--- a/MozillaFirefox/MozillaFirefox.changes Tue Dec 11 08:48:38 2018 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Wed Dec 12 12:15:16 2018 +0100
@@ -1,4 +1,61 @@
-------------------------------------------------------------------
+Tue Dec 11 08:45:56 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- update to Firefox 64.0
+ * Better recommendations: You may see suggestions in regular browsing
+ mode for new and relevant Firefox features, services, and extensions
+ based on how you use the web (for US users only)
+ * Enhanced tab management: You can now select multiple tabs from the
+ tab bar and close, move, bookmark, or pin them quickly and easily
+ * Easier performance management: The new Task Manager page found at
+ about:performance lets you see how much energy each open tab consumes
+ and provides access to close tabs to conserve power
+ * Improved performance for Mac and Linux users, by enabling link time
+ optimization (Clang LTO).
+ * Added option to remove add-ons using the context menu on their
+ toolbar buttons
+ * RSS feed preview and live bookmarks are available only via add-ons
+ * TLS certificates issued by Symantec are no longer trusted by Firefox.
+ Website operators are strongly encouraged to replace any remaining
+ Symantec TLS certificates as soon as possible
+ MFSA 2018-29 (bsc#1119105)
+ * CVE-2018-12407 bmo#1505973
+ Buffer overflow with ANGLE library when using VertexBuffer11 module
+ * CVE-2018-17466 bmo#1488295
+ Buffer overflow and out-of-bounds read in ANGLE library with
+ TextureStorage11
+ * CVE-2018-18492 bmo#1499861
+ Use-after-free with select element
+ * CVE-2018-18493 bmo#1504452
+ Buffer overflow in accelerated 2D canvas with Skia
+ * CVE-2018-18494 bmo#1487964
+ Same-origin policy violation using location attribute and
+ performance.getEntries to steal cross-origin URLs
+ * CVE-2018-18495 bmo#1427585
+ WebExtension content scripts can be loaded in about: pages
+ * CVE-2018-18496 bmo#1422231 (Windows only)
+ Embedded feed preview page can be abused for clickjacking
+ * CVE-2018-18497 bmo#1488180
+ WebExtensions can load arbitrary URLs through pipe separators
+ * CVE-2018-18498 bmo#1500011
+ Integer overflow when calculating buffer sizes for images
+ * CVE-2018-12406 bmo#1456947 bmo#1475669 bmo#1504816 bmo#1502886
+ bmo#1500064 bmo#1500310 bmo#1500696 bmo#1498765 bmo#1499198 bmo#1434490
+ bmo#1481745 bmo#1458129
+ Memory safety bugs fixed in Firefox 64
+ * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759
+ bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471
+ Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
+- requires
+ * rust/cargo >= 1.29
+ * mozilla-nss >= 3.40.1
+ * rust-cbindgen >= 0.6.4
+- rebased patches
+- removed obsolete patch
+ * mozilla-bmo1491289.patch
+- now uses clang primarily for compilation
+
+-------------------------------------------------------------------
Wed Nov 28 11:07:18 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Remove --disable-elf-hack when not available: on aarch64 and ppc64*