--- a/MozillaFirefox/MozillaFirefox.changes Sun Mar 17 10:00:10 2019 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Tue Nov 19 22:54:22 2019 +0100
@@ -1,4 +1,597 @@
-------------------------------------------------------------------
+Sun Oct 20 20:19:31 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 70.0
+ * more privacy protections from Enhanced Tracking Protection
+ * Firefox Lockwise passwordmanager
+ * Improvements to core engine components, for better browsing on more sites
+ * Improved privacy and security indicators
+ MFSA 2019-34
+ * CVE-2018-6156 (bmo#1480088)
+ Heap buffer overflow in FEC processing in WebRTC
+ * CVE-2019-15903 (bmo#1584907)
+ Heap overflow in expat library in XML_GetCurrentLineNumber
+ * CVE-2019-11757 (bmo#1577107)
+ Use-after-free when creating index updates in IndexedDB
+ * CVE-2019-11759 (bmo#1577953)
+ Stack buffer overflow in HKDF output
+ * CVE-2019-11760 (bmo#1577719)
+ Stack buffer overflow in WebRTC networking
+ * CVE-2019-11761 (bmo#1561502)
+ Unintended access to a privileged JSONView object
+ * CVE-2019-11762 (bmo#1582857)
+ document.domain-based origin isolation has same-origin-property violation
+ * CVE-2019-11763 (bmo#1584216)
+ Incorrect HTML parsing results in XSS bypass technique
+ * CVE-2019-11765 (bmo#1562582)
+ Incorrect permissions could be granted to a website
+ * CVE-2019-17000 (bmo#1441468)
+ CSP bypass using object tag with data: URI
+ * CVE-2019-17001 (bmo#1587976)
+ CSP bypass using object tag when script-src 'none' is specified
+ * CVE-2019-17002 (bmo#1561056)
+ upgrade-insecure-requests was not being honored for links dragged and dropped
+ * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
+ bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845, bmo#1581950,
+ bmo#1583463, bmo#1586599)
+ Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
+- requires
+ rust/cargo >= 1.36
+ NSPR >= 4.22
+ NSS >= 3.46.1
+ rust-cbindgen >= 0.9.1
+- removed obsolete patches
+ mozilla-bmo1573381.patch
+ mozilla-nestegg-big-endian.patch
+
+-------------------------------------------------------------------
+Sun Oct 13 08:58:12 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 69.0.3
+ * Fixed Yahoo mail users being prompted to download files when
+ clicking on emails (bmo#1582848)
+- devel package build can easily be disabled now
+
+-------------------------------------------------------------------
+Thu Oct 3 08:40:05 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 69.0.2
+ * Fixed a crash when editing files on Office 365 websites (bmo#1579858)
+ * Fixed a Linux-only crash when changing the playback speed while
+ watching YouTube videos (bmo#1582222)
+- updated supported locale list
+- Allow to build without profile guided optimizations (boo#1040589)
+ (contributed by Bernhard Wiedemann)
+- Make build verbose (contributed by Martin Liška)
+- remove obsolete kde.js setting (boo#1151186) and related patch
+ firefox-add-kde.js-in-order-to-survive-PGO-build.patch
+- update create-tar.sh to latest revision and adjusted tar_stamps
+- add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
+- extension preferences moved from branding package to core package
+ (packaging but not branding specific)
+
+-------------------------------------------------------------------
+Thu Sep 19 13:31:16 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 69.0.1
+ * Fixed external programs launching in the background when clicking
+ a link from inside Firefox to launch them (bmo#1570845)
+ * Usability improvements to the Add-ons Manager for users with
+ screen readers (bmo#1567600)
+ * Fixed the Captive Portal notification bar not being dismissable
+ in some situations after login is complete (bmo#1578633)
+ * Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454)
+ * Fixed missing stacks in the Developer Tools Performance section
+ (bmo#1578354)
+ MFSA 2019-31
+ * CVE-2019-11754 (bmo#1580506)
+ Pointer Lock is enabled with no user notification
+- disable DOH by default
+
+-------------------------------------------------------------------
+Thu Sep 5 13:02:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 69.0
+ * Enhanced Tracking Protection (ETP) for stronger privacy protections
+ * Block Autoplay feature is enhanced to give users the option to block
+ any video
+ * Users in the US or using the en-US browser, can get a new “New Tab”
+ page experience connecting to the best of Pocket's content.
+ * Support for the Web Authentication HmacSecret extension via
+ Windows Hello introduced.
+ * Support for receiving multiple video codecs with this release makes
+ it easier for WebRTC conferencing services to mix video from
+ different clients.
+ MFSA 2019-25 (boo#1149324)
+ * CVE-2019-11741 (bmo#1539595)
+ Isolate addons.mozilla.org and accounts.firefox.com
+ * CVE-2019-5849 (bmo#1555838)
+ Out-of-bounds read in Skia
+ * CVE-2019-11737 (bmo#1388015)
+ Content security policy directives ignore port and path if host is a wildcard
+ * CVE-2019-11734 (bmo#1352875,bmo#1536227,bmo#1557208,bmo#1560641)
+ Memory safety bugs fixed in Firefox 69
+ * CVE-2019-11735 (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
+ bmo#1565744,bmo#1568858,bmo#1570358)
+ Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ * CVE-2019-11740 (bmo#1563133,bmo#1573160)
+ Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
+- requires
+ * rust/cargo >= 1.35
+ * rust-cbindgen >= 0.9.0
+ * mozilla-nss >= 3.45
+- rebased patches
+
+-------------------------------------------------------------------
+Wed Sep 4 15:38:40 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- added a bunch of patches mainly for big endian platforms
+ * mozilla-bmo1504834-part1.patch
+ * mozilla-bmo1504834-part2.patch
+ * mozilla-bmo1504834-part3.patch
+ * mozilla-bmo1511604.patch
+ * mozilla-bmo1554971.patch
+ * mozilla-bmo1573381.patch
+ * mozilla-nestegg-big-endian.patch
+ * mozilla-bmo1512162.patch
+
+-------------------------------------------------------------------
+Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 68.1.0
+ MFSA 2019-26
+ * CVE-2019-11751 (bmo#1572838; Windows only)
+ Malicious code execution through command line parameters
+ * CVE-2019-11746 (bmo#1564449)
+ Use-after-free while manipulating video
+ * CVE-2019-11744 (bmo#1562033)
+ XSS by breaking out of title and textarea elements using innerHTML
+ * CVE-2019-11742 (bmo#1559715)
+ Same-origin policy violation with SVG filters and canvas to steal
+ cross-origin images
+ * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
+ File manipulation and privilege escalation in Mozilla Maintenance Service
+ * CVE-2019-11753 (bmo#1574980; Windows only)
+ Privilege escalation with Mozilla Maintenance Service in custom
+ Firefox installation location
+ * CVE-2019-11752 (bmo#1501152)
+ Use-after-free while extracting a key value in IndexedDB
+ * CVE-2019-9812 (bmo#1538008, bmo#1538015)
+ Sandbox escape through Firefox Sync
+ * CVE-2019-11743 (bmo#1560495)
+ Cross-origin access to unload event attributes
+ * CVE-2019-11748 (bmo#1564588)
+ Persistence of WebRTC permissions in a third party context
+ * CVE-2019-11749 (bmo#1565374)
+ Camera information available without prompting using getUserMedia
+ * CVE-2019-11750 (bmo#1568397)
+ Type confusion in Spidermonkey
+ * CVE-2019-11738 (bmo#1452037)
+ Content security policy bypass through hash-based sources in directives
+ * CVE-2019-11747 (bmo#1564481)
+ 'Forget about this site' removes sites from pre-loaded HSTS list
+ * CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
+ bmo#1565744,bmo#1568858,bmo#1570358)
+ Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ * CVE-2019-11740 (bmo#1563133,bmo#1573160)
+ Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
+- switched package to ESR branch
+- added mozilla-bmo1568145.patch to make builds reproducible
+- removed upstreamed patch mozilla-gcc-internal-compiler-error.patch
+
+-------------------------------------------------------------------
+Sun Aug 18 17:29:25 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 68.0.2:
+ * Fixed a bug causing some special characters to be cut off from
+ the end of the search terms when searching from the URL bar
+ (bmo#1560228)
+ * Allow fonts to be loaded via file:// URLs when opening a page
+ locally (bmo#1565942)
+ * Printing emails from the Outlook web app no longer prints only
+ the header and footer (bmo#1567105)
+ * Fixed a bug causing some images not to be displayed on reload,
+ including on Google Maps (bmo# 1565542)
+ * Fixed an error when starting external applications configured
+ as URI handlers (bmo#1567614)
+ MFSA 2019-24 (boo#1145665)
+ * CVE-2019-11733: Stored passwords in 'Saved Logins' can be
+ copied without master password entry (bmo#1565780)
+- drop fix-build-after-y2038-changes-in-glibc.patch, upstream
+
+-------------------------------------------------------------------
+Fri Aug 16 16:49:24 UTC 2019 - Jonathan Brielmaier <jbrielmaier@suse.de>
+
+- Fix crash when typing in the URL bar on ppc64le (bmo#1512162).
+ The upstream patch doesn't resolve the issue on TW, but compiling
+ with -O1 does. Do this until we have a proper fix.
+
+-------------------------------------------------------------------
+Thu Aug 1 14:25:02 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Update build constraints to fix arm builds
+
+-------------------------------------------------------------------
+Fri Jul 19 08:11:27 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 68.0.1
+ * Fixed missing Full Screen button when watching videos in full
+ screen mode on HBO GO (bmo#1562837)
+ * Fixed a bug causing incorrect messages to appear for some
+ locales when sites try to request the use of the Storage
+ Access API (bmo#1558503)
+ * Users in Russian regions may have their default search engine
+ changed (bmo#1565315)
+ * Built-in search engines in some locales do not function
+ correctly (bmo#1565779)
+ * SupportMenu policy doesn't always work (bmo#1553290)
+ * Allow the privacy.file_unique_origin pref to be controlled by
+ policy (bmo#1563759)
+
+-------------------------------------------------------------------
+Thu Jul 11 10:51:39 UTC 2019 - Jiri Slaby <jslaby@suse.com>
+
+- add fix-build-after-y2038-changes-in-glibc.patch
+
+-------------------------------------------------------------------
+Wed Jul 10 13:47:41 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
+
+- Generate langpacks sequentially to avoid file corruption
+ from racy file writes (boo#1137970)
+
+-------------------------------------------------------------------
+Mon Jul 8 13:30:35 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 68.0
+ * Dark mode in reader view
+ * Improved extension security and discovery
+ * Cryptomining and fingerprinting protections are added to strict
+ content blocking settings in Privacy & Security preferences
+ * Camera and microphone access now require an HTTPS connection
+ MFSA 2019-21 (bsc#1140868)
+ * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
+ Sandbox escape via installation of malicious languagepack
+ * CVE-2019-11711 (bmo#1552541)
+ Script injection within domain through inner window reuse
+ * CVE-2019-11712 (bmo#1543804)
+ Cross-origin POST requests can be made with NPAPI plugins by
+ following 308 redirects
+ * CVE-2019-11713 (bmo#1528481)
+ Use-after-free with HTTP/2 cached stream
+ * CVE-2019-11714 (bmo#1542593)
+ NeckoChild can trigger crash when accessed off of main thread
+ * CVE-2019-11729 (bmo#1515342)
+ Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ * CVE-2019-11715 (bmo#1555523)
+ HTML parsing error can contribute to content XSS
+ * CVE-2019-11716 (bmo#1552632)
+ globalThis not enumerable until accessed
+ * CVE-2019-11717 (bmo#1548306)
+ Caret character improperly escaped in origins
+ * CVE-2019-11718 (bmo#1408349)
+ Activity Stream writes unsanitized content to innerHTML
+ * CVE-2019-11719 (bmo#1540541)
+ Out-of-bounds read when importing curve25519 private key
+ * CVE-2019-11720 (bmo#1556230)
+ Character encoding XSS vulnerability
+ * CVE-2019-11721 (bmo#1256009)
+ Domain spoofing through unicode latin 'kra' character
+ * CVE-2019-11730 (bmo#1558299)
+ Same-origin policy treats all files in a directory as having the
+ same-origin
+ * CVE-2019-11723 (bmo#1528335)
+ Cookie leakage during add-on fetching across private browsing boundaries
+ * CVE-2019-11724 (bmo#1512511)
+ Retired site input.mozilla.org has remote troubleshooting permissions
+ * CVE-2019-11725 (bmo#1483510)
+ Websocket resources bypass safebrowsing protections
+ * CVE-2019-11727 (bmo#1552208)
+ PKCS#1 v1.5 signatures can be used for TLS 1.3
+ * CVE-2019-11728 (bmo#1552993)
+ Port scanning through Alt-Svc header
+ * CVE-2019-11710 (bmo#1549768, bmo#1548611, bmo#1533842, bmo#1537692,
+ bmo#1540590, bmo#1551907, bmo#1510345, bmo#1535482, bmo#1535848,
+ bmo#1547472, bmo#1547760, bmo#1507696, bmo#1544180)
+ Memory safety bugs fixed in Firefox 68
+ * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
+ bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
+ Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
+- requires
+ * NSS 3.44.1
+ * rust/cargo 1.34
+ * rust-cbindgen 0.8.7
+- rebased patches
+ * mozilla-aarch64-startup-crash.patch
+ * mozilla-kde.patch
+ * mozilla-nongnome-proxies.patch
+ * firefox-kde.patch
+- use new create-tar.sh and add tar_stamps for package definitions
+- added patches imported from SLE flavour
+ * mozilla-gcc-internal-compiler-error.patch
+ * mozilla-bmo1005535.patch
+ * mozilla-ppc-altivec_static_inline.patch
+ * mozilla-reduce-rust-debuginfo.patch
+ * mozilla-s390-bigendian.patch
+ * mozilla-s390-context.patch
+
+-------------------------------------------------------------------
+Mon Jul 2 14:15:17 UTC 2019 - Martin Liška <mliska@suse.cz>
+
+- Enable PGO for x86_64.
+ * added firefox-add-kde.js-in-order-to-survive-PGO-build.patch
+
+-------------------------------------------------------------------
+Thu Jun 20 06:20:59 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 67.0.4
+ MFSA 2019-19 (boo#1138872)
+ * CVE-2019-11708 (bmo#1559858)
+ sandbox escape using Prompt:Open
+
+-------------------------------------------------------------------
+Tue Jun 18 18:36:15 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 67.0.3
+ MFSA 2019-18 (boo#1138614)
+ * CVE-2019-11707 (bmo#1544386)
+ Type confusion in Array.pop
+
+-------------------------------------------------------------------
+Thu Jun 12 14:56:32 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 67.0.2
+ * Fixed: Fix JavaScript error ("TypeError: data is null in
+ PrivacyFilter.jsm") in console which may significantly degrade
+ sessionstore reliability and performance (bmo#1553413)
+ * Fixed: Proxy authentication dialog box repeatedly pops up
+ asking to authenticate after upgrading to Firefox 67 (bmo#1548804)
+ * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's
+ implementation (bmo#1551282)
+ * Fixed: Starting in safe mode on Linux or macOS causes Firefox
+ to think on the subsequent launch that the profile is too
+ recent to be used with this version of Firefox (bmo#1556612)
+ * Fixed: Linux distribution users can't easily install/use
+ additional/different languages using the built-in preferences
+ UI (bmo#1554744)
+ * Fixed: Developer tools users can't copy the href/src content
+ from various HTML tags via the context menu in the Inspector
+ markup view (bmo#1552275)
+ * Fixed: Custom home page is broken with clearing data on shutdown
+ settings applied (bmo#1554167)
+ * Fixed: Performance-regression for eclipse RAP based applications
+ (bmo#1555962)
+ * Fixed: macOS 10.15 crash fix (bmo#1556076)
+ * Fixed: Can't start two downloads in parallel via <a download>
+ anymore (bmo#1542912)
+
+-------------------------------------------------------------------
+Thu Jun 6 06:49:51 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 67.0.1
+ * enable enhanced tracking protection by default for new users
+ * upgrade of Facebook container to version 2.0
+ * new version of Firefox Lockwise (password management)
+ * new version of Firefox Monitor
+ * Firefox Send improvements
+
+-------------------------------------------------------------------
+Sun May 19 20:40:30 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 67.0
+ * Firefox 67 will be able to run different Firefox installs side by side
+ https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
+ * Tabs can now be pinned from the Page Actions menu in the address bar
+ * Users can block known cryptominers and fingerprinters in the
+ Custom settings or their Content Blocking preferences
+ * The Import Data from Another Browser feature is now also available
+ from the File menu
+ * Firefox will now protect you against running older versions which
+ can lead to data corruption and stability issues
+ * Easier access to your list of saved logins from the main menu and
+ login autocomplete
+ * We’ve added a toolbar menu for your Firefox Account to provide more
+ transparency for when you are synced, sharing data across devices
+ and with Firefox. Personalize the appearance of the menu with your
+ own avatar
+ * Enable FIDO U2F API, and permit registrations for Google Accounts
+ * Enabled AV1 support on Linux
+ MFSA 2019-13 (boo#1135824)
+ * CVE-2019-9815 (bmo#1546544)
+ Disable hyperthreading on content JavaScript threads on macOS
+ * CVE-2019-9816 (bmo#1536768)
+ Type confusion with object groups and UnboxedObjects
+ * CVE-2019-9817 (bmo#1540221)
+ Stealing of cross-domain images using canvas
+ * CVE-2019-9818 (bmo#1542581) (Windows only)
+ Use-after-free in crash generation server
+ * CVE-2019-9819 (bmo#1532553)
+ Compartment mismatch with fetch API
+ * CVE-2019-9820 (bmo#1536405)
+ Use-after-free of ChromeEventHandler by DocShell
+ * CVE-2019-9821 (bmo#1539125)
+ Use-after-free in AssertWorkerThread
+ * CVE-2019-11691 (bmo#1542465)
+ Use-after-free in XMLHttpRequest
+ * CVE-2019-11692 (bmo#1544670)
+ Use-after-free removing listeners in the event listener manager
+ * CVE-2019-11693 (bmo#1532525)
+ Buffer overflow in WebGL bufferdata on Linux
+ * CVE-2019-7317 (bmo#1542829)
+ Use-after-free in png_image_free of libpng library
+ * CVE-2019-11694 (bmo#1534196) (Windows only)
+ Uninitialized memory memory leakage in Windows sandbox
+ * CVE-2019-11695 (bmo#1445844)
+ Custom cursor can render over user interface outside of web content
+ * CVE-2019-11696 (bmo#1392955)
+ Java web start .JNLP files are not recognized as executable files
+ for download prompts
+ * CVE-2019-11697 (bmo#1440079)
+ Pressing key combinations can bypass installation prompt delays and
+ install extensions
+ * CVE-2019-11698 (bmo#1543191)
+ Theft of user history data through drag and drop of hyperlinks
+ to and from bookmarks
+ * CVE-2019-11700 (bmo#1549833) (Windows only)
+ res: protocol can be used to open known local files
+ * CVE-2019-11699 (bmo#1528939)
+ Incorrect domain name highlighting during page navigation
+ * CVE-2019-11701 (bmo#1518627)
+ webcal: protocol default handler loads vulnerable web page
+ * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
+ bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425)
+ Memory safety bugs fixed in Firefox 67
+ * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
+ bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
+ bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
+ bmo#1532465, bmo#1533554, bmo#1541580)
+ Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
+- requires
+ * rust/cargo >= 1.32
+ * mozilla-nspr >= 4.21
+ * mozilla-nss >= 3.43
+ * rust-cbindgen >= 0.8.2
+- rebased patches
+- KDE integration for default browser detection is broken in this revision
+
+-------------------------------------------------------------------
+Fri May 17 12:04:49 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Fix armv7 build with:
+ * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
+
+-------------------------------------------------------------------
+Fri May 10 10:30:05 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 66.0.5
+ * Fixed: Further improvements to re-enable web extensions which
+ had been disabled for users with a master password set (bmo#1549249)
+
+-------------------------------------------------------------------
+Sun May 5 20:21:02 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 66.0.4 (boo#1134126)
+ * fix extension certificate chain
+ https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
+
+-------------------------------------------------------------------
+Thu Apr 11 09:16:17 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 66.0.3
+ * Fixed: Address bar on tablets running Windows 10 now behaves
+ correctly (bmo#1498973)
+ * Fixed: Performance issues with some HTML5 games (bmo#1537609)
+ * Fixed a bug with keypress events in IBM cloud applications
+ (bmo#1538970)
+ * Fix for keypress events in some Microsoft cloud applications
+ (bmo#1539618)
+ * Changed: Updated Baidu search plugin
+
+-------------------------------------------------------------------
+Thu Mar 28 19:01:41 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 66.0.2
+ * Fixed Web compatibility issues with Office 365, iCloud and
+ IBM WebMail caused by recent changes to the handling of
+ keyboard events (bmo#1538966)
+ * Crash fixes (bmo#1521370, bmo#1539118)
+
+-------------------------------------------------------------------
+Thu Mar 28 09:58:36 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Add patch to fix aarch64 build:
+ * mozilla-fix-aarch64-libopus.patch (bmo#1539737)
+
+-------------------------------------------------------------------
+Fri Mar 22 22:22:08 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 66.0.1
+ MFSA 2019-09 (bsc#1130262)
+ * CVE-2019-9810 (bmo#1537924)
+ IonMonkey MArraySlice has incorrect alias information
+ * CVE-2019-9813 (bmo#1538006)
+ Ionmonkey type confusion with __proto__ mutations
+
+-------------------------------------------------------------------
+Sun Mar 17 10:08:51 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 66.0
+ * Increased content processes to 8
+ * Added capability to search through open tabs from the tab overflow menu
+ * New backend for the storage.local WebExtensions API, providing
+ I/O performance improvements when the extension updates a small
+ subset of the stored data
+ * WebExtension keyboard shortcuts can now be managed or overridden
+ from about:addons
+ * Improved scrolling behavior: Firefox will now attempt to keep content
+ from jumping around while a page is loading by supporting scroll
+ anchoring
+ * New about:privatebrowsing with search
+ * A certificate error page now notifies the user of the name of the
+ certificate issuer that breaks HTTPs connections on intercepted
+ connections to help troubleshooting possible anti-virus software
+ issues.
+ * Fixed an performance issue some Linux users experienced with the
+ Downloads panel (bmo#1517101)
+ * Firefox now blocks all autoplay media with sound by default. Users
+ can add individual sites to an exceptions list or turn the blocking
+ off.
+ * System title bar is hidden by default to match Gnome guideline
+ MFSA 2019-07 (bsc#1129821)
+ * CVE-2019-9790 (bmo#1525145)
+ Use-after-free when removing in-use DOM elements
+ * CVE-2019-9791 (bmo#1530958)
+ Type inference is incorrect for constructors entered through on-stack
+ replacement with IonMonkey
+ * CVE-2019-9792 (bmo#1532599)
+ IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
+ * CVE-2019-9793 (bmo#1528829)
+ Improper bounds checks when Spectre mitigations are disabled
+ * CVE-2019-9794 (bmo#1530103) (Windows only)
+ Command line arguments not discarded during execution
+ * CVE-2019-9795 (bmo#1514682)
+ Type-confusion in IonMonkey JIT compiler
+ * CVE-2019-9796 (bmo#1531277)
+ Use-after-free with SMIL animation controller
+ * CVE-2019-9797 (bmo#1528909)
+ Cross-origin theft of images with createImageBitmap
+ * CVE-2019-9798 (bmo#1527534) (Android only)
+ Library is loaded from world writable APITRACE_LIB location
+ * CVE-2019-9799 (bmo#1505678)
+ Information disclosure via IPC channel messages
+ * CVE-2019-9801 (bmo#1527717) (Windows only)
+ Windows programs that are not 'URL Handlers' are exposed to web content
+ * CVE-2019-9802 (bmo#1415508)
+ Chrome process information leak
+ * CVE-2019-9803 (bmo#1515863, bmo#1437009)
+ Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
+ * CVE-2019-9804 (bmo#1518026) (MacOS only)
+ Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS
+ * CVE-2019-9805 (bmo#1521360)
+ Potential use of uninitialized memory in Prio
+ * CVE-2019-9806 (bmo#1525267)
+ Denial of service through successive FTP authorization prompts
+ * CVE-2019-9807 (bmo#1362050)
+ Text sent through FTP connection can be incorporated into alert messages
+ * CVE-2019-9809 (bmo#1282430, bmo#1523249)
+ Denial of service through FTP modal alert error messages
+ * CVE-2019-9808 (bmo#1434634)
+ WebRTC permissions can display incorrect origin with data: and blob: URLs
+ * CVE-2019-9789 bmo#1520483, bmo#1522987, bmo#1528199, bmo#1519337,
+ bmo#1525549, bmo#1516179, bmo#1518524, bmo#1518331, bmo#1526579,
+ bmo#1512567, bmo#1524335, bmo#1448505, bmo#1518821
+ Memory safety bugs fixed in Firefox 66
+ * CVE-2019-9788 bmo#1518001, bmo#1521304, bmo#1521214, bmo#1506665,
+ bmo#1516834, bmo#1518774, bmo#1524755, bmo#1523362, bmo#1524214, bmo#1529203
+ Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
+- updated build/runtime requirements
+ * mozilla-nss >= 3.42.1
+ * cargo/rust >= 1.31
+ * rust-cbindgen >= 0.6.8
+ * nasm >= 2.13 (new)
+- removed obsolete patch
+ * mozilla-bmo256180.patch
+
+-------------------------------------------------------------------
Tue Mar 5 10:17:01 UTC 2019 - Stephan Kulow <coolo@suse.com>
- Do not hardcode nodejs8 but leave the prefer to the distribution