MozillaFirefox/MozillaFirefox.changes
author Wolfgang Rosenauer <wr@rosenauer.org>
Mon, 08 Jul 2019 12:56:52 +0200
branchfirefox67
changeset 1096 4c248180e576
parent 1094 a25638dad81d
child 1097 840132a4a9b3
permissions -rw-r--r--
67.0.4 current Factory state
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
893
86f72f1e98a4 prepare Gtk3 based builds on a feature branch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 892
diff changeset
     1
-------------------------------------------------------------------
1096
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
     2
Mon Jul  2 14:15:17 UTC 2019 - Martin Liška <mliska@suse.cz>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
     3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
     4
- Enable PGO for x86_64.
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
     5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
     6
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
     7
Thu Jun 20 06:20:59 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
     8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
     9
- Mozilla Firefox 67.0.4
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    10
  MFSA 2019-19 (boo#1138872)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    11
  * CVE-2019-11708 (bmo#1559858)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    12
    sandbox escape using Prompt:Open
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    14
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    15
Tue Jun 18 18:36:15 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    17
- Mozilla Firefox 67.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    18
  MFSA 2019-18 (boo#1138614)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    19
  * CVE-2019-11707 (bmo#1544386)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    20
    Type confusion in Array.pop
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    21
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    22
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    23
Thu Jun 12 14:56:32 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    24
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    25
- Mozilla Firefox 67.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    26
  * Fixed: Fix JavaScript error ("TypeError: data is null in
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    27
    PrivacyFilter.jsm") in console which may significantly degrade
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    28
    sessionstore reliability and performance (bmo#1553413)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    29
  * Fixed: Proxy authentication dialog box repeatedly pops up
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    30
    asking to authenticate after upgrading to Firefox 67 (bmo#1548804)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    31
  * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    32
    implementation (bmo#1551282)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    33
  * Fixed: Starting in safe mode on Linux or macOS causes Firefox
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    34
    to think on the subsequent launch that the profile is too
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    35
    recent to be used with this version of Firefox (bmo#1556612)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    36
  * Fixed: Linux distribution users can't easily install/use
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    37
    additional/different languages using the built-in preferences
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    38
    UI (bmo#1554744)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    39
  * Fixed: Developer tools users can't copy the href/src content
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    40
    from various HTML tags via the context menu in the Inspector
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    41
    markup view (bmo#1552275)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    42
  * Fixed: Custom home page is broken with clearing data on shutdown
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    43
    settings applied (bmo#1554167)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    44
  * Fixed: Performance-regression for eclipse RAP based applications
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    45
    (bmo#1555962)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    46
  * Fixed: macOS 10.15 crash fix (bmo#1556076)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    47
  * Fixed: Can't start two downloads in parallel via <a download>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    48
    anymore (bmo#1542912)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    49
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    50
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    51
Thu Jun  6 06:49:51 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    52
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    53
- Mozilla Firefox 67.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    54
  * enable enhanced tracking protection by default for new users
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    55
  * upgrade of Facebook container to version 2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    56
  * new version of Firefox Lockwise (password management)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    57
  * new version of Firefox Monitor
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    58
  * Firefox Send improvements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    59
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    60
-------------------------------------------------------------------
1094
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    61
Sun May 19 20:40:30 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
1093
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    62
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    63
- Mozilla Firefox 67.0
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    64
  * Firefox 67 will be able to run different Firefox installs side by side
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    65
    https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    66
  * Tabs can now be pinned from the Page Actions menu in the address bar
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    67
  * Users can block known cryptominers and fingerprinters in the
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    68
    Custom settings or their Content Blocking preferences
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    69
  * The Import Data from Another Browser feature is now also available
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    70
    from the File menu
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    71
  * Firefox will now protect you against running older versions which
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    72
    can lead to data corruption and stability issues
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    73
  * Easier access to your list of saved logins from the main menu and
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    74
    login autocomplete
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    75
  * We’ve added a toolbar menu for your Firefox Account to provide more
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    76
    transparency for when you are synced, sharing data across devices
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    77
    and with Firefox. Personalize the appearance of the menu with your
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    78
    own avatar
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    79
  * Enable FIDO U2F API, and permit registrations for Google Accounts
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
    80
  * Enabled AV1 support on Linux
1096
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
    81
  MFSA 2019-13 (boo#1135824)
1094
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    82
  * CVE-2019-9815 (bmo#1546544)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    83
    Disable hyperthreading on content JavaScript threads on macOS
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    84
  * CVE-2019-9816 (bmo#1536768)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    85
    Type confusion with object groups and UnboxedObjects
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    86
  * CVE-2019-9817 (bmo#1540221)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    87
    Stealing of cross-domain images using canvas
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    88
  * CVE-2019-9818 (bmo#1542581) (Windows only)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    89
    Use-after-free in crash generation server
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    90
  * CVE-2019-9819 (bmo#1532553)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    91
    Compartment mismatch with fetch API
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    92
  * CVE-2019-9820 (bmo#1536405)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    93
    Use-after-free of ChromeEventHandler by DocShell
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    94
  * CVE-2019-9821 (bmo#1539125)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    95
    Use-after-free in AssertWorkerThread
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    96
  * CVE-2019-11691 (bmo#1542465)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    97
    Use-after-free in XMLHttpRequest
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    98
  * CVE-2019-11692 (bmo#1544670)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
    99
    Use-after-free removing listeners in the event listener manager
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   100
  * CVE-2019-11693 (bmo#1532525)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   101
    Buffer overflow in WebGL bufferdata on Linux
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   102
  * CVE-2019-7317 (bmo#1542829)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   103
    Use-after-free in png_image_free of libpng library
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   104
  * CVE-2019-11694 (bmo#1534196) (Windows only)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   105
    Uninitialized memory memory leakage in Windows sandbox
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   106
  * CVE-2019-11695 (bmo#1445844)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   107
    Custom cursor can render over user interface outside of web content
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   108
  * CVE-2019-11696 (bmo#1392955)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   109
    Java web start .JNLP files are not recognized as executable files
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   110
    for download prompts
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   111
  * CVE-2019-11697 (bmo#1440079)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   112
    Pressing key combinations can bypass installation prompt delays and
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   113
    install extensions
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   114
  * CVE-2019-11698 (bmo#1543191)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   115
    Theft of user history data through drag and drop of hyperlinks
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   116
    to and from bookmarks
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   117
  * CVE-2019-11700 (bmo#1549833) (Windows only)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   118
    res: protocol can be used to open known local files
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   119
  * CVE-2019-11699 (bmo#1528939)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   120
    Incorrect domain name highlighting during page navigation
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   121
  * CVE-2019-11701 (bmo#1518627)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   122
    webcal: protocol default handler loads vulnerable web page
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   123
  * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   124
    bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   125
    Memory safety bugs fixed in Firefox 67
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   126
  * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   127
    bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   128
    bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   129
    bmo#1532465, bmo#1533554, bmo#1541580)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   130
    Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
1093
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   131
- requires
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   132
  * rust/cargo >= 1.32
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   133
  * mozilla-nspr >= 4.21
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   134
  * mozilla-nss >= 3.43
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   135
  * rust-cbindgen >= 0.8.2
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   136
- rebased patches
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   137
- KDE integration for default browser detection is broken in this revision
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   138
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   139
-------------------------------------------------------------------
1094
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   140
Fri May 17 12:04:49 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   141
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   142
- Fix armv7 build with:
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   143
  * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   144
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   145
-------------------------------------------------------------------
1092
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   146
Fri May 10 10:30:05 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   147
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   148
- Mozilla Firefox 66.0.5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   149
  * Fixed: Further improvements to re-enable web extensions which
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   150
    had been disabled for users with a master password set (bmo#1549249)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   151
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   152
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   153
Sun May  5 20:21:02 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   154
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   155
- Mozilla Firefox 66.0.4 (boo#1134126)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   156
  * fix extension certificate chain
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   157
    https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   158
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   159
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   160
Thu Apr 11 09:16:17 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   161
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   162
- Mozilla Firefox 66.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   163
  * Fixed: Address bar on tablets running Windows 10 now behaves
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   164
    correctly (bmo#1498973)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   165
  * Fixed: Performance issues with some HTML5 games (bmo#1537609)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   166
  * Fixed a bug with keypress events in IBM cloud applications
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   167
    (bmo#1538970)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   168
  * Fix for keypress events in some Microsoft cloud applications
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   169
    (bmo#1539618)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   170
  * Changed: Updated Baidu search plugin
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   171
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   172
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   173
Thu Mar 28 19:01:41 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   174
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   175
- Mozilla Firefox 66.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   176
  * Fixed Web compatibility issues with Office 365, iCloud and
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   177
    IBM WebMail caused by recent changes to the handling of
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   178
    keyboard events (bmo#1538966)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   179
  * Crash fixes (bmo#1521370, bmo#1539118)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   180
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   181
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   182
Thu Mar 28 09:58:36 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   183
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   184
- Add patch to fix aarch64 build:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   185
  * mozilla-fix-aarch64-libopus.patch (bmo#1539737)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   186
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   187
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   188
Fri Mar 22 22:22:08 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   189
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   190
- Mozilla Firefox 66.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   191
  MFSA 2019-09 (bsc#1130262)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   192
  * CVE-2019-9810 (bmo#1537924)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   193
    IonMonkey MArraySlice has incorrect alias information
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   194
  * CVE-2019-9813 (bmo#1538006)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   195
    Ionmonkey type confusion with __proto__ mutations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   196
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   197
-------------------------------------------------------------------
1089
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   198
Sun Mar 17 10:08:51 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   199
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   200
- Mozilla Firefox 66.0
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   201
  * Increased content processes to 8
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   202
  * Added capability to search through open tabs from the tab overflow menu
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   203
  * New backend for the storage.local WebExtensions API, providing
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   204
    I/O performance improvements when the extension updates a small
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   205
    subset of the stored data
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   206
  * WebExtension keyboard shortcuts can now be managed or overridden
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   207
    from about:addons
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   208
  * Improved scrolling behavior: Firefox will now attempt to keep content
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   209
    from jumping around while a page is loading by supporting scroll
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   210
    anchoring
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   211
  * New about:privatebrowsing with search
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   212
  * A certificate error page now notifies the user of the name of the
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   213
    certificate issuer that breaks HTTPs connections on intercepted
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   214
    connections to help troubleshooting possible anti-virus software
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   215
    issues.
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   216
  * Fixed an performance issue some Linux users experienced with the
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   217
    Downloads panel (bmo#1517101)
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   218
  * Firefox now blocks all autoplay media with sound by default. Users
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   219
    can add individual sites to an exceptions list or turn the blocking
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   220
    off.
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   221
  * System title bar is hidden by default to match Gnome guideline
1092
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   222
  MFSA 2019-07 (bsc#1129821)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   223
  * CVE-2019-9790 (bmo#1525145)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   224
    Use-after-free when removing in-use DOM elements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   225
  * CVE-2019-9791 (bmo#1530958)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   226
    Type inference is incorrect for constructors entered through on-stack
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   227
    replacement with IonMonkey
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   228
  * CVE-2019-9792 (bmo#1532599)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   229
    IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   230
  * CVE-2019-9793 (bmo#1528829)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   231
    Improper bounds checks when Spectre mitigations are disabled
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   232
  * CVE-2019-9794 (bmo#1530103) (Windows only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   233
    Command line arguments not discarded during execution
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   234
  * CVE-2019-9795 (bmo#1514682)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   235
    Type-confusion in IonMonkey JIT compiler
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   236
  * CVE-2019-9796 (bmo#1531277)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   237
    Use-after-free with SMIL animation controller
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   238
  * CVE-2019-9797 (bmo#1528909)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   239
    Cross-origin theft of images with createImageBitmap
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   240
  * CVE-2019-9798 (bmo#1527534) (Android only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   241
    Library is loaded from world writable APITRACE_LIB location
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   242
  * CVE-2019-9799 (bmo#1505678)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   243
    Information disclosure via IPC channel messages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   244
  * CVE-2019-9801 (bmo#1527717) (Windows only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   245
    Windows programs that are not 'URL Handlers' are exposed to web content
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   246
  * CVE-2019-9802 (bmo#1415508)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   247
    Chrome process information leak
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   248
  * CVE-2019-9803 (bmo#1515863, bmo#1437009)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   249
    Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   250
  * CVE-2019-9804 (bmo#1518026) (MacOS only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   251
    Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   252
  * CVE-2019-9805 (bmo#1521360)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   253
    Potential use of uninitialized memory in Prio
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   254
  * CVE-2019-9806 (bmo#1525267)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   255
    Denial of service through successive FTP authorization prompts
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   256
  * CVE-2019-9807 (bmo#1362050)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   257
    Text sent through FTP connection can be incorporated into alert messages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   258
  * CVE-2019-9809 (bmo#1282430, bmo#1523249)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   259
    Denial of service through FTP modal alert error messages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   260
  * CVE-2019-9808 (bmo#1434634)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   261
    WebRTC permissions can display incorrect origin with data: and blob: URLs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   262
  * CVE-2019-9789 bmo#1520483, bmo#1522987, bmo#1528199, bmo#1519337,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   263
    bmo#1525549, bmo#1516179, bmo#1518524, bmo#1518331, bmo#1526579,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   264
    bmo#1512567, bmo#1524335, bmo#1448505, bmo#1518821
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   265
    Memory safety bugs fixed in Firefox 66
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   266
  * CVE-2019-9788 bmo#1518001, bmo#1521304, bmo#1521214, bmo#1506665,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   267
    bmo#1516834, bmo#1518774, bmo#1524755, bmo#1523362, bmo#1524214, bmo#1529203
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   268
    Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
1089
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   269
- updated build/runtime requirements
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   270
  * mozilla-nss >= 3.42.1
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   271
  * cargo/rust >= 1.31
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   272
  * rust-cbindgen >= 0.6.8
1092
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   273
  * nasm >= 2.13 (new)
1089
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   274
- removed obsolete patch
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   275
  * mozilla-bmo256180.patch
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   276
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   277
-------------------------------------------------------------------
1087
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   278
Tue Mar  5 10:17:01 UTC 2019 - Stephan Kulow <coolo@suse.com>
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   279
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   280
- Do not hardcode nodejs8 but leave the prefer to the distribution
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   281
  (Tumbleweed staging wants to switch to nodejs10)
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   282
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   283
-------------------------------------------------------------------
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   284
Fri Feb 15 13:45:57 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   285
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   286
- Update _constraints to avoid 'no space left' error seen on aarch64
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   287
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   288
-------------------------------------------------------------------
1086
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   289
Wed Feb 13 07:17:28 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   290
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   291
- Mozilla Firefox 65.0.1
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   292
  * Fixed accidental requests to addons.mozilla.org when an addon
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   293
    recommendation doorhanger is shown (bmo#1526387)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   294
  * Improved playback of interactive Netflix videos (bmo#1524500)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   295
  * Fixed incorrect sizing of the "Clear Recent History" window in
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   296
    some situations (bmo#1523696)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   297
  * Fixed audio & video delays while making WebRTC calls
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   298
    (bmo#1521577, bmo#1523817)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   299
  * Fixed video sizing problems during some WebRTC calls (bmo#1520200)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   300
  * Fixed looping CONNECT requests when using WebSockets over HTTP/2
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   301
    from behind a proxy server (bmo#1523427)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   302
  * Fixed the "Enter" key not working on password entry fields for
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   303
    certain Linux distributions (bmo#1523635)
1087
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   304
  MFSA 2019-04 (bsc#1125330)
1086
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   305
  * CVE-2018-18356 bmo#1525817
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   306
    Use-after-free in Skia
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   307
  * CVE-2019-5785 bmo#1525433
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   308
    Integer overflow in Skia
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   309
  * CVE-2018-18511 bmo#1526218
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   310
    Cross-origin theft of images with ImageBitmapRenderingContext
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   311
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   312
-------------------------------------------------------------------
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   313
Wed Feb 13 06:12:43 UTC 2019 - Martin Liška <mliska@suse.cz>
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   314
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   315
- Enable LTO only for latest new toolchain (boo#1125038) for x86_64
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   316
  (with increased memory constraints)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   317
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   318
-------------------------------------------------------------------
1085
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   319
Sat Jan 26 22:37:01 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   320
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   321
- Mozilla Firefox 65.0
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   322
  * Enhanced tracking protection
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   323
  * allow switching of UI locales within preferences
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   324
  * support for the WebP image format
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   325
  * "top"-like about:performance
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   326
  MFSA 2019-01 (bsc#1122983)
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   327
  * CVE-2018-18500 bmo#1510114
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   328
    Use-after-free parsing HTML5 stream
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   329
  * CVE-2018-18503 bmo#1509442
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   330
    Memory corruption with Audio Buffer
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   331
  * CVE-2018-18504 bmo#1496413
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   332
    Memory corruption and out-of-bounds read of texture client
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   333
  * CVE-2018-18505 bmo#1497749
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   334
    Privilege escalation through IPC channel messages
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   335
  * CVE-2018-18506 bmo#1503393
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   336
    Proxy Auto-Configuration file can define localhost access to be proxied
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   337
  * CVE-2018-18502 bmo#1499426 bmo#1480090 bmo#1472990 bmo#1514762
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   338
    bmo#1501482 bmo#1505887 bmo#1508102 bmo#1508618 bmo#1511580
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   339
    bmo#1493497 bmo#1510145 bmo#1516289 bmo#1506798 bmo#1512758
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   340
    Memory safety bugs fixed in Firefox 65
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   341
  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   342
    bmo#1502871 bmo#1516738 bmo#1516514
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   343
    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   344
- requires
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   345
  NSS 3.41
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   346
  rust/carge 1.30
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   347
  rust-cbindgen 0.6.7
1086
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   348
- rebased patches
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   349
- remove workaround for build memory consumption on i586; other
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   350
  mitigations meanwhile introduced (mainly parallelity) will be
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   351
  sufficient
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   352
  mozilla-reduce-files-per-UnifiedBindings.patch
1085
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   353
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   354
-------------------------------------------------------------------
1084
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   355
Tue Jan 15 14:32:03 UTC 2019 - Martin Liška <mliska@suse.cz>
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   356
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   357
- Increase disk constraint.
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   358
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   359
-------------------------------------------------------------------
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   360
Mon Jan 14 12:12:12 UTC 2019 - Martin Liška <mliska@suse.cz>
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   361
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   362
- Remove -v from mach build in order to work-around bmo#1500436.
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   363
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   364
-------------------------------------------------------------------
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   365
Fri Jan 11 15:07:14 UTC 2019 - Martin Liška <mliska@suse.cz>
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   366
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   367
- Set %clang_build to false on all architectures
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   368
- Do not use -fno-delete-null-pointer-checks and -fno-strict-aliasing:
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   369
  it should not be needed anymore
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   370
- Do not overwrite enable-optimize and when possible
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   371
  enable --enable-debug-symbols.
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   372
- Add -v to mach in order to make build verbose.
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   373
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   374
-------------------------------------------------------------------
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   375
Wed Jan  9 22:40:14 UTC 2019 - astieger@suse.com
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   376
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   377
- Mozilla Firefox 64.0.2:
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   378
  * Update the Japanese translation for missing strings (bmo#1513259)
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   379
  * Properly restore column sizes in developer tools inspector (bmo#1503175)
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   380
  * Fixed video stuttering on Youtube (bmo#1513511)
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   381
  * Fix updates for some lightweight themes (bmo#1508777)
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   382
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   383
-------------------------------------------------------------------
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   384
Tue Dec 18 14:46:41 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   385
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   386
- Enable build_hardened for all architectures
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   387
- Switch back aarch64 to clang as '-fPIC' fixes bmo#1513605
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   388
- Remove obolete '--enable-pie' as -pie is always enabled for
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   389
  gcc and clang
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   390
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   391
-------------------------------------------------------------------
1083
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   392
Wed Dec 12 17:33:29 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   393
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   394
- Switch aarch64 builds back to gcc, not clang (bmo#1513605)
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   395
- Switch %arm builds back to gcc, not clang to avoid OOM
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   396
- Fix build flags when clang is not used
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   397
- Fix flags for clang ppc64 builds
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   398
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   399
-------------------------------------------------------------------
1082
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   400
Tue Dec 11 08:45:56 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org>
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   401
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   402
- update to Firefox 64.0
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   403
  * Better recommendations: You may see suggestions in regular browsing
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   404
    mode for new and relevant Firefox features, services, and extensions
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   405
    based on how you use the web (for US users only)
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   406
  * Enhanced tab management: You can now select multiple tabs from the
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   407
    tab bar and close, move, bookmark, or pin them quickly and easily
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   408
  * Easier performance management: The new Task Manager page found at
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   409
    about:performance lets you see how much energy each open tab consumes
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   410
    and provides access to close tabs to conserve power
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   411
  * Improved performance for Mac and Linux users, by enabling link time
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   412
    optimization (Clang LTO).
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   413
  * Added option to remove add-ons using the context menu on their
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   414
    toolbar buttons
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   415
  * RSS feed preview and live bookmarks are available only via add-ons
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   416
  * TLS certificates issued by Symantec are no longer trusted by Firefox.
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   417
    Website operators are strongly encouraged to replace any remaining
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   418
    Symantec TLS certificates as soon as possible
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   419
  MFSA 2018-29 (bsc#1119105)
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   420
  * CVE-2018-12407 bmo#1505973
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   421
    Buffer overflow with ANGLE library when using VertexBuffer11 module
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   422
  * CVE-2018-17466 bmo#1488295
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   423
    Buffer overflow and out-of-bounds read in ANGLE library with
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   424
    TextureStorage11
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   425
  * CVE-2018-18492 bmo#1499861
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   426
    Use-after-free with select element
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   427
  * CVE-2018-18493 bmo#1504452
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   428
    Buffer overflow in accelerated 2D canvas with Skia
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   429
  * CVE-2018-18494 bmo#1487964
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   430
    Same-origin policy violation using location attribute and
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   431
    performance.getEntries to steal cross-origin URLs
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   432
  * CVE-2018-18495 bmo#1427585
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   433
    WebExtension content scripts can be loaded in about: pages
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   434
  * CVE-2018-18496 bmo#1422231 (Windows only)
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   435
    Embedded feed preview page can be abused for clickjacking
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   436
  * CVE-2018-18497 bmo#1488180
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   437
    WebExtensions can load arbitrary URLs through pipe separators
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   438
  * CVE-2018-18498 bmo#1500011
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   439
    Integer overflow when calculating buffer sizes for images
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   440
  * CVE-2018-12406 bmo#1456947 bmo#1475669 bmo#1504816 bmo#1502886
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   441
    bmo#1500064 bmo#1500310 bmo#1500696 bmo#1498765 bmo#1499198 bmo#1434490
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   442
    bmo#1481745 bmo#1458129
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   443
    Memory safety bugs fixed in Firefox 64
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   444
  * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   445
    bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   446
    Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   447
- requires
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   448
  * rust/cargo >= 1.29
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   449
  * mozilla-nss >= 3.40.1
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   450
  * rust-cbindgen >= 0.6.4
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   451
- rebased patches
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   452
- removed obsolete patch
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   453
  * mozilla-bmo1491289.patch
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   454
- now uses clang primarily for compilation
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   455
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   456
-------------------------------------------------------------------
1081
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   457
Wed Nov 28 11:07:18 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   458
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   459
- Remove --disable-elf-hack when not available: on aarch64 and ppc64*
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   460
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   461
-------------------------------------------------------------------
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   462
Mon Nov 26 09:46:02 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   463
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   464
- Clean-up %arm build
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   465
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   466
-------------------------------------------------------------------
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   467
Sun Nov 18 11:01:21 UTC 2018 - manfred.h@gmx.net
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   468
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   469
- update to Firefox 63.0.3
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   470
  * Games using WebGL (created in Unity) get stuck after very short
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   471
    time of gameplay (bmo#1502748)
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   472
  * Slow page loading for some users with specific proxy configurations
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   473
    (bmo#1495024)
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   474
  * Disable HTTP response throttling by default for causing bugs with
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   475
    videos in background tabs (bmo#1503354)
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   476
  * Opening magnet links no longer works (bmo#1498934)
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   477
  * Crash fixes (bmo#1498510, bmo#1503424)
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   478
- removed mozilla-newer-cbindgen.patch; no longer needed
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   479
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   480
-------------------------------------------------------------------
1077
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   481
Thu Nov  8 14:59:13 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   482
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   483
- update to Firefox 63.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   484
  * Snippets are not loaded due to missing element (bmo#1503047)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   485
  * Print preview always shows 30& scale when it is actually
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   486
    Shrink To Fit (bmo#1501952)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   487
  * Dialog displayed when closing multiple windows shows unreplaced
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   488
    %1$S placeholder in Japanese and potentially other locales
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   489
    (bmo#1500823)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   490
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   491
-------------------------------------------------------------------
1075
0831123bc28a final 63.0 release preparations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1074
diff changeset
   492
Mon Oct 29 14:07:51 UTC 2018 - wr@rosenauer.org
0831123bc28a final 63.0 release preparations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1074
diff changeset
   493
0831123bc28a final 63.0 release preparations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1074
diff changeset
   494
- update to Firefox 63.0
1074
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   495
  * WebExtensions now run in their own process on Linux
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   496
  * The Ctrl+Tab shortcut now displays thumbnail previews of your
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   497
    tabs and cycles through tabs in recently used order. This new
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   498
    default behavior is activated only in new profiles and can be
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   499
    changed in preferences.
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   500
  * Added support for Web Components custom elements and shadow DOM
1077
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   501
  MFSA 2018-26 (bsc#1112852)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   502
  * CVE-2018-12391 (bmo#1478843) (Android-only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   503
    HTTP Live Stream audio data is accessible cross-origin
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   504
  * CVE-2018-12392 (bmo#1492823)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   505
    Crash with nested event loops
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   506
  * CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   507
    Integer overflow during Unicode conversion while loading JavaScript
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   508
  * CVE-2018-12395 (bmo#1467523)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   509
    WebExtension bypass of domain restrictions through header rewriting
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   510
  * CVE-2018-12396 (bmo#1483602)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   511
    WebExtension content scripts can execute in disallowed contexts
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   512
  * CVE-2018-12397 (bmo#1487478)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   513
    Missing warning prompt when WebExtension requests local file access
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   514
  * CVE-2018-12398 (bmo#1460538, bmo#1488061)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   515
    CSP bypass through stylesheet injection in resource URIs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   516
  * CVE-2018-12399 (bmo#1490276)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   517
    Spoofing of protocol registration notification bar
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   518
  * CVE-2018-12400 (bmo#1448305) (Android only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   519
    Favicons are cached in private browsing mode on Firefox for Android
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   520
  * CVE-2018-12401 (bmo#1422456)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   521
    DOS attack through special resource URI parsing
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   522
  * CVE-2018-12402 (bmo#1469916)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   523
    SameSite cookies leak when pages are explicitly saved
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   524
  * CVE-2018-12403 (bmo#1484753)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   525
    Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   526
  * CVE-2018-12388 (bmo#1472639, bmo#1485698, bmo#1301547, bmo#1471427,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   527
    bmo#1379411, bmo#1482122, bmo#1486314, bmo#1487167)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   528
    Memory safety bugs fixed in Firefox 63
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   529
  * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   530
    bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   531
    bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   532
    bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   533
    Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
1074
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   534
- requires NSPR 4.20, NSS 3.39 and Rust 1.28
1077
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   535
- latest rust does not provide rust-std so stop requiring it
1079
1663e876731f latest toolchain updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1078
diff changeset
   536
- requires rust-cbindgen >= 0.6.2 to build
1663e876731f latest toolchain updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1078
diff changeset
   537
- requires nodejs >= 8.11 to build
1078
9f49c406dc11 63.0.1 release candidate with several build updates and required fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1077
diff changeset
   538
- added mozilla-bmo1491289.patch to fix system NSS build (bmo#1491289)
9f49c406dc11 63.0.1 release candidate with several build updates and required fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1077
diff changeset
   539
- added mozilla-cubeb-noreturn.patch to fix non-return function
1079
1663e876731f latest toolchain updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1078
diff changeset
   540
- added mozilla-newer-cbindgen.patch to fix build with cbindgen 0.6.7
1663e876731f latest toolchain updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1078
diff changeset
   541
- disable elfhack for TW and newer due to build errors
1081
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   542
- removed obsolete patches
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   543
  * mozilla-no-return.patch
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   544
  * mozilla-no-stdcxx-check.patch
1073
63a32fb3b602 merge from firefox62 and prepare for 63beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1072
diff changeset
   545
63a32fb3b602 merge from firefox62 and prepare for 63beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1072
diff changeset
   546
-------------------------------------------------------------------
1076
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   547
Thu Oct 25 14:39:04 UTC 2018 - guillaume.gardet@opensuse.org
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   548
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   549
- Update _constraints for armv6/7
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   550
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   551
-------------------------------------------------------------------
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   552
Thu Oct 25 08:50:24 UTC 2018 - guillaume.gardet@opensuse.org
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   553
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   554
- Add patch to fix build on armv7:
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   555
  * mozilla-bmo1463035.patch
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   556
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   557
-------------------------------------------------------------------
1072
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   558
Tue Oct  2 21:28:31 UTC 2018 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   559
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   560
- Mozilla Firefox 62.0.3:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   561
  MFSA 2018-24
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   562
  * CVE-2018-12386 (bsc#1110506, bmo#1493900)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   563
    Type confusion in JavaScript allowed remote code execution
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   564
  * CVE-2018-12387 (bsc#1110507, bmo#1493903)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   565
    Array.prototype.push stack pointer vulnerability may enable
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   566
    exploits in the sandboxed content process
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   567
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   568
-------------------------------------------------------------------
1071
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   569
Sat Sep 22 09:03:53 UTC 2018 - astieger@suse.com
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   570
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   571
- Mozilla Firefox 62.0.2:
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   572
  MFSA 2018-22
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   573
  * CVE-2018-12385 (boo#1109363, bmo#1490585)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   574
    Crash in TransportSecurityInfo due to cached data
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   575
  * Unvisited bookmarks can once again be autofilled in the address
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   576
    bar
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   577
  * Fix WebGL rendering issues
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   578
  * Fix fallback on startup when a language pack is missing
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   579
  * Avoid crash when sharing a profile with newer (as yet
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   580
    unreleased) versions of Firefox
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   581
  * Do not undo removal of search engines when using a language
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   582
    pack
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   583
  * Fixed rendering of some web sites
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   584
  * Restored compatibility with some sites using deprecated TLS
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   585
    settings
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   586
- disable rust debug symbols to fix build on %ix86
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   587
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   588
-------------------------------------------------------------------
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   589
Mon Sep  3 10:47:43 UTC 2018 - wr@rosenauer.org
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   590
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   591
- update to Firefox 62.0
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   592
  * Firefox Home (the default New Tab) now allows users to display
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   593
    up to 4 rows of top sites, Pocket stories, and highlights
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   594
  * "Reopen in Container" tab menu option appears for users with
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   595
    Containers that lets them choose to reopen a tab in a different
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   596
    container
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   597
  * In advance of removing all trust for Symantec-issued certificates
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   598
    in Firefox 63, a preference was added that allows users to distrust
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   599
    certificates issued by Symantec. To use this preference, go to
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   600
    about:config in the address bar and set the preference
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   601
    "security.pki.distrust_ca_policy" to 2.
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   602
  * Support for CSS Shapes, allowing for richer web page layouts.
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   603
    This goes hand in hand with a brand new Shape Path Editor in the
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   604
    CSS inspector.
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   605
  * CSS Variable Fonts (OpenType Font Variations) support, which makes
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   606
    it possible to create beautiful typography with a single font file
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   607
  * Added Canadian English (en-CA) locale
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   608
  MFSA 2018-20 (bsc#1107343)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   609
  * CVE-2018-12377 (bmo#1470260)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   610
    Use-after-free in refresh driver timers
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   611
  * CVE-2018-12378 (bmo#1459383)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   612
    Use-after-free in IndexedDB
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   613
  * CVE-2018-12379 (bmo#1473113) (updater is disabled for us)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   614
    Out-of-bounds write with malicious MAR file
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   615
  * CVE-2017-16541 (bmo#1412081)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   616
    Proxy bypass using automount and autofs
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   617
  * CVE-2018-12381 (bmo#1435319)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   618
    Dragging and dropping Outlook email message results in page navigation
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   619
  * CVE-2018-12382 (bmo#1479311) (Android only)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   620
    Addressbar spoofing with javascript URI on Firefox for Android
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   621
  * CVE-2018-12383 (bmo#1475775)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   622
    Setting a master password post-Firefox 58 does not delete
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   623
    unencrypted previously stored passwords
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   624
  * CVE-2018-12375
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   625
    Memory safety bugs fixed in Firefox 62
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   626
  * CVE-2018-12376
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   627
    Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
1066
3f18b0f2a868 merge from firefox61 and specify next beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1065
diff changeset
   628
- requires NSS >= 3.38
1071
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   629
- removed obsolete patch
1067
735b140fb042 rebased patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1066
diff changeset
   630
  mozilla-bmo1464766.patch
1066
3f18b0f2a868 merge from firefox61 and specify next beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1065
diff changeset
   631
3f18b0f2a868 merge from firefox61 and specify next beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1065
diff changeset
   632
-------------------------------------------------------------------
1065
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   633
Thu Aug  9 14:22:00 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   634
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   635
- update to Firefox 61.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   636
  * Improved website rendering with the Retained Display List feature
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   637
    enabled (bmo#1474402)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   638
  * Fixed broken DevTools panels with certain extensions installed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   639
    (bmo#1474379)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   640
  * Fixed a crash for users with some accessibility tools enabled
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   641
    (bmo#1474007)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   642
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   643
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   644
Mon Jul  9 07:22:09 UTC 2018 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   645
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   646
- Mozilla Firefox 61.0.1:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   647
  * Fix missing content on the New Tab Page and the Home section of
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   648
    the Preferences page (bmo#1471375)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   649
  * Fixed loss of bookmarks under rare circumstances when upgrading
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   650
    from Firefox 60 (bmo#1472127)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   651
  * Improved playback of Twitch 1080p video streams (bmo#1469257)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   652
  * Web pages no longer lose focus when a browser popup window is
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   653
    opened (bmo#1471415)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   654
  * Re-allowed downloading files from FTP sites via the "Save Link
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   655
    As" option when linked from HTTP pages (bmo#1470295)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   656
  * Fixed extensions being unable to override the default homepage
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   657
    in certain situations (bmo#1466846)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   658
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   659
-------------------------------------------------------------------
1061
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   660
Sat Jun 23 07:25:51 UTC 2018 - wr@rosenauer.org
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   661
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   662
- update to Firefox 61.0
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   663
  * Performance enhancements
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   664
  * Various improvements for dark theme support will provide a more
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   665
    consistent experience across the entire Firefox UI
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   666
  * OpenSearch plugins offered by web pages can now be added from the
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   667
    page action menu for easier installation
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   668
  * Improved support for allowing WebExtensions to manage and hide tabs
1065
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   669
  MFSA 2018-15 (bsc#1098998)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   670
  * CVE-2018-12359 (bmo#1459162)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   671
    Buffer overflow using computed size of canvas element
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   672
  * CVE-2018-12360 (bmo#1459693)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   673
    Use-after-free when using focus()
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   674
  * CVE-2018-12361 (bmo#1463244)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   675
    Integer overflow in SwizzleData
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   676
  * CVE-2018-12358 (bmo#1467852)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   677
    Same-origin bypass using service worker and redirection
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   678
  * CVE-2018-12362 (bmo#1452375)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   679
    Integer overflow in SSSE3 scaler
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   680
  * CVE-2018-5156 (bmo#1453127)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   681
    Media recorder segmentation fault when track type is changed during capture
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   682
  * CVE-2018-12363 (bmo#1464784)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   683
    Use-after-free when appending DOM nodes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   684
  * CVE-2018-12364 (bmo#1436241)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   685
    CSRF attacks through 307 redirects and NPAPI plugins
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   686
  * CVE-2018-12365 (bmo#1459206)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   687
    Compromised IPC child process can list local filenames
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   688
  * CVE-2018-12371 (bmo#1465686) 
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   689
    Integer overflow in Skia library during edge builder allocation
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   690
  * CVE-2018-12366 (bmo#1464039)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   691
    Invalid data handling during QCMS transformations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   692
  * CVE-2018-12367 (bmo#1462891)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   693
    Timing attack mitigation of PerformanceNavigationTiming
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   694
  * CVE-2018-12369 (bmo#1454909)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   695
    WebExtension security permission checks bypassed by embedded experiments
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   696
  * CVE-2018-12370 (bmo#1456652)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   697
    SameSite cookie protections bypassed when exiting Reader View
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   698
  * CVE-2018-5186 (bmo#1464872,bmo#1463329,bmo#1419373,bmo#1412882,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   699
    bmo#1413033,bmo#1444673,bmo#1454448,bmo#1453505,bmo#1438671)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   700
    Memory safety bugs fixed in Firefox 61
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   701
  * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   702
    bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   703
    bmo#1463884)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   704
    Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   705
  * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   706
    bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   707
    bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   708
    bmo#1464079,bmo#1463494,bmo#1458048)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   709
    Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
1054
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   710
- requires NSS 3.37.3
1065
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   711
- requires python >= 3.5 to build
1055
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   712
- removed obsolete patches
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   713
  mozilla-i586-DecoderDoctorLogger.patch
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   714
  mozilla-i586-domPrefs.patch
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   715
  mozilla-fix-skia-aarch64.patch
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   716
  mozilla-bmo1375074.patch
1065
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   717
  mozilla-enable-csd.patch
1057
b70ce330958c successfull RPM build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1056
diff changeset
   718
- patch for new no-return warnings (mozilla-no-return.patch)
1059
936bf8851c57 try to make langpacks work again
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1057
diff changeset
   719
- do not disable system installed locales (mozilla-bmo1464766.patch)
1054
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   720
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   721
-------------------------------------------------------------------
1056
90e1f32cf034 several changes to make upstream tarballs a good neighbour for locale fetching and HG checkouts
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1055
diff changeset
   722
Fri Jun  8 10:52:13 UTC 2018 - bjorn.lie@gmail.com
1054
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   723
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   724
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   725
  conditional --disable-gconf to configure: no longer pull in
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   726
  obsolete gconf2 for Tumbleweed.
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   727
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   728
-------------------------------------------------------------------
1052
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   729
Thu Jun  7 12:11:06 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   730
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   731
- update to Firefox 60.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   732
  * requires NSS 3.36.4
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   733
  MFSA 2018-14 (bsc#1096449)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   734
  * CVE-2018-6126 (bmo#1462682)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   735
    Heap buffer overflow rasterizing paths in SVG with Skia
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   736
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   737
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   738
Wed Jun  6 18:57:52 UTC 2018 - guillaume.gardet@opensuse.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   739
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   740
- Add upstream patch to fix boo#1093059 instead of '-ffixed-x28'
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   741
  workaround:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   742
  * mozilla-bmo1375074.patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   743
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   744
-------------------------------------------------------------------
1051
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   745
Sat May 26 15:53:25 UTC 2018 - wr@rosenauer.org
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   746
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   747
- fixed "open with" option under KDE (boo#1094747)
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   748
- workaround crash on startup on aarch64 (boo#1093059)
1052
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   749
  (contributed by guillaume.gardet@arm.com)
1051
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   750
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   751
-------------------------------------------------------------------
1049
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   752
Wed May 23 08:49:09 UTC 2018 - guillaume.gardet@opensuse.org
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   753
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   754
- Disable webrtc for aarch64 due to bmo#1434589
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   755
- Add patch to fix skia build on AArch64:
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   756
  * mozilla-fix-skia-aarch64.patch
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   757
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   758
-------------------------------------------------------------------
1048
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   759
Thu May 17 14:01:18 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   760
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   761
- update to Firefox 60.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   762
  * Avoid overly long cycle collector pauses with some add-ons installed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   763
    (bmo#1449033)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   764
  * After unckecking the "Sponsored Stories" option, the New Tab page
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   765
    now immediately stops displaying "Sponsored content" cards (bmo#1458906)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   766
  * On touchscreen devices, fixed momentum scrolling on non-zoomable pages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   767
    (bmo#1457743)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   768
  * Use the right default background when opening tabs or windows in
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   769
    high contrast mode (bmo#1458956)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   770
  * Restored translations of the Preferences panels when using a
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   771
    language pack (bmo#1461590)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   772
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   773
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   774
Mon May 14 13:37:38 UTC 2018 - pcerny@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   775
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   776
- parellelise locales building
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   777
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   778
-------------------------------------------------------------------
1047
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   779
Mon May  7 08:32:28 UTC 2018 - wr@rosenauer.org
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   780
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   781
- update to Firefox 60.0
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   782
  * Added a policy engine that allows customized Firefox deployments
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   783
    in enterprise environments, using Windows Group Policy or a
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   784
    cross-platform JSON file
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   785
  * Applied Quantum CSS to render browser UI
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   786
  * Added support for Web Authentication, allowing the use of USB
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   787
    tokens for authentication to web sites
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   788
  * Locale added: Occitan (oc)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   789
  MFSA 2018-11 (bsc#1092548)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   790
  * CVE-2018-5154 (bmo#1443092)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   791
    Use-after-free with SVG animations and clip paths
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   792
  * CVE-2018-5155 (bmo#1448774)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   793
    Use-after-free with SVG animations and text paths
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   794
  * CVE-2018-5157 (bmo#1449898)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   795
    Same-origin bypass of PDF Viewer to view protected PDF files
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   796
  * CVE-2018-5158 (bmo#1452075)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   797
    Malicious PDF can inject JavaScript into PDF Viewer
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   798
  * CVE-2018-5159 (bmo#1441941)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   799
    Integer overflow and out-of-bounds write in Skia
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   800
  * CVE-2018-5160 (bmo#1436117)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   801
    Uninitialized memory use by WebRTC encoder
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   802
  * CVE-2018-5152 (bmo#1415644, bmo#1427289)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   803
    WebExtensions information leak through webRequest API
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   804
  * CVE-2018-5153 (bmo#1436809)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   805
    Out-of-bounds read in mixed content websocket messages
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   806
  * CVE-2018-5163 (bmo#1426353)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   807
    Replacing cached data in JavaScript Start-up Bytecode Cache
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   808
  * CVE-2018-5164 (bmo#1416045)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   809
    CSP not applied to all multipart content sent with
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   810
    multipart/x-mixed-replace
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   811
  * CVE-2018-5166 (bmo#1437325)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   812
    WebExtension host permission bypass through filterReponseData
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   813
  * CVE-2018-5167 (bmo#1447969)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   814
    Improper linkification of chrome: and javascript: content in
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   815
    web console and JavaScript debugger
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   816
  * CVE-2018-5168 (bmo#1449548)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   817
    Lightweight themes can be installed without user interaction
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   818
  * CVE-2018-5169 (bmo#1319157)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   819
    Dragging and dropping link text onto home button can set home page
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   820
    to include chrome pages
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   821
  * CVE-2018-5172 (bmo#1436482)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   822
    Pasted script from clipboard can run in the Live Bookmarks page
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   823
    or PDF viewer
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   824
  * CVE-2018-5173 (bmo#1438025)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   825
    File name spoofing of Downloads panel with Unicode characters
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   826
  * CVE-2018-5174 (bmo#1447080) (Windows-only)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   827
    Windows Defender SmartScreen UI runs with less secure behavior
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   828
    for downloaded files in Windows 10 April 2018 Update
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   829
  * CVE-2018-5175 (bmo#1432358)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   830
    Universal CSP bypass on sites using strict-dynamic in their policies
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   831
  * CVE-2018-5176 (bmo#1442840)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   832
    JSON Viewer script injection
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   833
  * CVE-2018-5177 (bmo#1451908)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   834
    Buffer overflow in XSLT during number formatting
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   835
  * CVE-2018-5165 (bmo#1451452)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   836
    Checkbox for enabling Flash protected mode is inverted in 32-bit
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   837
    Firefox
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   838
  * CVE-2018-5180 (bmo#1444086)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   839
    heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   840
  * CVE-2018-5181 (bmo#1424107)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   841
    Local file can be displayed in noopener tab through drag and
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   842
    drop of hyperlink
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   843
  * CVE-2018-5182 (bmo#1435908)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   844
    Local file can be displayed from hyperlink dragged and dropped
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   845
    on addressbar
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   846
  * CVE-2018-5151
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   847
    Memory safety bugs fixed in Firefox 60
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   848
  * CVE-2018-5150
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   849
    Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
1046
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   850
- removed obsolete patches
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   851
  0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
1047
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   852
  mozilla-bmo1005535.patch
1046
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   853
- requires NSPR 4.19 and NSS 3.36.1
1047
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   854
- requires rust 1.24 or higher
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   855
- use upstream source archive and detached signature for
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   856
  source verification
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   857
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   858
-------------------------------------------------------------------
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   859
Thu May  3 14:33:37 UTC 2018 - guillaume.gardet@opensuse.org
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   860
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   861
- Fix armv7 build by:
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   862
  * adding RUSTFLAGS="-Cdebuginfo=0"
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   863
  * updating _constraints for %arm
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   864
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   865
-------------------------------------------------------------------
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   866
Wed May  2 20:46:37 UTC 2018 - wr@rosenauer.org
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   867
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
   868
- do not try CSD on kwin (boo#1091592)
1046
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   869
- fix build in openSUSE:Leap:42.3:Update, use gcc7
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   870
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   871
-------------------------------------------------------------------
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   872
Tue May  1 14:26:24 UTC 2018 - astieger@suse.com
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   873
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   874
- Mozilla Firefox 59.0.3:
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   875
  * fixes for platforms other than GNU/Linux
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   876
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   877
-------------------------------------------------------------------
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   878
Fri Apr 20 12:31:52 UTC 2018 - mliska@suse.cz
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   879
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   880
- Add 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   881
  in order to fix boo#1090362.
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   882
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   883
-------------------------------------------------------------------
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   884
Mon Apr  2 00:55:45 UTC 2018 - badshah400@gmail.com
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   885
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   886
- Add back mozilla-enable-csd.patch: New rebased version from
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
   887
  Fedora for version 59.0.x.
1044
142a0c92607c merge latest from 59.x
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1043
diff changeset
   888
142a0c92607c merge latest from 59.x
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1043
diff changeset
   889
-------------------------------------------------------------------
1043
5ba4fbb8bed7 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1041
diff changeset
   890
Tue Mar 27 14:07:11 UTC 2018 - schwab@suse.de
5ba4fbb8bed7 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1041
diff changeset
   891
5ba4fbb8bed7 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1041
diff changeset
   892
- Reduce constraints on aarch64
5ba4fbb8bed7 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1041
diff changeset
   893
5ba4fbb8bed7 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1041
diff changeset
   894
-------------------------------------------------------------------
1041
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   895
Tue Mar 27 06:40:25 UTC 2018 - wr@rosenauer.org
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   896
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   897
- update to Firefox 59.0.2
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   898
  * Invalid page rendering with hardware acceleration enabled (bmo#1435472)
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   899
  * Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   900
    that use those keys with resistFingerprinting enabled (bmo#1433592)
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   901
  * High CPU / memory churn caused by third-party software on some
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   902
    computers (bmo#1446280)
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   903
  * Users who have configured an "automatic proxy configuration URL"
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   904
    and want to reload their proxy settings from the URL will find
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   905
    the Reload button disabled in the Connection Settings dialog when
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   906
    they select Preferences/Options>Network Proxy>Settings... (bmo#1445991)
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   907
  * URL Fragment Identifiers Break Service Worker Responses (bmo#1443850)
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   908
  * User's trying to cancel a print around the time it completes will
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   909
    continue to get intermittent crashes (bmo#1441598)
1043
5ba4fbb8bed7 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1041
diff changeset
   910
  MFSA 2018-10 (bsc#1087059)
1041
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   911
  * CVE-2018-5148 (bmo#1440717)
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   912
    Use-after-free in compositor
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   913
- removed obsolete patch mozilla-bmo1446062.patch
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   914
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   915
-------------------------------------------------------------------
1040
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   916
Wed Mar 21 17:14:24 UTC 2018 - cgrobertson@suse.com
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   917
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   918
- Added patches:
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   919
  * mozilla-i586-DecoderDoctorLogger.patch - bmo#1447070
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   920
    fixes non-unified build error
1041
516dd1ea89e8 Firefox 59.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1040
diff changeset
   921
  * mozilla-i586-domPrefs.patch - DOMPrefs.h
1040
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   922
    fixes 32bit build error
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   923
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   924
-------------------------------------------------------------------
1039
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   925
Fri Mar 16 06:40:11 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   926
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   927
- update to Firefox 59.0.1 (bsc#1085671)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   928
  MFSA 2018-08
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   929
  * CVE-2018-5146 (bmo#1446062)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   930
    Vorbis audio processing out of bounds write
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   931
  * CVE-2018-5147 (bmo#1446365)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   932
    Out of bounds memory write in libtremor
1040
246b98b59979 added i586 patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1039
diff changeset
   933
    (mozilla-bmo1446062.patch)
1039
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   934
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   935
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   936
Wed Mar 14 19:27:07 UTC 2018 - cgrobertson@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   937
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   938
- Added patch:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   939
  * mozilla-bmo1005535.patch:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   940
    Enable skia_gpu on big endian platforms.
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   941
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   942
-------------------------------------------------------------------
1037
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   943
Sun Mar 11 22:12:12 UTC 2018 - wr@rosenauer.org
1036
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1035
diff changeset
   944
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1035
diff changeset
   945
- update to Firefox 59.0
1037
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   946
  * Performance enhancements
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   947
  * Drag-and-drop to rearrange Top Sites on the Firefox Home page
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   948
  * added features for Firefox Screenshots
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   949
  * Enhanced WebExtensions API
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   950
  * Improved RTC capabilities
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   951
  MFSA 2018-06 (bsc#1085130)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   952
  * CVE-2018-5127 (bmo#1430557)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   953
    Buffer overflow manipulating SVG animatedPathSegList
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   954
  * CVE-2018-5128 (bmo#1431336)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   955
    Use-after-free manipulating editor selection ranges
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   956
  * CVE-2018-5129 (bmo#1428947)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   957
    Out-of-bounds write with malformed IPC messages
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   958
  * CVE-2018-5130 (bmo#1433005)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   959
    Mismatched RTP payload type can trigger memory corruption
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   960
  * CVE-2018-5131 (bmo#1440775)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   961
    Fetch API improperly returns cached copies of no-store/no-cache resources
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   962
  * CVE-2018-5132 (bmo#1408194)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   963
    WebExtension Find API can search privileged pages
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   964
  * CVE-2018-5133 (bmo#1430511, bmo#1430974)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   965
    Value of the app.support.baseURL preference is not properly sanitized
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   966
  * CVE-2018-5134 (bmo#1429379)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   967
    WebExtensions may use view-source: URLs to bypass content restrictions
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   968
  * CVE-2018-5135 (bmo#1431371)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   969
    WebExtension browserAction can inject scripts into unintended contexts
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   970
  * CVE-2018-5136 (bmo#1419166)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   971
    Same-origin policy violation with data: URL shared workers
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   972
  * CVE-2018-5137 (bmo#1432870)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   973
    Script content can access legacy extension non-contentaccessible resources
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   974
  * CVE-2018-5138 (bmo#1432624) (Android only)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   975
    Android Custom Tab address spoofing through long domain names
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   976
  * CVE-2018-5140 (bmo#1424261)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   977
    Moz-icon images accessible to web content through moz-icon: protocol
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   978
  * CVE-2018-5141 (bmo#1429093)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   979
    DOS attack through notifications Push API
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   980
  * CVE-2018-5142 (bmo#1366357)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   981
    Media Capture and Streams API permissions display incorrect origin
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   982
    with data: and blob: URLs
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   983
  * CVE-2018-5143 (bmo#1422643)
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   984
    Self-XSS pasting javascript: URL with embedded tab into addressbar
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   985
  * CVE-2018-5126
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   986
    Memory safety bugs fixed in Firefox 59
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   987
  * CVE-2018-5125
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
   988
    Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
1031
4b419fce88dc merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1030
diff changeset
   989
- requires NSPR 4.18 and NSS 3.35
4b419fce88dc merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1030
diff changeset
   990
- requires rust >= 1.22.1
1032
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
   991
- removed obsolete patches:
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
   992
  mozilla-alsa-sandbox.patch
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
   993
  mozilla-enable-csd.patch
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
   994
  firefox-no-default-ualocale.patch
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
   995
- removed l10n_changesets.txt since same information is now in
8220ea23b47d remove obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1031
diff changeset
   996
  Firefox source tree (updated create-tar.sh now requires jq)
1031
4b419fce88dc merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1030
diff changeset
   997
4b419fce88dc merge from firefox58 and prepare for 59.0b8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1030
diff changeset
   998
-------------------------------------------------------------------
1039
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
   999
Fri Feb  9 13:37:46 UTC 2018 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
  1000
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
  1001
- Mozilla Firefox 58.0.2:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
  1002
  * Blocklisted graphics drivers related to off main thread painting
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
  1003
    crashes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
  1004
  * Fix tab crash during printing
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
  1005
  * Fix clicking links and scrolling emails on Microsoft Hotmail
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
  1006
    and Outlook (OWA) webmail
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
  1007
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1037
diff changeset
  1008
-------------------------------------------------------------------
1030
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
  1009
Fri Feb  9 12:06:31 UTC 2018 - wr@rosenauer.org
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
  1010
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
  1011
- correct requires and provides handling (boo#1076907)
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
  1012
cd02d400c081 correct requires and provides handling (boo#1076907)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1029
diff changeset
  1013
-------------------------------------------------------------------
1029
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
  1014
Tue Feb  6 07:03:42 UTC 2018 - fstrba@suse.com
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
  1015
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
  1016
- Added patch:
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
  1017
  * mozilla-alsa-sandbox.patch: Fix bmo#1430274, ALSA sound (still
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
  1018
    or again?) not working in Firefox 58 due to sandboxing.
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
  1019
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
  1020
-------------------------------------------------------------------
1028
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1027
diff changeset
  1021
Mon Jan 29 22:32:21 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1027
diff changeset
  1022
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1027
diff changeset
  1023
- update to Firefox 58.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1027
diff changeset
  1024
  MFSA 2018-05
1037
d61b64679bb4 59.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1036
diff changeset
  1025
  * Arbitrary code execution through unsanitized browser UI (bmo#1432966)
1029
725d6acf23b5 fix alsa
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1028
diff changeset
  1026
- use correct language packs
1027
7071f6ebfda6 CSD functionality
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1026
diff changeset
  1027
- readd mozilla-enable-csd.patch as it only lands for FF59 upstream
7071f6ebfda6 CSD functionality
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1026
diff changeset
  1028
- allow larger number of nested elements (mozilla-bmo256180.patch)
7071f6ebfda6 CSD functionality
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1026
diff changeset
  1029
7071f6ebfda6 CSD functionality
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1026
diff changeset
  1030
-------------------------------------------------------------------
1026
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1031
Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1032
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1033
- update to Firefox 58.0 (bsc#1077291)
1023
fce335a42db7 new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1020
diff changeset
  1034
  * Added Nepali (ne-NP) locale
fce335a42db7 new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1020
diff changeset
  1035
  * Added support for form autofill for credit card
fce335a42db7 new features (incl. new locale)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1020
diff changeset
  1036
  * Optimize page load by caching JavaScript internal representation
1026
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1037
  MFSA 2018-02
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1038
  * CVE-2018-5091 (bmo#1423086)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1039
    Use-after-free with DTMF timers
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1040
  * CVE-2018-5092 (bmo#1418074)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1041
    Use-after-free in Web Workers
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1042
  * CVE-2018-5093 (bmo#1415291)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1043
    Buffer overflow in WebAssembly during Memory/Table resizing
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1044
  * CVE-2018-5094 (bmo#1415883)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1045
    Buffer overflow in WebAssembly with garbage collection on
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1046
    uninitialized memory
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1047
  * CVE-2018-5095 (bmo#1418447)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1048
    Integer overflow in Skia library during edge builder allocation
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1049
  * CVE-2018-5097 (bmo#1387427)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1050
    Use-after-free when source document is manipulated during XSLT
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1051
  * CVE-2018-5098 (bmo#1399400)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1052
    Use-after-free while manipulating form input elements
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1053
  * CVE-2018-5099 (bmo#1416878)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1054
    Use-after-free with widget listener
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1055
  * CVE-2018-5100 (bmo#1417405)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1056
    Use-after-free when IsPotentiallyScrollable arguments are freed
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1057
    from memory
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1058
  * CVE-2018-5101 (bmo#1417661)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1059
    Use-after-free with floating first-letter style elements
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1060
  * CVE-2018-5102 (bmo#1419363)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1061
    Use-after-free in HTML media elements
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1062
  * CVE-2018-5103 (bmo#1423159)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1063
    Use-after-free during mouse event handling
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1064
  * CVE-2018-5104 (bmo#1425000)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1065
    Use-after-free during font face manipulation
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1066
  * CVE-2018-5105 (bmo#1390882)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1067
    WebExtensions can save and execute files on local file system
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1068
    without user prompts
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1069
  * CVE-2018-5106 (bmo#1408708)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1070
    Developer Tools can expose style editor information cross-origin
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1071
    through service worker
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1072
  * CVE-2018-5107 (bmo#1379276)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1073
    Printing process will follow symlinks for local file access
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1074
  * CVE-2018-5108 (bmo#1421099)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1075
    Manually entered blob URL can be accessed by subsequent private browsing tabs
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1076
  * CVE-2018-5109 (bmo#1405599)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1077
    Audio capture prompts and starts with incorrect origin attribution
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1078
  * CVE-2018-5110 (bmo#1423275) (affects only OS X)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1079
    Cursor can be made invisible on OS X
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1080
  * CVE-2018-5111 (bmo#1321619)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1081
    URL spoofing in addressbar through drag and drop
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1082
  * CVE-2018-5112 (bmo#1425224)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1083
    Extension development tools panel can open a non-relative URL in the panel
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1084
  * CVE-2018-5113 (bmo#1425267)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1085
    WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1086
  * CVE-2018-5114 (bmo#1421324)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1087
    The old value of a cookie changed to HttpOnly remains accessible to scripts
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1088
  * CVE-2018-5115 (bmo#1409449)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1089
    Background network requests can open HTTP authentication in unrelated foreground tabs
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1090
  * CVE-2018-5116 (bmo#1396399)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1091
    WebExtension ActiveTab permission allows cross-origin frame content access
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1092
  * CVE-2018-5117 (bmo#1395508)
963c89cda54b update to 58.0 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1023
diff changeset
  1093
    URL spoofing with right-to-left text aligned left-to-right
963c89cda54b update to 58.0 final