Firefo 57.0 final release (incl. changelogs)
--- a/MozillaFirefox/MozillaFirefox.changes Sat Nov 11 10:08:36 2017 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Thu Nov 16 21:22:39 2017 +0100
@@ -1,15 +1,52 @@
-------------------------------------------------------------------
-Thu Nov 9 15:01:30 UTC 2017 - wr@rosenauer.org
-
-- update to Firefox 57.0b14
+Wed Nov 15 06:46:06 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 57.0 (boo#1068101)
* Firefox Quantum
* Photon UI
+ * Unified address and search bar
* AMD VP9 hardware video decoder support
* Added support for Date/Time input
* stricter security sandbox blocking filesystem reading and
writing on Linux systems
* middle mouse paste in the content area no longer navigates to
URLs by default on Unix systems
+ MFSA 2017-24
+ * CVE-2017-7828 (bmo#1406750. bmo#1412252)
+ Use-after-free of PressShell while restyling layout
+ * CVE-2017-7830 (bmo#1408990)
+ Cross-origin URL information leak through Resource Timing API
+ * CVE-2017-7831 (bmo#1392026)
+ Information disclosure of exposed properties on JavaScript proxy
+ objects
+ * CVE-2017-7832 (bmo#1408782)
+ Domain spoofing through use of dotless 'i' character followed
+ by accent markers
+ * CVE-2017-7833 (bmo#1370497)
+ Domain spoofing with Arabic and Indic vowel marker characters
+ * CVE-2017-7834 (bmo#1358009)
+ data: URLs opened in new tabs bypass CSP protections
+ * CVE-2017-7835 (bmo#1402363)
+ Mixed content blocking incorrectly applies with redirects
+ * CVE-2017-7836 (bmo#1401339)
+ Pingsender dynamically loads libcurl on Linux and OS X
+ * CVE-2017-7837 (bmo#1325923)
+ SVG loaded as <img> can use meta tags to set cookies
+ * CVE-2017-7838 (bmo#1399540)
+ Failure of individual decoding of labels in international domain
+ names triggers punycode display of entire IDN
+ * CVE-2017-7839 (bmo#1402896)
+ Control characters before javascript: URLs defeats self-XSS
+ prevention mechanism
+ * CVE-2017-7840 (bmo#1366420)
+ Exported bookmarks do not strip script elements from user-supplied
+ tags
+ * CVE-2017-7842 (bmo#1397064)
+ Referrer Policy is not always respected for <link> elements
+ * CVE-2017-7827
+ Memory safety bugs fixed in Firefox 57
+ * CVE-2017-7826
+ Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
- requires NSPR 4.17, NSS 3.33 and rustc 1.19
- rebased patches
- added mozilla-bindgen-systemlibs.patch to allow stylo build
--- a/MozillaFirefox/MozillaFirefox.spec Sat Nov 11 10:08:36 2017 +0100
+++ b/MozillaFirefox/MozillaFirefox.spec Thu Nov 16 21:22:39 2017 +0100
@@ -18,11 +18,11 @@
# changed with every update
-%define major 56
-%define mainver %major.99
-%define update_channel beta
+%define major 57
+%define mainver %major.0
+%define update_channel release
%define branding 1
-%define releasedate 20171102181127
+%define releasedate 20171109183137
# PIE, full relro (x86_64 for now)
%define build_hardened 1
--- a/MozillaFirefox/create-tar.sh Sat Nov 11 10:08:36 2017 +0100
+++ b/MozillaFirefox/create-tar.sh Thu Nov 16 21:22:39 2017 +0100
@@ -5,10 +5,10 @@
# "moz_source_stamp": "c1de04f39fa956cfce83f6065b0e709369215ed5"
# http://ftp.mozilla.org/pub/firefox/candidates/48.0-candidates/build2/l10n_changesets.txt
-CHANNEL="beta"
+CHANNEL="release"
BRANCH="releases/mozilla-$CHANNEL"
-RELEASE_TAG="FIREFOX_57_0b14_RELEASE"
-VERSION="56.99"
+RELEASE_TAG="8af8bd128bd014669ad89774f47668b0b8109337" # build 3
+VERSION="57.0"
# mozilla
if [ -d mozilla ]; then