# HG changeset patch # User Wolfgang Rosenauer # Date 1541696187 -3600 # Node ID d8601c72c87bedea893944029753b71c2df2618e # Parent 2823eb50c9a9968d0ab1e4503032be0d645016b8 63.0.1 diff -r 2823eb50c9a9 -r d8601c72c87b MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Oct 29 15:14:41 2018 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Thu Nov 08 17:56:27 2018 +0100 @@ -1,4 +1,15 @@ ------------------------------------------------------------------- +Thu Nov 8 14:59:13 UTC 2018 - wr@rosenauer.org + +- update to Firefox 63.0.1 + * Snippets are not loaded due to missing element (bmo#1503047) + * Print preview always shows 30& scale when it is actually + Shrink To Fit (bmo#1501952) + * Dialog displayed when closing multiple windows shows unreplaced + %1$S placeholder in Japanese and potentially other locales + (bmo#1500823) + +------------------------------------------------------------------- Mon Oct 29 14:07:51 UTC 2018 - wr@rosenauer.org - update to Firefox 63.0 @@ -8,7 +19,41 @@ default behavior is activated only in new profiles and can be changed in preferences. * Added support for Web Components custom elements and shadow DOM + MFSA 2018-26 (bsc#1112852) + * CVE-2018-12391 (bmo#1478843) (Android-only) + HTTP Live Stream audio data is accessible cross-origin + * CVE-2018-12392 (bmo#1492823) + Crash with nested event loops + * CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs) + Integer overflow during Unicode conversion while loading JavaScript + * CVE-2018-12395 (bmo#1467523) + WebExtension bypass of domain restrictions through header rewriting + * CVE-2018-12396 (bmo#1483602) + WebExtension content scripts can execute in disallowed contexts + * CVE-2018-12397 (bmo#1487478) + Missing warning prompt when WebExtension requests local file access + * CVE-2018-12398 (bmo#1460538, bmo#1488061) + CSP bypass through stylesheet injection in resource URIs + * CVE-2018-12399 (bmo#1490276) + Spoofing of protocol registration notification bar + * CVE-2018-12400 (bmo#1448305) (Android only) + Favicons are cached in private browsing mode on Firefox for Android + * CVE-2018-12401 (bmo#1422456) + DOS attack through special resource URI parsing + * CVE-2018-12402 (bmo#1469916) + SameSite cookies leak when pages are explicitly saved + * CVE-2018-12403 (bmo#1484753) + Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP + * CVE-2018-12388 (bmo#1472639, bmo#1485698, bmo#1301547, bmo#1471427, + bmo#1379411, bmo#1482122, bmo#1486314, bmo#1487167) + Memory safety bugs fixed in Firefox 63 + * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159, + bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803, + bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699, + bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844) + Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 - requires NSPR 4.20, NSS 3.39 and Rust 1.28 +- latest rust does not provide rust-std so stop requiring it ------------------------------------------------------------------- Thu Oct 25 14:39:04 UTC 2018 - guillaume.gardet@opensuse.org diff -r 2823eb50c9a9 -r d8601c72c87b MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Mon Oct 29 15:14:41 2018 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Thu Nov 08 17:56:27 2018 +0100 @@ -13,18 +13,18 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # changed with every update %define major 63 -%define mainver %major.0 -%define orig_version 63.0 +%define mainver %major.0.1 +%define orig_version 63.0.1 %define orig_suffix %{nil} %define update_channel release %define branding 1 -%define releasedate 20181018182531 +%define releasedate 20181030165643 %define source_prefix firefox-%{orig_version} # PIE, full relro (x86_64 for now) @@ -80,7 +80,6 @@ BuildRequires: python2-xml BuildRequires: python3 >= 3.5 BuildRequires: rust >= 1.28 -BuildRequires: rust-std BuildRequires: startup-notification-devel BuildRequires: unzip BuildRequires: update-desktop-files diff -r 2823eb50c9a9 -r d8601c72c87b MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Mon Oct 29 15:14:41 2018 +0100 +++ b/MozillaFirefox/create-tar.sh Thu Nov 08 17:56:27 2018 +0100 @@ -7,8 +7,8 @@ CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_63_0_RELEASE" -VERSION="63.0" +RELEASE_TAG="FIREFOX_63_0_1_RELEASE" +VERSION="63.0.1" VERSION_SUFFIX="" LOCALE_FILE="firefox-$VERSION/browser/locales/l10n-changesets.json" diff -r 2823eb50c9a9 -r d8601c72c87b MozillaFirefox/source-stamp.txt --- a/MozillaFirefox/source-stamp.txt Mon Oct 29 15:14:41 2018 +0100 +++ b/MozillaFirefox/source-stamp.txt Thu Nov 08 17:56:27 2018 +0100 @@ -1,2 +1,2 @@ -REV=84219fbf133c +REV=6d5e52718c00 REPO=http://hg.mozilla.org/releases/mozilla-release