diff -r 75893a3d8fbe -r 893fc4d031d6 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Wed May 02 09:28:53 2018 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Fri Jun 08 22:25:59 2018 +0200 @@ -1,14 +1,144 @@ ------------------------------------------------------------------- -Tue May 1 20:50:14 UTC 2018 - wr@rosenauer.org - -- update to Firefox 60.0b16 +Thu Jun 7 12:11:06 UTC 2018 - wr@rosenauer.org + +- update to Firefox 60.0.2 + * requires NSS 3.36.4 + MFSA 2018-14 (bsc#1096449) + * CVE-2018-6126 (bmo#1462682) + Heap buffer overflow rasterizing paths in SVG with Skia + +------------------------------------------------------------------- +Wed Jun 6 18:57:52 UTC 2018 - guillaume.gardet@opensuse.org + +- Add upstream patch to fix boo#1093059 instead of '-ffixed-x28' + workaround: + * mozilla-bmo1375074.patch + +------------------------------------------------------------------- +Sat May 26 15:53:25 UTC 2018 - wr@rosenauer.org + +- fixed "open with" option under KDE (boo#1094747) +- workaround crash on startup on aarch64 (boo#1093059) + (contributed by guillaume.gardet@arm.com) + +------------------------------------------------------------------- +Wed May 23 08:49:09 UTC 2018 - guillaume.gardet@opensuse.org + +- Disable webrtc for aarch64 due to bmo#1434589 +- Add patch to fix skia build on AArch64: + * mozilla-fix-skia-aarch64.patch + +------------------------------------------------------------------- +Thu May 17 14:01:18 UTC 2018 - wr@rosenauer.org + +- update to Firefox 60.0.1 + * Avoid overly long cycle collector pauses with some add-ons installed + (bmo#1449033) + * After unckecking the "Sponsored Stories" option, the New Tab page + now immediately stops displaying "Sponsored content" cards (bmo#1458906) + * On touchscreen devices, fixed momentum scrolling on non-zoomable pages + (bmo#1457743) + * Use the right default background when opening tabs or windows in + high contrast mode (bmo#1458956) + * Restored translations of the Preferences panels when using a + language pack (bmo#1461590) + +------------------------------------------------------------------- +Mon May 14 13:37:38 UTC 2018 - pcerny@suse.com + +- parellelise locales building + +------------------------------------------------------------------- +Mon May 7 08:32:28 UTC 2018 - wr@rosenauer.org + +- update to Firefox 60.0 + * Added a policy engine that allows customized Firefox deployments + in enterprise environments, using Windows Group Policy or a + cross-platform JSON file + * Applied Quantum CSS to render browser UI + * Added support for Web Authentication, allowing the use of USB + tokens for authentication to web sites + * Locale added: Occitan (oc) + MFSA 2018-11 (bsc#1092548) + * CVE-2018-5154 (bmo#1443092) + Use-after-free with SVG animations and clip paths + * CVE-2018-5155 (bmo#1448774) + Use-after-free with SVG animations and text paths + * CVE-2018-5157 (bmo#1449898) + Same-origin bypass of PDF Viewer to view protected PDF files + * CVE-2018-5158 (bmo#1452075) + Malicious PDF can inject JavaScript into PDF Viewer + * CVE-2018-5159 (bmo#1441941) + Integer overflow and out-of-bounds write in Skia + * CVE-2018-5160 (bmo#1436117) + Uninitialized memory use by WebRTC encoder + * CVE-2018-5152 (bmo#1415644, bmo#1427289) + WebExtensions information leak through webRequest API + * CVE-2018-5153 (bmo#1436809) + Out-of-bounds read in mixed content websocket messages + * CVE-2018-5163 (bmo#1426353) + Replacing cached data in JavaScript Start-up Bytecode Cache + * CVE-2018-5164 (bmo#1416045) + CSP not applied to all multipart content sent with + multipart/x-mixed-replace + * CVE-2018-5166 (bmo#1437325) + WebExtension host permission bypass through filterReponseData + * CVE-2018-5167 (bmo#1447969) + Improper linkification of chrome: and javascript: content in + web console and JavaScript debugger + * CVE-2018-5168 (bmo#1449548) + Lightweight themes can be installed without user interaction + * CVE-2018-5169 (bmo#1319157) + Dragging and dropping link text onto home button can set home page + to include chrome pages + * CVE-2018-5172 (bmo#1436482) + Pasted script from clipboard can run in the Live Bookmarks page + or PDF viewer + * CVE-2018-5173 (bmo#1438025) + File name spoofing of Downloads panel with Unicode characters + * CVE-2018-5174 (bmo#1447080) (Windows-only) + Windows Defender SmartScreen UI runs with less secure behavior + for downloaded files in Windows 10 April 2018 Update + * CVE-2018-5175 (bmo#1432358) + Universal CSP bypass on sites using strict-dynamic in their policies + * CVE-2018-5176 (bmo#1442840) + JSON Viewer script injection + * CVE-2018-5177 (bmo#1451908) + Buffer overflow in XSLT during number formatting + * CVE-2018-5165 (bmo#1451452) + Checkbox for enabling Flash protected mode is inverted in 32-bit + Firefox + * CVE-2018-5180 (bmo#1444086) + heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced + * CVE-2018-5181 (bmo#1424107) + Local file can be displayed in noopener tab through drag and + drop of hyperlink + * CVE-2018-5182 (bmo#1435908) + Local file can be displayed from hyperlink dragged and dropped + on addressbar + * CVE-2018-5151 + Memory safety bugs fixed in Firefox 60 + * CVE-2018-5150 + Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 - removed obsolete patches 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch + mozilla-bmo1005535.patch - requires NSPR 4.19 and NSS 3.36.1 - -------------------------------------------------------------------- -Tue May 1 18:45:02 UTC 2018 - astieger@suse.com - +- requires rust 1.24 or higher +- use upstream source archive and detached signature for + source verification + +------------------------------------------------------------------- +Thu May 3 14:33:37 UTC 2018 - guillaume.gardet@opensuse.org + +- Fix armv7 build by: + * adding RUSTFLAGS="-Cdebuginfo=0" + * updating _constraints for %arm + +------------------------------------------------------------------- +Wed May 2 20:46:37 UTC 2018 - wr@rosenauer.org + +- do not try CSD on kwin (boo#1091592) - fix build in openSUSE:Leap:42.3:Update, use gcc7 -------------------------------------------------------------------