--- a/MozillaFirefox/MozillaFirefox.changes Wed May 02 09:28:53 2018 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Wed May 09 22:06:26 2018 +0200
@@ -1,14 +1,94 @@
-------------------------------------------------------------------
-Tue May 1 20:50:14 UTC 2018 - wr@rosenauer.org
-
-- update to Firefox 60.0b16
+Mon May 7 08:32:28 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 60.0
+ * Added a policy engine that allows customized Firefox deployments
+ in enterprise environments, using Windows Group Policy or a
+ cross-platform JSON file
+ * Applied Quantum CSS to render browser UI
+ * Added support for Web Authentication, allowing the use of USB
+ tokens for authentication to web sites
+ * Locale added: Occitan (oc)
+ MFSA 2018-11 (bsc#1092548)
+ * CVE-2018-5154 (bmo#1443092)
+ Use-after-free with SVG animations and clip paths
+ * CVE-2018-5155 (bmo#1448774)
+ Use-after-free with SVG animations and text paths
+ * CVE-2018-5157 (bmo#1449898)
+ Same-origin bypass of PDF Viewer to view protected PDF files
+ * CVE-2018-5158 (bmo#1452075)
+ Malicious PDF can inject JavaScript into PDF Viewer
+ * CVE-2018-5159 (bmo#1441941)
+ Integer overflow and out-of-bounds write in Skia
+ * CVE-2018-5160 (bmo#1436117)
+ Uninitialized memory use by WebRTC encoder
+ * CVE-2018-5152 (bmo#1415644, bmo#1427289)
+ WebExtensions information leak through webRequest API
+ * CVE-2018-5153 (bmo#1436809)
+ Out-of-bounds read in mixed content websocket messages
+ * CVE-2018-5163 (bmo#1426353)
+ Replacing cached data in JavaScript Start-up Bytecode Cache
+ * CVE-2018-5164 (bmo#1416045)
+ CSP not applied to all multipart content sent with
+ multipart/x-mixed-replace
+ * CVE-2018-5166 (bmo#1437325)
+ WebExtension host permission bypass through filterReponseData
+ * CVE-2018-5167 (bmo#1447969)
+ Improper linkification of chrome: and javascript: content in
+ web console and JavaScript debugger
+ * CVE-2018-5168 (bmo#1449548)
+ Lightweight themes can be installed without user interaction
+ * CVE-2018-5169 (bmo#1319157)
+ Dragging and dropping link text onto home button can set home page
+ to include chrome pages
+ * CVE-2018-5172 (bmo#1436482)
+ Pasted script from clipboard can run in the Live Bookmarks page
+ or PDF viewer
+ * CVE-2018-5173 (bmo#1438025)
+ File name spoofing of Downloads panel with Unicode characters
+ * CVE-2018-5174 (bmo#1447080) (Windows-only)
+ Windows Defender SmartScreen UI runs with less secure behavior
+ for downloaded files in Windows 10 April 2018 Update
+ * CVE-2018-5175 (bmo#1432358)
+ Universal CSP bypass on sites using strict-dynamic in their policies
+ * CVE-2018-5176 (bmo#1442840)
+ JSON Viewer script injection
+ * CVE-2018-5177 (bmo#1451908)
+ Buffer overflow in XSLT during number formatting
+ * CVE-2018-5165 (bmo#1451452)
+ Checkbox for enabling Flash protected mode is inverted in 32-bit
+ Firefox
+ * CVE-2018-5180 (bmo#1444086)
+ heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
+ * CVE-2018-5181 (bmo#1424107)
+ Local file can be displayed in noopener tab through drag and
+ drop of hyperlink
+ * CVE-2018-5182 (bmo#1435908)
+ Local file can be displayed from hyperlink dragged and dropped
+ on addressbar
+ * CVE-2018-5151
+ Memory safety bugs fixed in Firefox 60
+ * CVE-2018-5150
+ Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
- removed obsolete patches
0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
+ mozilla-bmo1005535.patch
- requires NSPR 4.19 and NSS 3.36.1
-
--------------------------------------------------------------------
-Tue May 1 18:45:02 UTC 2018 - astieger@suse.com
-
+- requires rust 1.24 or higher
+- use upstream source archive and detached signature for
+ source verification
+
+-------------------------------------------------------------------
+Thu May 3 14:33:37 UTC 2018 - guillaume.gardet@opensuse.org
+
+- Fix armv7 build by:
+ * adding RUSTFLAGS="-Cdebuginfo=0"
+ * updating _constraints for %arm
+
+-------------------------------------------------------------------
+Wed May 2 20:46:37 UTC 2018 - wr@rosenauer.org
+
+- do not try CSD on kwin (boo#1091592)
- fix build in openSUSE:Leap:42.3:Update, use gcc7
-------------------------------------------------------------------