diff -r 75893a3d8fbe -r 847ae61baab6 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Wed May 02 09:28:53 2018 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Wed May 09 22:06:26 2018 +0200 @@ -1,14 +1,94 @@ ------------------------------------------------------------------- -Tue May 1 20:50:14 UTC 2018 - wr@rosenauer.org - -- update to Firefox 60.0b16 +Mon May 7 08:32:28 UTC 2018 - wr@rosenauer.org + +- update to Firefox 60.0 + * Added a policy engine that allows customized Firefox deployments + in enterprise environments, using Windows Group Policy or a + cross-platform JSON file + * Applied Quantum CSS to render browser UI + * Added support for Web Authentication, allowing the use of USB + tokens for authentication to web sites + * Locale added: Occitan (oc) + MFSA 2018-11 (bsc#1092548) + * CVE-2018-5154 (bmo#1443092) + Use-after-free with SVG animations and clip paths + * CVE-2018-5155 (bmo#1448774) + Use-after-free with SVG animations and text paths + * CVE-2018-5157 (bmo#1449898) + Same-origin bypass of PDF Viewer to view protected PDF files + * CVE-2018-5158 (bmo#1452075) + Malicious PDF can inject JavaScript into PDF Viewer + * CVE-2018-5159 (bmo#1441941) + Integer overflow and out-of-bounds write in Skia + * CVE-2018-5160 (bmo#1436117) + Uninitialized memory use by WebRTC encoder + * CVE-2018-5152 (bmo#1415644, bmo#1427289) + WebExtensions information leak through webRequest API + * CVE-2018-5153 (bmo#1436809) + Out-of-bounds read in mixed content websocket messages + * CVE-2018-5163 (bmo#1426353) + Replacing cached data in JavaScript Start-up Bytecode Cache + * CVE-2018-5164 (bmo#1416045) + CSP not applied to all multipart content sent with + multipart/x-mixed-replace + * CVE-2018-5166 (bmo#1437325) + WebExtension host permission bypass through filterReponseData + * CVE-2018-5167 (bmo#1447969) + Improper linkification of chrome: and javascript: content in + web console and JavaScript debugger + * CVE-2018-5168 (bmo#1449548) + Lightweight themes can be installed without user interaction + * CVE-2018-5169 (bmo#1319157) + Dragging and dropping link text onto home button can set home page + to include chrome pages + * CVE-2018-5172 (bmo#1436482) + Pasted script from clipboard can run in the Live Bookmarks page + or PDF viewer + * CVE-2018-5173 (bmo#1438025) + File name spoofing of Downloads panel with Unicode characters + * CVE-2018-5174 (bmo#1447080) (Windows-only) + Windows Defender SmartScreen UI runs with less secure behavior + for downloaded files in Windows 10 April 2018 Update + * CVE-2018-5175 (bmo#1432358) + Universal CSP bypass on sites using strict-dynamic in their policies + * CVE-2018-5176 (bmo#1442840) + JSON Viewer script injection + * CVE-2018-5177 (bmo#1451908) + Buffer overflow in XSLT during number formatting + * CVE-2018-5165 (bmo#1451452) + Checkbox for enabling Flash protected mode is inverted in 32-bit + Firefox + * CVE-2018-5180 (bmo#1444086) + heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced + * CVE-2018-5181 (bmo#1424107) + Local file can be displayed in noopener tab through drag and + drop of hyperlink + * CVE-2018-5182 (bmo#1435908) + Local file can be displayed from hyperlink dragged and dropped + on addressbar + * CVE-2018-5151 + Memory safety bugs fixed in Firefox 60 + * CVE-2018-5150 + Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 - removed obsolete patches 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch + mozilla-bmo1005535.patch - requires NSPR 4.19 and NSS 3.36.1 - -------------------------------------------------------------------- -Tue May 1 18:45:02 UTC 2018 - astieger@suse.com - +- requires rust 1.24 or higher +- use upstream source archive and detached signature for + source verification + +------------------------------------------------------------------- +Thu May 3 14:33:37 UTC 2018 - guillaume.gardet@opensuse.org + +- Fix armv7 build by: + * adding RUSTFLAGS="-Cdebuginfo=0" + * updating _constraints for %arm + +------------------------------------------------------------------- +Wed May 2 20:46:37 UTC 2018 - wr@rosenauer.org + +- do not try CSD on kwin (boo#1091592) - fix build in openSUSE:Leap:42.3:Update, use gcc7 -------------------------------------------------------------------