Mercurial Mercurial > hg > mozilla / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
changeset 1018 0e45f8ad501c
parent 1017 8ccb9c3cbe47
child 1019 b0c883afdffa
equal deleted inserted replaced
1008:77c890186192 1018:0e45f8ad501c 
     1 -------------------------------------------------------------------
 
     1 -------------------------------------------------------------------
 
     2 Thu Nov  9 15:01:30 UTC 2017 - wr@rosenauer.org
 
     2 Tue Jan  9 18:48:02 UTC 2018 - wr@rosenauer.org
 
     3 
     3 
     4 - update to Firefox 57.0b14
 
     4 - fixed build with latest rust (mozilla-rust-1.23.patch)
 
       
     5 
       
     6 -------------------------------------------------------------------
 
       
     7 Thu Jan  4 12:23:41 UTC 2018 - wr@rosenauer.org
 
       
     8 
       
     9 - update to Firefox 57.0.4
 
       
    10   MFSA 2018-1: Speculative execution side-channel attack ("Spectre")
 
       
    11   (boo#1074723)
 
       
    12 
       
    13 -------------------------------------------------------------------
 
       
    14 Wed Jan  3 08:29:38 UTC 2018 - wr@rosenauer.org
 
       
    15 
       
    16 - fixed regression introduced Oct 10th which made Firefox crash
 
       
    17   when cancelling the KDE file dialog (boo#1069962)
 
       
    18 
       
    19 -------------------------------------------------------------------
 
       
    20 Fri Dec 29 19:52:34 UTC 2017 - astieger@suse.com
 
       
    21 
       
    22 - Mozilla Firefox 57.0.3:
 
       
    23   * Fix a crash reporting issue that inadvertently sends background
 
       
    24     tab crash reports to Mozilla without user opt-in (bmo#1427111,
 
       
    25     bsc#1074235)
 
       
    26 - Includes changes from 57.0.2:
 
       
    27   * fixes for platforms other than GNU/Linux
 
       
    28 
       
    29 -------------------------------------------------------------------
 
       
    30 Fri Dec  8 15:52:17 UTC 2017 - dimstar@opensuse.org
 
       
    31 
       
    32 - Explicitly buildrequires python2-xml: The build system relies on
 
       
    33   it. We wrongly relied on other packages pulling it in for us.
 
       
    34 
       
    35 -------------------------------------------------------------------
 
       
    36 Thu Dec  7 11:12:31 UTC 2017 - dimstar@opensuse.org
 
       
    37 
       
    38 - Escape the usage of %{VERSION} when calling out to rpm.
 
       
    39   RPM 4.14 has %{VERSION} defined as 'the main packages version'.
 
       
    40 
       
    41 -------------------------------------------------------------------
 
       
    42 Wed Nov 29 23:45:03 UTC 2017 - wr@rosenauer.org
 
       
    43 
       
    44 - update to Firefox 57.0.1
 
       
    45   * CVE-2017-7843: Web worker in Private Browsing mode can write
 
       
    46     IndexedDB data (bsc#1072034, bmo#1410106)
 
       
    47   * CVE-2017-7844: Visited history information leak through SVG
 
       
    48     image (bsc#1072036, bmo#1420001)
 
       
    49   * Fix a video color distortion issue on YouTube and other video
 
       
    50     sites with some AMD devices (bmo#1417442)
 
       
    51   * Fix an issue with prefs.js when the profile path has non-ascii
 
       
    52     characters (bmo#1420427)
 
       
    53 
       
    54 -------------------------------------------------------------------
 
       
    55 Tue Nov 21 09:00:48 UTC 2017 - christophe@krop.fr
 
       
    56 
       
    57 - Add mozilla-bmo1360278.patch
 
       
    58   Starting with Firefox 57, the context menu appears on key press.
 
       
    59   This patch creates a config entry to restore the
 
       
    60   old behaviour. Without the patch, the mouse gesture extensions
 
       
    61   require 2 clicks to work (bmo#1360278).
 
       
    62   The new config entry is named ui.context_menus.after_mouseup
 
       
    63   (default : false).
 
       
    64 
       
    65 -------------------------------------------------------------------
 
       
    66 Sat Nov 18 08:35:21 UTC 2017 - wr@rosenauer.org
 
       
    67 
       
    68 - Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled
 
       
    69   widget.allow-client-side-decoration=true
 
       
    70   (mozilla-bmo1399611-csd.patch)
 
       
    71 
       
    72 -------------------------------------------------------------------
 
       
    73 Wed Nov 15 06:46:06 UTC 2017 - wr@rosenauer.org
 
       
    74 
       
    75 - update to Firefox 57.0 (boo#1068101)
 
     5   * Firefox Quantum
 
    76   * Firefox Quantum
 
     6   * Photon UI
 
    77   * Photon UI
 
       
    78   * Unified address and search bar
 
     7   * AMD VP9 hardware video decoder support
 
    79   * AMD VP9 hardware video decoder support
 
     8   * Added support for Date/Time input
 
    80   * Added support for Date/Time input
 
     9   * stricter security sandbox blocking filesystem reading and
 
    81   * stricter security sandbox blocking filesystem reading and
 
    10     writing on Linux systems
 
    82     writing on Linux systems
 
    11   * middle mouse paste in the content area no longer navigates to
 
    83   * middle mouse paste in the content area no longer navigates to
 
    12     URLs by default on Unix systems
 
    84     URLs by default on Unix systems
 
       
    85   MFSA 2017-24
 
       
    86   * CVE-2017-7828 (bmo#1406750. bmo#1412252)
 
       
    87     Use-after-free of PressShell while restyling layout
 
       
    88   * CVE-2017-7830 (bmo#1408990)
 
       
    89     Cross-origin URL information leak through Resource Timing API
 
       
    90   * CVE-2017-7831 (bmo#1392026)
 
       
    91     Information disclosure of exposed properties on JavaScript proxy
 
       
    92     objects
 
       
    93   * CVE-2017-7832 (bmo#1408782)
 
       
    94     Domain spoofing through use of dotless 'i' character followed
 
       
    95     by accent markers
 
       
    96   * CVE-2017-7833 (bmo#1370497)
 
       
    97     Domain spoofing with Arabic and Indic vowel marker characters
 
       
    98   * CVE-2017-7834 (bmo#1358009)
 
       
    99     data: URLs opened in new tabs bypass CSP protections
 
       
   100   * CVE-2017-7835 (bmo#1402363)
 
       
   101     Mixed content blocking incorrectly applies with redirects
 
       
   102   * CVE-2017-7836 (bmo#1401339)
 
       
   103     Pingsender dynamically loads libcurl on Linux and OS X
 
       
   104   * CVE-2017-7837 (bmo#1325923)
 
       
   105     SVG loaded as <img> can use meta tags to set cookies
 
       
   106   * CVE-2017-7838 (bmo#1399540)
 
       
   107     Failure of individual decoding of labels in international domain
 
       
   108     names triggers punycode display of entire IDN
 
       
   109   * CVE-2017-7839 (bmo#1402896)
 
       
   110     Control characters before javascript: URLs defeats self-XSS
 
       
   111     prevention mechanism
 
       
   112   * CVE-2017-7840 (bmo#1366420)
 
       
   113     Exported bookmarks do not strip script elements from user-supplied
 
       
   114     tags
 
       
   115   * CVE-2017-7842 (bmo#1397064)
 
       
   116     Referrer Policy is not always respected for <link> elements
 
       
   117   * CVE-2017-7827
 
       
   118     Memory safety bugs fixed in Firefox 57
 
       
   119   * CVE-2017-7826
 
       
   120     Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
 
    13 - requires NSPR 4.17, NSS 3.33 and rustc 1.19
 
   121 - requires NSPR 4.17, NSS 3.33 and rustc 1.19
 
    14 - rebased patches
 
   122 - rebased patches
 
    15 - added mozilla-bindgen-systemlibs.patch to allow stylo build
 
   123 - added mozilla-bindgen-systemlibs.patch to allow stylo build
 
    16   with system libs (bmo#1341234)
 
   124   with system libs (bmo#1341234)
 
    17 - removed mozilla-language.patch since the whole locale code
 
   125 - removed mozilla-language.patch since the whole locale code
mozilla