diff -r 9fec29d2ead2 -r 821cfbe8efcc MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Tue Dec 11 08:48:38 2018 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Wed Dec 12 12:15:16 2018 +0100 @@ -1,4 +1,61 @@ ------------------------------------------------------------------- +Tue Dec 11 08:45:56 UTC 2018 - Wolfgang Rosenauer + +- update to Firefox 64.0 + * Better recommendations: You may see suggestions in regular browsing + mode for new and relevant Firefox features, services, and extensions + based on how you use the web (for US users only) + * Enhanced tab management: You can now select multiple tabs from the + tab bar and close, move, bookmark, or pin them quickly and easily + * Easier performance management: The new Task Manager page found at + about:performance lets you see how much energy each open tab consumes + and provides access to close tabs to conserve power + * Improved performance for Mac and Linux users, by enabling link time + optimization (Clang LTO). + * Added option to remove add-ons using the context menu on their + toolbar buttons + * RSS feed preview and live bookmarks are available only via add-ons + * TLS certificates issued by Symantec are no longer trusted by Firefox. + Website operators are strongly encouraged to replace any remaining + Symantec TLS certificates as soon as possible + MFSA 2018-29 (bsc#1119105) + * CVE-2018-12407 bmo#1505973 + Buffer overflow with ANGLE library when using VertexBuffer11 module + * CVE-2018-17466 bmo#1488295 + Buffer overflow and out-of-bounds read in ANGLE library with + TextureStorage11 + * CVE-2018-18492 bmo#1499861 + Use-after-free with select element + * CVE-2018-18493 bmo#1504452 + Buffer overflow in accelerated 2D canvas with Skia + * CVE-2018-18494 bmo#1487964 + Same-origin policy violation using location attribute and + performance.getEntries to steal cross-origin URLs + * CVE-2018-18495 bmo#1427585 + WebExtension content scripts can be loaded in about: pages + * CVE-2018-18496 bmo#1422231 (Windows only) + Embedded feed preview page can be abused for clickjacking + * CVE-2018-18497 bmo#1488180 + WebExtensions can load arbitrary URLs through pipe separators + * CVE-2018-18498 bmo#1500011 + Integer overflow when calculating buffer sizes for images + * CVE-2018-12406 bmo#1456947 bmo#1475669 bmo#1504816 bmo#1502886 + bmo#1500064 bmo#1500310 bmo#1500696 bmo#1498765 bmo#1499198 bmo#1434490 + bmo#1481745 bmo#1458129 + Memory safety bugs fixed in Firefox 64 + * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759 + bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471 + Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 +- requires + * rust/cargo >= 1.29 + * mozilla-nss >= 3.40.1 + * rust-cbindgen >= 0.6.4 +- rebased patches +- removed obsolete patch + * mozilla-bmo1491289.patch +- now uses clang primarily for compilation + +------------------------------------------------------------------- Wed Nov 28 11:07:18 UTC 2018 - Guillaume GARDET - Remove --disable-elf-hack when not available: on aarch64 and ppc64*