--- a/MozillaFirefox/MozillaFirefox.changes Tue Mar 19 09:48:05 2019 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Tue May 14 12:12:16 2019 +0200
@@ -1,4 +1,56 @@
-------------------------------------------------------------------
+Fri May 10 10:30:05 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 66.0.5
+ * Fixed: Further improvements to re-enable web extensions which
+ had been disabled for users with a master password set (bmo#1549249)
+
+-------------------------------------------------------------------
+Sun May 5 20:21:02 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 66.0.4 (boo#1134126)
+ * fix extension certificate chain
+ https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
+
+-------------------------------------------------------------------
+Thu Apr 11 09:16:17 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 66.0.3
+ * Fixed: Address bar on tablets running Windows 10 now behaves
+ correctly (bmo#1498973)
+ * Fixed: Performance issues with some HTML5 games (bmo#1537609)
+ * Fixed a bug with keypress events in IBM cloud applications
+ (bmo#1538970)
+ * Fix for keypress events in some Microsoft cloud applications
+ (bmo#1539618)
+ * Changed: Updated Baidu search plugin
+
+-------------------------------------------------------------------
+Thu Mar 28 19:01:41 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 66.0.2
+ * Fixed Web compatibility issues with Office 365, iCloud and
+ IBM WebMail caused by recent changes to the handling of
+ keyboard events (bmo#1538966)
+ * Crash fixes (bmo#1521370, bmo#1539118)
+
+-------------------------------------------------------------------
+Thu Mar 28 09:58:36 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Add patch to fix aarch64 build:
+ * mozilla-fix-aarch64-libopus.patch (bmo#1539737)
+
+-------------------------------------------------------------------
+Fri Mar 22 22:22:08 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 66.0.1
+ MFSA 2019-09 (bsc#1130262)
+ * CVE-2019-9810 (bmo#1537924)
+ IonMonkey MArraySlice has incorrect alias information
+ * CVE-2019-9813 (bmo#1538006)
+ Ionmonkey type confusion with __proto__ mutations
+
+-------------------------------------------------------------------
Sun Mar 17 10:08:51 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
- Mozilla Firefox 66.0
@@ -23,10 +75,58 @@
can add individual sites to an exceptions list or turn the blocking
off.
* System title bar is hidden by default to match Gnome guideline
+ MFSA 2019-07 (bsc#1129821)
+ * CVE-2019-9790 (bmo#1525145)
+ Use-after-free when removing in-use DOM elements
+ * CVE-2019-9791 (bmo#1530958)
+ Type inference is incorrect for constructors entered through on-stack
+ replacement with IonMonkey
+ * CVE-2019-9792 (bmo#1532599)
+ IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
+ * CVE-2019-9793 (bmo#1528829)
+ Improper bounds checks when Spectre mitigations are disabled
+ * CVE-2019-9794 (bmo#1530103) (Windows only)
+ Command line arguments not discarded during execution
+ * CVE-2019-9795 (bmo#1514682)
+ Type-confusion in IonMonkey JIT compiler
+ * CVE-2019-9796 (bmo#1531277)
+ Use-after-free with SMIL animation controller
+ * CVE-2019-9797 (bmo#1528909)
+ Cross-origin theft of images with createImageBitmap
+ * CVE-2019-9798 (bmo#1527534) (Android only)
+ Library is loaded from world writable APITRACE_LIB location
+ * CVE-2019-9799 (bmo#1505678)
+ Information disclosure via IPC channel messages
+ * CVE-2019-9801 (bmo#1527717) (Windows only)
+ Windows programs that are not 'URL Handlers' are exposed to web content
+ * CVE-2019-9802 (bmo#1415508)
+ Chrome process information leak
+ * CVE-2019-9803 (bmo#1515863, bmo#1437009)
+ Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
+ * CVE-2019-9804 (bmo#1518026) (MacOS only)
+ Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS
+ * CVE-2019-9805 (bmo#1521360)
+ Potential use of uninitialized memory in Prio
+ * CVE-2019-9806 (bmo#1525267)
+ Denial of service through successive FTP authorization prompts
+ * CVE-2019-9807 (bmo#1362050)
+ Text sent through FTP connection can be incorporated into alert messages
+ * CVE-2019-9809 (bmo#1282430, bmo#1523249)
+ Denial of service through FTP modal alert error messages
+ * CVE-2019-9808 (bmo#1434634)
+ WebRTC permissions can display incorrect origin with data: and blob: URLs
+ * CVE-2019-9789 bmo#1520483, bmo#1522987, bmo#1528199, bmo#1519337,
+ bmo#1525549, bmo#1516179, bmo#1518524, bmo#1518331, bmo#1526579,
+ bmo#1512567, bmo#1524335, bmo#1448505, bmo#1518821
+ Memory safety bugs fixed in Firefox 66
+ * CVE-2019-9788 bmo#1518001, bmo#1521304, bmo#1521214, bmo#1506665,
+ bmo#1516834, bmo#1518774, bmo#1524755, bmo#1523362, bmo#1524214, bmo#1529203
+ Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
- updated build/runtime requirements
* mozilla-nss >= 3.42.1
* cargo/rust >= 1.31
* rust-cbindgen >= 0.6.8
+ * nasm >= 2.13 (new)
- removed obsolete patch
* mozilla-bmo256180.patch
--- a/MozillaFirefox/MozillaFirefox.spec Tue Mar 19 09:48:05 2019 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec Tue May 14 12:12:16 2019 +0200
@@ -19,12 +19,12 @@
# changed with every update
%define major 66
-%define mainver %major.0
-%define orig_version 66.0
+%define mainver %major.0.5
+%define orig_version 66.0.5
%define orig_suffix %{nil}
%define update_channel release
%define branding 1
-%define releasedate 20190314174725
+%define releasedate 20190507012018
%define source_prefix firefox-%{orig_version}
# always build with GCC as SUSE Security Team requires that
@@ -163,6 +163,7 @@
Patch7: mozilla-aarch64-startup-crash.patch
Patch9: mozilla-bmo1463035.patch
Patch10: mozilla-cubeb-noreturn.patch
+Patch11: mozilla-fix-aarch64-libopus.patch
# Firefox/browser
Patch101: firefox-kde.patch
Patch102: firefox-branded-icons.patch
@@ -269,6 +270,7 @@
%patch7 -p1
%patch9 -p1
%patch10 -p1
+%patch11 -p1
# Firefox
%patch101 -p1
%patch102 -p1
--- a/MozillaFirefox/create-tar.sh Tue Mar 19 09:48:05 2019 +0100
+++ b/MozillaFirefox/create-tar.sh Tue May 14 12:12:16 2019 +0200
@@ -7,8 +7,8 @@
CHANNEL="release"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="164a57c0cdf0088e786e6b966e34fdd3799671d1"
-VERSION="66.0"
+RELEASE_TAG="96d2576eae4baf0aa961b4f5a1dadd26bb8ee823"
+VERSION="66.0.5"
VERSION_SUFFIX=""
LOCALE_FILE="firefox-$VERSION/browser/locales/l10n-changesets.json"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/MozillaFirefox/mozilla-fix-aarch64-libopus.patch Tue May 14 12:12:16 2019 +0200
@@ -0,0 +1,1 @@
+../mozilla-fix-aarch64-libopus.patch
\ No newline at end of file
--- a/MozillaFirefox/source-stamp.txt Tue Mar 19 09:48:05 2019 +0100
+++ b/MozillaFirefox/source-stamp.txt Tue May 14 12:12:16 2019 +0200
@@ -1,2 +1,2 @@
-REV=164a57c0cdf0
+REV=96d2576eae4b
REPO=http://hg.mozilla.org/releases/mozilla-release
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mozilla-fix-aarch64-libopus.patch Tue May 14 12:12:16 2019 +0200
@@ -0,0 +1,11 @@
+--- firefox-66.0.1.orig/media/libopus/silk/arm/arm_silk_map.c 2019-03-22 06:05:57.000000000 +0100
++++ firefox-66.0.1/media/libopus/silk/arm/arm_silk_map.c 2019-03-28 09:35:28.604948775 +0100
+@@ -28,7 +28,7 @@ POSSIBILITY OF SUCH DAMAGE.
+ # include "config.h"
+ #endif
+
+-#include "main_FIX.h"
++#include "../fixed/main_FIX.h"
+ #include "NSQ.h"
+ #include "SigProc_FIX.h"
+
--- a/series Tue Mar 19 09:48:05 2019 +0100
+++ b/series Tue May 14 12:12:16 2019 +0200
@@ -6,6 +6,7 @@
mozilla-aarch64-startup-crash.patch
mozilla-bmo1463035.patch
mozilla-cubeb-noreturn.patch
+mozilla-fix-aarch64-libopus.patch
# Firefox patches
firefox-kde.patch