CVE-2017-5439 (bmo#1336830)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1075
    Use-after-free in nsTArray Length() during XSLT processing
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1076
  * CVE-2017-5438 (bmo#1336828)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1077
    Use-after-free in nsAutoPtr during XSLT processing
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1078
  * CVE-2017-5437 (bmo#1343453)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1079
    Vulnerabilities in Libevent library
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1080
  * CVE-2017-5436 (bmo#1345461)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1081
    Out-of-bounds write with malicious font in Graphite 2
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1082
  * CVE-2017-5435 (bmo#1350683)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1083
    Use-after-free during transaction processing in the editor
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1084
  * CVE-2017-5434 (bmo#1349946)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1085
    Use-after-free during focus handling
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1086
  * CVE-2017-5433 (bmo#1347168)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1087
    Use-after-free in SMIL animation functions
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1088
  * CVE-2017-5432 (bmo#1346654)
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1089
    Use-after-free in text input selection
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1090
  * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
fbb2f292caaa add security information to changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 960
diff changeset
  1091
     bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686,
fbb2f292caaa add security information to changelog
Wolfgang