--- a/MozillaFirefox/MozillaFirefox.changes Mon Jul 08 12:56:52 2019 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Wed Jul 10 08:14:34 2019 +0200
@@ -1,4 +1,79 @@
-------------------------------------------------------------------
+Mon Jul 8 13:30:35 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 68.0
+ * Dark mode in reader view
+ * Improved extension security and discovery
+ * Cryptomining and fingerprinting protections are added to strict
+ content blocking settings in Privacy & Security preferences
+ * Camera and microphone access now require an HTTPS connection
+ MFSA 2019-21 (bsc#1140868)
+ * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
+ Sandbox escape via installation of malicious languagepack
+ * CVE-2019-11711 (bmo#1552541)
+ Script injection within domain through inner window reuse
+ * CVE-2019-11712 (bmo#1543804)
+ Cross-origin POST requests can be made with NPAPI plugins by
+ following 308 redirects
+ * CVE-2019-11713 (bmo#1528481)
+ Use-after-free with HTTP/2 cached stream
+ * CVE-2019-11714 (bmo#1542593)
+ NeckoChild can trigger crash when accessed off of main thread
+ * CVE-2019-11729 (bmo#1515342)
+ Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ * CVE-2019-11715 (bmo#1555523)
+ HTML parsing error can contribute to content XSS
+ * CVE-2019-11716 (bmo#1552632)
+ globalThis not enumerable until accessed
+ * CVE-2019-11717 (bmo#1548306)
+ Caret character improperly escaped in origins
+ * CVE-2019-11718 (bmo#1408349)
+ Activity Stream writes unsanitized content to innerHTML
+ * CVE-2019-11719 (bmo#1540541)
+ Out-of-bounds read when importing curve25519 private key
+ * CVE-2019-11720 (bmo#1556230)
+ Character encoding XSS vulnerability
+ * CVE-2019-11721 (bmo#1256009)
+ Domain spoofing through unicode latin 'kra' character
+ * CVE-2019-11730 (bmo#1558299)
+ Same-origin policy treats all files in a directory as having the
+ same-origin
+ * CVE-2019-11723 (bmo#1528335)
+ Cookie leakage during add-on fetching across private browsing boundaries
+ * CVE-2019-11724 (bmo#1512511)
+ Retired site input.mozilla.org has remote troubleshooting permissions
+ * CVE-2019-11725 (bmo#1483510)
+ Websocket resources bypass safebrowsing protections
+ * CVE-2019-11727 (bmo#1552208)
+ PKCS#1 v1.5 signatures can be used for TLS 1.3
+ * CVE-2019-11728 (bmo#1552993)
+ Port scanning through Alt-Svc header
+ * CVE-2019-11710 (bmo#1549768, bmo#1548611, bmo#1533842, bmo#1537692,
+ bmo#1540590, bmo#1551907, bmo#1510345, bmo#1535482, bmo#1535848,
+ bmo#1547472, bmo#1547760, bmo#1507696, bmo#1544180)
+ Memory safety bugs fixed in Firefox 68
+ * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
+ bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
+ Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
+- requires
+ * NSS 3.44.1
+ * rust/cargo 1.34
+ * rust-cbindgen 0.8.7
+- rebased patches
+ * mozilla-aarch64-startup-crash.patch
+ * mozilla-kde.patch
+ * mozilla-nongnome-proxies.patch
+ * firefox-kde.patch
+- use new create-tar.sh and add tar_stamps for package definitions
+- added patches imported from SLE flavour
+ * mozilla-gcc-internal-compiler-error.patch
+ * mozilla-bmo1005535.patch
+ * mozilla-ppc-altivec_static_inline.patch
+ * mozilla-reduce-rust-debuginfo.patch
+ * mozilla-s390-bigendian.patch
+ * mozilla-s390-context.patch
+
+-------------------------------------------------------------------
Mon Jul 2 14:15:17 UTC 2019 - Martin Liška <mliska@suse.cz>
- Enable PGO for x86_64.