# HG changeset patch # User Wolfgang Rosenauer # Date 1557828736 -7200 # Node ID 5d7b22f6b177297387bd3f0a062c152474bedb8a # Parent eca1c1f2fe500e3bd439a8fa5d001d986e614b2c 66.0.5 diff -r eca1c1f2fe50 -r 5d7b22f6b177 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Tue Mar 19 09:48:05 2019 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Tue May 14 12:12:16 2019 +0200 @@ -1,4 +1,56 @@ ------------------------------------------------------------------- +Fri May 10 10:30:05 UTC 2019 - Manfred Hollstein + +- Mozilla Firefox 66.0.5 + * Fixed: Further improvements to re-enable web extensions which + had been disabled for users with a master password set (bmo#1549249) + +------------------------------------------------------------------- +Sun May 5 20:21:02 UTC 2019 - Wolfgang Rosenauer + +- Mozilla Firefox 66.0.4 (boo#1134126) + * fix extension certificate chain + https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/ + +------------------------------------------------------------------- +Thu Apr 11 09:16:17 UTC 2019 - Manfred Hollstein + +- Mozilla Firefox 66.0.3 + * Fixed: Address bar on tablets running Windows 10 now behaves + correctly (bmo#1498973) + * Fixed: Performance issues with some HTML5 games (bmo#1537609) + * Fixed a bug with keypress events in IBM cloud applications + (bmo#1538970) + * Fix for keypress events in some Microsoft cloud applications + (bmo#1539618) + * Changed: Updated Baidu search plugin + +------------------------------------------------------------------- +Thu Mar 28 19:01:41 UTC 2019 - Manfred Hollstein + +- Mozilla Firefox 66.0.2 + * Fixed Web compatibility issues with Office 365, iCloud and + IBM WebMail caused by recent changes to the handling of + keyboard events (bmo#1538966) + * Crash fixes (bmo#1521370, bmo#1539118) + +------------------------------------------------------------------- +Thu Mar 28 09:58:36 UTC 2019 - Guillaume GARDET + +- Add patch to fix aarch64 build: + * mozilla-fix-aarch64-libopus.patch (bmo#1539737) + +------------------------------------------------------------------- +Fri Mar 22 22:22:08 UTC 2019 - Wolfgang Rosenauer + +- Mozilla Firefox 66.0.1 + MFSA 2019-09 (bsc#1130262) + * CVE-2019-9810 (bmo#1537924) + IonMonkey MArraySlice has incorrect alias information + * CVE-2019-9813 (bmo#1538006) + Ionmonkey type confusion with __proto__ mutations + +------------------------------------------------------------------- Sun Mar 17 10:08:51 UTC 2019 - Wolfgang Rosenauer - Mozilla Firefox 66.0 @@ -23,10 +75,58 @@ can add individual sites to an exceptions list or turn the blocking off. * System title bar is hidden by default to match Gnome guideline + MFSA 2019-07 (bsc#1129821) + * CVE-2019-9790 (bmo#1525145) + Use-after-free when removing in-use DOM elements + * CVE-2019-9791 (bmo#1530958) + Type inference is incorrect for constructors entered through on-stack + replacement with IonMonkey + * CVE-2019-9792 (bmo#1532599) + IonMonkey leaks JS_OPTIMIZED_OUT magic value to script + * CVE-2019-9793 (bmo#1528829) + Improper bounds checks when Spectre mitigations are disabled + * CVE-2019-9794 (bmo#1530103) (Windows only) + Command line arguments not discarded during execution + * CVE-2019-9795 (bmo#1514682) + Type-confusion in IonMonkey JIT compiler + * CVE-2019-9796 (bmo#1531277) + Use-after-free with SMIL animation controller + * CVE-2019-9797 (bmo#1528909) + Cross-origin theft of images with createImageBitmap + * CVE-2019-9798 (bmo#1527534) (Android only) + Library is loaded from world writable APITRACE_LIB location + * CVE-2019-9799 (bmo#1505678) + Information disclosure via IPC channel messages + * CVE-2019-9801 (bmo#1527717) (Windows only) + Windows programs that are not 'URL Handlers' are exposed to web content + * CVE-2019-9802 (bmo#1415508) + Chrome process information leak + * CVE-2019-9803 (bmo#1515863, bmo#1437009) + Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation + * CVE-2019-9804 (bmo#1518026) (MacOS only) + Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS + * CVE-2019-9805 (bmo#1521360) + Potential use of uninitialized memory in Prio + * CVE-2019-9806 (bmo#1525267) + Denial of service through successive FTP authorization prompts + * CVE-2019-9807 (bmo#1362050) + Text sent through FTP connection can be incorporated into alert messages + * CVE-2019-9809 (bmo#1282430, bmo#1523249) + Denial of service through FTP modal alert error messages + * CVE-2019-9808 (bmo#1434634) + WebRTC permissions can display incorrect origin with data: and blob: URLs + * CVE-2019-9789 bmo#1520483, bmo#1522987, bmo#1528199, bmo#1519337, + bmo#1525549, bmo#1516179, bmo#1518524, bmo#1518331, bmo#1526579, + bmo#1512567, bmo#1524335, bmo#1448505, bmo#1518821 + Memory safety bugs fixed in Firefox 66 + * CVE-2019-9788 bmo#1518001, bmo#1521304, bmo#1521214, bmo#1506665, + bmo#1516834, bmo#1518774, bmo#1524755, bmo#1523362, bmo#1524214, bmo#1529203 + Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 - updated build/runtime requirements * mozilla-nss >= 3.42.1 * cargo/rust >= 1.31 * rust-cbindgen >= 0.6.8 + * nasm >= 2.13 (new) - removed obsolete patch * mozilla-bmo256180.patch diff -r eca1c1f2fe50 -r 5d7b22f6b177 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Tue Mar 19 09:48:05 2019 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Tue May 14 12:12:16 2019 +0200 @@ -19,12 +19,12 @@ # changed with every update %define major 66 -%define mainver %major.0 -%define orig_version 66.0 +%define mainver %major.0.5 +%define orig_version 66.0.5 %define orig_suffix %{nil} %define update_channel release %define branding 1 -%define releasedate 20190314174725 +%define releasedate 20190507012018 %define source_prefix firefox-%{orig_version} # always build with GCC as SUSE Security Team requires that @@ -163,6 +163,7 @@ Patch7: mozilla-aarch64-startup-crash.patch Patch9: mozilla-bmo1463035.patch Patch10: mozilla-cubeb-noreturn.patch +Patch11: mozilla-fix-aarch64-libopus.patch # Firefox/browser Patch101: firefox-kde.patch Patch102: firefox-branded-icons.patch @@ -269,6 +270,7 @@ %patch7 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 # Firefox %patch101 -p1 %patch102 -p1 diff -r eca1c1f2fe50 -r 5d7b22f6b177 MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Tue Mar 19 09:48:05 2019 +0100 +++ b/MozillaFirefox/create-tar.sh Tue May 14 12:12:16 2019 +0200 @@ -7,8 +7,8 @@ CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="164a57c0cdf0088e786e6b966e34fdd3799671d1" -VERSION="66.0" +RELEASE_TAG="96d2576eae4baf0aa961b4f5a1dadd26bb8ee823" +VERSION="66.0.5" VERSION_SUFFIX="" LOCALE_FILE="firefox-$VERSION/browser/locales/l10n-changesets.json" diff -r eca1c1f2fe50 -r 5d7b22f6b177 MozillaFirefox/mozilla-fix-aarch64-libopus.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/MozillaFirefox/mozilla-fix-aarch64-libopus.patch Tue May 14 12:12:16 2019 +0200 @@ -0,0 +1,1 @@ +../mozilla-fix-aarch64-libopus.patch \ No newline at end of file diff -r eca1c1f2fe50 -r 5d7b22f6b177 MozillaFirefox/source-stamp.txt --- a/MozillaFirefox/source-stamp.txt Tue Mar 19 09:48:05 2019 +0100 +++ b/MozillaFirefox/source-stamp.txt Tue May 14 12:12:16 2019 +0200 @@ -1,2 +1,2 @@ -REV=164a57c0cdf0 +REV=96d2576eae4b REPO=http://hg.mozilla.org/releases/mozilla-release diff -r eca1c1f2fe50 -r 5d7b22f6b177 mozilla-fix-aarch64-libopus.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mozilla-fix-aarch64-libopus.patch Tue May 14 12:12:16 2019 +0200 @@ -0,0 +1,11 @@ +--- firefox-66.0.1.orig/media/libopus/silk/arm/arm_silk_map.c 2019-03-22 06:05:57.000000000 +0100 ++++ firefox-66.0.1/media/libopus/silk/arm/arm_silk_map.c 2019-03-28 09:35:28.604948775 +0100 +@@ -28,7 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. + # include "config.h" + #endif + +-#include "main_FIX.h" ++#include "../fixed/main_FIX.h" + #include "NSQ.h" + #include "SigProc_FIX.h" + diff -r eca1c1f2fe50 -r 5d7b22f6b177 series --- a/series Tue Mar 19 09:48:05 2019 +0100 +++ b/series Tue May 14 12:12:16 2019 +0200 @@ -6,6 +6,7 @@ mozilla-aarch64-startup-crash.patch mozilla-bmo1463035.patch mozilla-cubeb-noreturn.patch +mozilla-fix-aarch64-libopus.patch # Firefox patches firefox-kde.patch