1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Thu Nov 9 15:01:30 UTC 2017 - wr@rosenauer.org |
2 Tue Jan 9 18:48:02 UTC 2018 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 57.0b14 |
4 - fixed build with latest rust (mozilla-rust-1.23.patch) |
|
5 |
|
6 ------------------------------------------------------------------- |
|
7 Thu Jan 4 12:23:41 UTC 2018 - wr@rosenauer.org |
|
8 |
|
9 - update to Firefox 57.0.4 |
|
10 MFSA 2018-1: Speculative execution side-channel attack ("Spectre") |
|
11 (boo#1074723) |
|
12 |
|
13 ------------------------------------------------------------------- |
|
14 Wed Jan 3 08:29:38 UTC 2018 - wr@rosenauer.org |
|
15 |
|
16 - fixed regression introduced Oct 10th which made Firefox crash |
|
17 when cancelling the KDE file dialog (boo#1069962) |
|
18 |
|
19 ------------------------------------------------------------------- |
|
20 Fri Dec 29 19:52:34 UTC 2017 - astieger@suse.com |
|
21 |
|
22 - Mozilla Firefox 57.0.3: |
|
23 * Fix a crash reporting issue that inadvertently sends background |
|
24 tab crash reports to Mozilla without user opt-in (bmo#1427111, |
|
25 bsc#1074235) |
|
26 - Includes changes from 57.0.2: |
|
27 * fixes for platforms other than GNU/Linux |
|
28 |
|
29 ------------------------------------------------------------------- |
|
30 Fri Dec 8 15:52:17 UTC 2017 - dimstar@opensuse.org |
|
31 |
|
32 - Explicitly buildrequires python2-xml: The build system relies on |
|
33 it. We wrongly relied on other packages pulling it in for us. |
|
34 |
|
35 ------------------------------------------------------------------- |
|
36 Thu Dec 7 11:12:31 UTC 2017 - dimstar@opensuse.org |
|
37 |
|
38 - Escape the usage of %{VERSION} when calling out to rpm. |
|
39 RPM 4.14 has %{VERSION} defined as 'the main packages version'. |
|
40 |
|
41 ------------------------------------------------------------------- |
|
42 Wed Nov 29 23:45:03 UTC 2017 - wr@rosenauer.org |
|
43 |
|
44 - update to Firefox 57.0.1 |
|
45 * CVE-2017-7843: Web worker in Private Browsing mode can write |
|
46 IndexedDB data (bsc#1072034, bmo#1410106) |
|
47 * CVE-2017-7844: Visited history information leak through SVG |
|
48 image (bsc#1072036, bmo#1420001) |
|
49 * Fix a video color distortion issue on YouTube and other video |
|
50 sites with some AMD devices (bmo#1417442) |
|
51 * Fix an issue with prefs.js when the profile path has non-ascii |
|
52 characters (bmo#1420427) |
|
53 |
|
54 ------------------------------------------------------------------- |
|
55 Tue Nov 21 09:00:48 UTC 2017 - christophe@krop.fr |
|
56 |
|
57 - Add mozilla-bmo1360278.patch |
|
58 Starting with Firefox 57, the context menu appears on key press. |
|
59 This patch creates a config entry to restore the |
|
60 old behaviour. Without the patch, the mouse gesture extensions |
|
61 require 2 clicks to work (bmo#1360278). |
|
62 The new config entry is named ui.context_menus.after_mouseup |
|
63 (default : false). |
|
64 |
|
65 ------------------------------------------------------------------- |
|
66 Sat Nov 18 08:35:21 UTC 2017 - wr@rosenauer.org |
|
67 |
|
68 - Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled |
|
69 widget.allow-client-side-decoration=true |
|
70 (mozilla-bmo1399611-csd.patch) |
|
71 |
|
72 ------------------------------------------------------------------- |
|
73 Wed Nov 15 06:46:06 UTC 2017 - wr@rosenauer.org |
|
74 |
|
75 - update to Firefox 57.0 (boo#1068101) |
5 * Firefox Quantum |
76 * Firefox Quantum |
6 * Photon UI |
77 * Photon UI |
|
78 * Unified address and search bar |
7 * AMD VP9 hardware video decoder support |
79 * AMD VP9 hardware video decoder support |
8 * Added support for Date/Time input |
80 * Added support for Date/Time input |
9 * stricter security sandbox blocking filesystem reading and |
81 * stricter security sandbox blocking filesystem reading and |
10 writing on Linux systems |
82 writing on Linux systems |
11 * middle mouse paste in the content area no longer navigates to |
83 * middle mouse paste in the content area no longer navigates to |
12 URLs by default on Unix systems |
84 URLs by default on Unix systems |
|
85 MFSA 2017-24 |
|
86 * CVE-2017-7828 (bmo#1406750. bmo#1412252) |
|
87 Use-after-free of PressShell while restyling layout |
|
88 * CVE-2017-7830 (bmo#1408990) |
|
89 Cross-origin URL information leak through Resource Timing API |
|
90 * CVE-2017-7831 (bmo#1392026) |
|
91 Information disclosure of exposed properties on JavaScript proxy |
|
92 objects |
|
93 * CVE-2017-7832 (bmo#1408782) |
|
94 Domain spoofing through use of dotless 'i' character followed |
|
95 by accent markers |
|
96 * CVE-2017-7833 (bmo#1370497) |
|
97 Domain spoofing with Arabic and Indic vowel marker characters |
|
98 * CVE-2017-7834 (bmo#1358009) |
|
99 data: URLs opened in new tabs bypass CSP protections |
|
100 * CVE-2017-7835 (bmo#1402363) |
|
101 Mixed content blocking incorrectly applies with redirects |
|
102 * CVE-2017-7836 (bmo#1401339) |
|
103 Pingsender dynamically loads libcurl on Linux and OS X |
|
104 * CVE-2017-7837 (bmo#1325923) |
|
105 SVG loaded as <img> can use meta tags to set cookies |
|
106 * CVE-2017-7838 (bmo#1399540) |
|
107 Failure of individual decoding of labels in international domain |
|
108 names triggers punycode display of entire IDN |
|
109 * CVE-2017-7839 (bmo#1402896) |
|
110 Control characters before javascript: URLs defeats self-XSS |
|
111 prevention mechanism |
|
112 * CVE-2017-7840 (bmo#1366420) |
|
113 Exported bookmarks do not strip script elements from user-supplied |
|
114 tags |
|
115 * CVE-2017-7842 (bmo#1397064) |
|
116 Referrer Policy is not always respected for <link> elements |
|
117 * CVE-2017-7827 |
|
118 Memory safety bugs fixed in Firefox 57 |
|
119 * CVE-2017-7826 |
|
120 Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 |
13 - requires NSPR 4.17, NSS 3.33 and rustc 1.19 |
121 - requires NSPR 4.17, NSS 3.33 and rustc 1.19 |
14 - rebased patches |
122 - rebased patches |
15 - added mozilla-bindgen-systemlibs.patch to allow stylo build |
123 - added mozilla-bindgen-systemlibs.patch to allow stylo build |
16 with system libs (bmo#1341234) |
124 with system libs (bmo#1341234) |
17 - removed mozilla-language.patch since the whole locale code |
125 - removed mozilla-language.patch since the whole locale code |