Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
changeset 1018 0e45f8ad501c
parent 1017 8ccb9c3cbe47
child 1019 b0c883afdffa 
--- a/MozillaFirefox/MozillaFirefox.changes	Sat Nov 11 10:08:36 2017 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Wed Jan 10 22:27:13 2018 +0100
@@ -1,15 +1,123 @@
 -------------------------------------------------------------------
-Thu Nov  9 15:01:30 UTC 2017 - wr@rosenauer.org
-
-- update to Firefox 57.0b14
+Tue Jan  9 18:48:02 UTC 2018 - wr@rosenauer.org
+
+- fixed build with latest rust (mozilla-rust-1.23.patch)
+
+-------------------------------------------------------------------
+Thu Jan  4 12:23:41 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 57.0.4
+  MFSA 2018-1: Speculative execution side-channel attack ("Spectre")
+  (boo#1074723)
+
+-------------------------------------------------------------------
+Wed Jan  3 08:29:38 UTC 2018 - wr@rosenauer.org
+
+- fixed regression introduced Oct 10th which made Firefox crash
+  when cancelling the KDE file dialog (boo#1069962)
+
+-------------------------------------------------------------------
+Fri Dec 29 19:52:34 UTC 2017 - astieger@suse.com
+
+- Mozilla Firefox 57.0.3:
+  * Fix a crash reporting issue that inadvertently sends background
+    tab crash reports to Mozilla without user opt-in (bmo#1427111,
+    bsc#1074235)
+- Includes changes from 57.0.2:
+  * fixes for platforms other than GNU/Linux
+
+-------------------------------------------------------------------
+Fri Dec  8 15:52:17 UTC 2017 - dimstar@opensuse.org
+
+- Explicitly buildrequires python2-xml: The build system relies on
+  it. We wrongly relied on other packages pulling it in for us.
+
+-------------------------------------------------------------------
+Thu Dec  7 11:12:31 UTC 2017 - dimstar@opensuse.org
+
+- Escape the usage of %{VERSION} when calling out to rpm.
+  RPM 4.14 has %{VERSION} defined as 'the main packages version'.
+
+-------------------------------------------------------------------
+Wed Nov 29 23:45:03 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 57.0.1
+  * CVE-2017-7843: Web worker in Private Browsing mode can write
+    IndexedDB data (bsc#1072034, bmo#1410106)
+  * CVE-2017-7844: Visited history information leak through SVG
+    image (bsc#1072036, bmo#1420001)
+  * Fix a video color distortion issue on YouTube and other video
+    sites with some AMD devices (bmo#1417442)
+  * Fix an issue with prefs.js when the profile path has non-ascii
+    characters (bmo#1420427)
+
+-------------------------------------------------------------------
+Tue Nov 21 09:00:48 UTC 2017 - christophe@krop.fr
+
+- Add mozilla-bmo1360278.patch
+  Starting with Firefox 57, the context menu appears on key press.
+  This patch creates a config entry to restore the
+  old behaviour. Without the patch, the mouse gesture extensions
+  require 2 clicks to work (bmo#1360278).
+  The new config entry is named ui.context_menus.after_mouseup
+  (default : false).
+
+-------------------------------------------------------------------
+Sat Nov 18 08:35:21 UTC 2017 - wr@rosenauer.org
+
+- Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled
+  widget.allow-client-side-decoration=true
+  (mozilla-bmo1399611-csd.patch)
+
+-------------------------------------------------------------------
+Wed Nov 15 06:46:06 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 57.0 (boo#1068101)
   * Firefox Quantum
   * Photon UI
+  * Unified address and search bar
   * AMD VP9 hardware video decoder support
   * Added support for Date/Time input
   * stricter security sandbox blocking filesystem reading and
     writing on Linux systems
   * middle mouse paste in the content area no longer navigates to
     URLs by default on Unix systems
+  MFSA 2017-24
+  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
+    Use-after-free of PressShell while restyling layout
+  * CVE-2017-7830 (bmo#1408990)
+    Cross-origin URL information leak through Resource Timing API
+  * CVE-2017-7831 (bmo#1392026)
+    Information disclosure of exposed properties on JavaScript proxy
+    objects
+  * CVE-2017-7832 (bmo#1408782)
+    Domain spoofing through use of dotless 'i' character followed
+    by accent markers
+  * CVE-2017-7833 (bmo#1370497)
+    Domain spoofing with Arabic and Indic vowel marker characters
+  * CVE-2017-7834 (bmo#1358009)
+    data: URLs opened in new tabs bypass CSP protections
+  * CVE-2017-7835 (bmo#1402363)
+    Mixed content blocking incorrectly applies with redirects
+  * CVE-2017-7836 (bmo#1401339)
+    Pingsender dynamically loads libcurl on Linux and OS X
+  * CVE-2017-7837 (bmo#1325923)
+    SVG loaded as <img> can use meta tags to set cookies
+  * CVE-2017-7838 (bmo#1399540)
+    Failure of individual decoding of labels in international domain
+    names triggers punycode display of entire IDN
+  * CVE-2017-7839 (bmo#1402896)
+    Control characters before javascript: URLs defeats self-XSS
+    prevention mechanism
+  * CVE-2017-7840 (bmo#1366420)
+    Exported bookmarks do not strip script elements from user-supplied
+    tags
+  * CVE-2017-7842 (bmo#1397064)
+    Referrer Policy is not always respected for <link> elements
+  * CVE-2017-7827
+    Memory safety bugs fixed in Firefox 57
+  * CVE-2017-7826
+    Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
 - requires NSPR 4.17, NSS 3.33 and rustc 1.19
 - rebased patches
 - added mozilla-bindgen-systemlibs.patch to allow stylo build
mozilla