MozillaFirefox/MozillaFirefox.changes
author Wolfgang Rosenauer <wr@rosenauer.org>
Wed, 27 May 2020 09:13:22 +0200
branchfirefox76
changeset 1126 6b7cd9ae087d
parent 1125 3fd9346c90a6
child 1127 d5b284f833d5
permissions -rw-r--r--
76.0.1 + build changes
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1108
33b03cfb3747 bugfixes, improvements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1107
diff changeset
     1
-------------------------------------------------------------------
1126
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
     2
Wed May 13 12:21:13 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
     3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
     4
- change again _constraints for ppc64le use <physicalmemory>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
     5
  and increase limit_build in spec file to reduce max_jobs.
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
     6
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
     7
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
     8
Sat May  9 11:45:39 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
     9
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    10
- Mozilla Firefox 76.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    11
  * Fixed a bug causing some add-ons such as Amazon Assistant to see
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    12
    multiple onConnect events, impairing functionality (bmo#1635637)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    13
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    14
-------------------------------------------------------------------
1125
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
    15
Fri May  1 11:59:58 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
    16
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
    17
- Mozilla Firefox 76.0
1126
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    18
  * Lockwise improvements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    19
  * Improvements in Picture-in-Picture feature
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    20
  * Support Audio Worklets
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    21
  MFSA-2020-16 (bsc#1171186)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    22
  * CVE-2020-12387 (bmo#1545345)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    23
    Use-after-free during worker shutdown
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    24
  * CVE-2020-12388 (bmo#1618911)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    25
    Sandbox escape with improperly guarded Access Tokens
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    26
  * CVE-2020-12389 (bmo#1554110)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    27
    Sandbox escape with improperly separated process types
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    28
  * CVE-2020-6831 (bmo#1632241)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    29
    Buffer overflow in SCTP chunk input validation
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    30
  * CVE-2020-12390 (bmo#1141959)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    31
    Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    32
  * CVE-2020-12391 (bmo#1457100)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    33
    Content-Security-Policy bypass using object elements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    34
  * CVE-2020-12392 (bmo#1614468)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    35
    Arbitrary local file access with 'Copy as cURL'
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    36
  * CVE-2020-12393 (bmo#1615471)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    37
    Devtools' 'Copy as cURL' feature did not fully escape
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    38
    website-controlled data, potentially leading to command injection
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    39
  * CVE-2020-12394 (bmo#1628288)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    40
    URL spoofing in location bar when unfocussed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    41
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    42
    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    43
    Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    44
  * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    45
    bmo#1622291, bmo#1627644)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
    46
    Memory safety bugs fixed in Firefox 76
1125
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
    47
- requires
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
    48
  * NSS >= 3.51.1
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
    49
  * nasm >= 2.14
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
    50
- removed obsolete patch mozilla-bmo1622013.patch
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
    51
- fix URI creation for KDE file selector integration (boo#1160331)
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
    52
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
    53
-------------------------------------------------------------------
1124
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    54
Tue Apr  7 12:18:27 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    55
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    56
- Mozilla Firefox 75.0
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    57
  * https://www.mozilla.org/en-US/firefox/75.0/releasenotes
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    58
  MFSA 2020-12 (bsc#1168874)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    59
  * CVE-2020-6821 (bmo#1625404)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    60
    Uninitialized memory could be read when using the WebGL
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    61
    copyTexSubImage method
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    62
  * CVE-2020-6822 (bmo#1544181)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    63
    Out of bounds write in GMPDecodeData when processing large images
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    64
  * CVE-2020-6823 (bmo#1614919)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    65
    Malicious Extension could obtain auth codes from OAuth login flows
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    66
  * CVE-2020-6824 (bmo#1621853)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    67
    Generated passwords may be identical on the same site between
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    68
    separate private browsing sessions
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    69
  * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    70
    Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    71
  * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488,
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    72
    bmo#1619229,bmo#1620719,bmo#1624897)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    73
    Memory safety bugs fixed in Firefox 75
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    74
- removed obsolete patch
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    75
  mozilla-bmo1609538.patch
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    76
- requires
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    77
  * rust >= 1.41
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    78
  * rust-cbindgen >= 0.13.1
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    79
  * mozilla-nss >= 3.51
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    80
  * nodejs10 >= 10.19
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    81
- fix build issue in libvpx for i586 via mozilla-bmo1622013.patch
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    82
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    83
-------------------------------------------------------------------
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    84
Mon Apr  6 11:19:24 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com>
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    85
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    86
- increase _constraints memory for ppc64le
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    87
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    88
-------------------------------------------------------------------
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    89
Fri Apr  3 15:23:28 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    90
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    91
- Mozilla Firefox 74.0.1
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    92
  MFSA 2020-11 (boo#1168630)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    93
  * CVE-2020-6819 (bmo#1620818)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    94
    Use-after-free while running the nsDocShell destructor
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    95
  * CVE-2020-6820 (bmo#1626728)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    96
    Use-after-free when handling a ReadableStream
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    97
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
    98
-------------------------------------------------------------------
1123
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
    99
Wed Mar 25 07:30:39 UTC 2020 - Marcus Meissner <meissner@suse.com>
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   100
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   101
- mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   102
  to be read, as openssl 1.1.1 FIPS aborts if it cannot access it
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   103
  (bsc#1167132)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   104
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   105
-------------------------------------------------------------------
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   106
Sat Mar  7 08:51:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   107
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   108
- Mozilla Firefox 74.0
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   109
  * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   110
  MFSA 2020-08 (bsc#1166238)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   111
  * CVE-2020-6805 (bmo#1610880)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   112
    Use-after-free when removing data about origins
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   113
  * CVE-2020-6806 (bmo#1612308)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   114
    BodyStream::OnInputStreamReady was missing protections against
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   115
    state confusion
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   116
  * CVE-2020-6807 (bmo#1614971)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   117
    Use-after-free in cubeb during stream destruction
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   118
  * CVE-2020-6808 (bmo#1247968)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   119
    URL Spoofing via javascript: URL
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   120
  * CVE-2020-6809 (bmo#1420296)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   121
    Web Extensions with the all-urls permission could access local
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   122
    files
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   123
  * CVE-2020-6810 (bmo#1432856)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   124
    Focusing a popup while in fullscreen could have obscured the
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   125
    fullscreen notification
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   126
  * CVE-2020-6811 (bmo#1607742)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   127
    Devtools' 'Copy as cURL' feature did not fully escape
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   128
    website-controlled data, potentially leading to command injection
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   129
  * CVE-2019-20503 (bmo#1613765)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   130
    Out of bounds reads in sctp_load_addresses_from_init
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   131
  * CVE-2020-6812 (bmo#1616661)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   132
    The names of AirPods with personally identifiable information
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   133
    were exposed to websites with camera or microphone permission
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   134
  * CVE-2020-6813 (bmo#1605814)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   135
    @import statements in CSS could bypass the Content Security
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   136
    Policy nonce feature
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   137
  * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   138
    bmo#1614339)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   139
    Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   140
  * CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457,
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   141
    bmo#1612431)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   142
    Memory and script safety bugs fixed in Firefox 74
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   143
- requires
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   144
  * NSPR 4.25
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   145
  * NSS 3.50
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   146
  * rust-cbindgen 0.13.0
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   147
- removed obsolete patches
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   148
  mozilla-bmo1610814.patch
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   149
  mozilla-cubeb-noreturn.patch
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   150
- add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   151
  (bmo#1609538, boo#1166471)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   152
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   153
-------------------------------------------------------------------
1122
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   154
Wed Feb 26 08:12:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   155
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   156
- big endian fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   157
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   158
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   159
Tue Feb 25 14:17:00 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   160
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   161
- Fix build on aarch64/armv7 with:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   162
  * mozilla-bmo1610814.patch (boo#1164845, bmo#1610814)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   163
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   164
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   165
Thu Feb 20 13:40:59 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   166
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   167
- Mozilla Firefox 73.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   168
  * Resolved problems connecting to the RBC Royal Bank website
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   169
    (bmo#1613943)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   170
  * Fixed Firefox unexpectedly exiting when leaving Print Preview mode
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   171
    (bmo#1611133)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   172
  * Fixed crashes when playing encrypted content on some Linux systems
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   173
    (bmo#1614535, boo#1164646)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   174
- start in wayland mode when running under wayland session
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   175
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   176
-------------------------------------------------------------------
1121
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   177
Sun Feb  9 07:45:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   178
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   179
- Mozilla Firefox 73.0
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   180
  * Added support for setting a default zoom level applicable for all
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   181
    web content
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   182
  * High-contrast mode has been updated to allow background images
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   183
  * Improved audio quality when playing back audio at a faster or
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   184
    slower speed
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   185
  * Added NextDNS as alternative option for DNS over HTTPS
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   186
  MFSA 2020-05 (bsc#1163368)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   187
  * CVE-2020-6796 (bmo#1610426)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   188
    Missing bounds check on shared memory read in the parent process
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   189
  * CVE-2020-6797 (bmo#1596668) (MacOS X only)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   190
    Extensions granted downloads.open permission could open arbitrary
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   191
    applications on Mac OSX
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   192
  * CVE-2020-6798 (bmo#1602944)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   193
    Incorrect parsing of template tag could result in JavaScript injection
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   194
  * CVE-2020-6799 (bmo#1606596) (Windows only)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   195
    Arbitrary code execution when opening pdf links from other
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   196
    applications, when Firefox is configured as default pdf reader
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   197
  * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   198
    bmo#1608580,bmo#1608785,bmo#1605777)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   199
    Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   200
  * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   201
    Memory safety bugs fixed in Firefox 73
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   202
- updated requirements
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   203
  * rust >= 1.39
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   204
  * NSS >= 3.49.2
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   205
  * rust-cbindgen >= 0.12.0
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   206
- rebased patches
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   207
- removed obsolete patch
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   208
  * mozilla-bmo1601707.patch
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   209
- switched to cairo-gtk3-wayland build
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   210
  (to fully enable wayland MOZ_ENABLE_WAYLAND=1 needs to be set)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   211
- disabled elfhack due to failing packager
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   212
  https://github.com/openSUSE/firefox-maintenance/issues/28
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   213
- disabled PGO due to build failure
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   214
  https://github.com/openSUSE/firefox-maintenance/issues/29
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   215
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   216
-------------------------------------------------------------------
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   217
Tue Jan 28 07:30:16 UTC 2020 - Stasiek Michalski <stasiek@michalski.cc>
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   218
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   219
- Use a symbolic icon from branding internals
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   220
- Pixmaps no longer required for the desktops
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   221
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   222
-------------------------------------------------------------------
1120
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   223
Wed Jan 22 10:30:21 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   224
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   225
- Mozilla Firefox 72.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   226
  * Various stability fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   227
  * Fixed issues opening files with spaces in their path (bmo#1601905)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   228
  * Fixed a hang opening about:logins when a master password is set
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   229
    (bmo#1606992)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   230
  * Fixed a web compatibility issue with CSS Shadow Parts which
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   231
    shipped in Firefox 72 (bmo#1604989)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   232
  * Fixed inconsistent playback performance for fullscreen 1080p
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   233
    videos on some systems (bmo#1608485)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   234
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   235
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   236
Tue Jan 21 12:59:54 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   237
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   238
- Fix build for aarch64/ppc64le (do not update config.sub file
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   239
  for libbacktrace)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   240
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   241
-------------------------------------------------------------------
1119
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   242
Wed Jan  8 08:19:12 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   243
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   244
- Mozilla Firefox 72.0.1
1120
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   245
  MFSA 2020-03 (bsc#1160498)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   246
  * CVE-2019-17026 (bmo#1607443)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   247
    IonMonkey type confusion with StoreElementHole and FallibleStoreElement
1119
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   248
- Mozilla Firefox 72.0
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   249
  * block fingerprinting scripts by default
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   250
  * new notification pop-ups
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   251
  * Picture-in-picture video
1120
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   252
  MFSA 2020-01 (bsc#1160305)
1119
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   253
  * CVE-2019-17016 (bmo#1599181)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   254
    Bypass of @namespace CSS sanitization during pasting
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   255
  * CVE-2019-17017 (bmo#1603055)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   256
    Type Confusion in XPCVariant.cpp
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   257
  * CVE-2019-17020 (bmo#1597645)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   258
    Content Security Policy not applied to XSL stylesheets applied
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   259
    to XML documents
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   260
  * CVE-2019-17022 (bmo#1602843)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   261
    CSS sanitization does not escape HTML tags
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   262
  * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   263
    NSS may negotiate TLS 1.2 or below after a TLS 1.3
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   264
    HelloRetryRequest had been sent
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   265
  * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   266
    Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   267
  * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   268
    bmo#1595692,bmo#1597321,bmo#1597481)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   269
    Memory safety bugs fixed in Firefox 72
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   270
- update create-tar.sh to skip compare-locales
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   271
- requires NSPR 4.24 and NSS 3.48
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   272
- removed usage of browser-plugins convention for NPAPI plugins
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   273
  from start wrapper and changed the RPM macro to the
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   274
  /usr/$LIB/mozilla/plugins location (boo#1160302)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   275
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   276
-------------------------------------------------------------------
1117
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   277
Mon Dec  2 08:24:05 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   278
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   279
- Mozilla Firefox 71.0
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   280
  * Improvements to Lockwise, our integrated password manager
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   281
  * More information about Enhanced Tracking Protection in action
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   282
  * Native MP3 decoding on Windows, Linux, and macOS
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   283
  * Configuration page (about:config) reimplemented in HTML
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   284
  * New kiosk mode functionality, which allows maximum screen space
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   285
    for customer-facing displays
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   286
  MFSA 2019-36
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   287
  * CVE-2019-11756 (bmo#1508776)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   288
    Use-after-free of SFTKSession object
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   289
  * CVE-2019-17008 (bmo#1546331)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   290
    Use-after-free in worker destruction
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   291
  * CVE-2019-13722 (bmo#1580156) (Windows only)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   292
    Stack corruption due to incorrect number of arguments in WebRTC code
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   293
  * CVE-2019-17014 (bmo#1322864)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   294
    Dragging and dropping a cross-origin resource, incorrectly loaded
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   295
    as an image, could result in information disclosure
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   296
  * CVE-2019-17010 (bmo#1581084)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   297
    Use-after-free when performing device orientation checks
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   298
  * CVE-2019-17005 (bmo#1584170)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   299
    Buffer overflow in plain text serializer
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   300
  * CVE-2019-17011 (bmo#1591334)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   301
    Use-after-free when retrieving a document in antitracking
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   302
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   303
    bmo#1580288, bmo#1585760, bmo#1592502)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   304
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   305
  * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   306
    bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   307
    bmo#1594181)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   308
    Memory safety bugs fixed in Firefox 71
1114
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   309
- requires
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   310
  NSPR >= 4.23
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   311
  NSS >= 3.47.1
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   312
  rust/cargo >= 1.37
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   313
- reactivate webrtc for platforms where it was disabled
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   314
- updated create-tar.sh to cover buildid and origin repo information
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   315
  -> removed obsolete source-stamp.txt
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   316
- removed obsolete patches
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   317
  mozilla-bmo1511604.patch
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   318
  mozilla-openaes-decl.patch
1117
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   319
- changed locale building procedure
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   320
  * removed obsolete compare-locales.tar.xz
1118
27c3f029180a latest 71.0 revision
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1117
diff changeset
   321
- added mozilla-bmo1601707.patch to fix gcc/LTO builds
27c3f029180a latest 71.0 revision
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1117
diff changeset
   322
  (bmo#1601707, boo#1158466)
1117
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   323
- added mozilla-bmo849632.patch to fix big endian issues in skia
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   324
  used for WebGL
1114
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   325
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   326
-------------------------------------------------------------------
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   327
Fri Nov  1 14:16:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   328
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   329
- Mozilla Firefox 70.0.1
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   330
  * Fix for an issue that caused some websites or page elements using
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   331
    dynamic JavaScript to fail to load. (bmo#1592136)
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   332
  * Title bar no longer shows in full screen view (bmo#1588747)
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   333
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   334
  big endian platforms
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   335
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   336
-------------------------------------------------------------------
1112
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   337
Sun Oct 20 20:19:31 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   338
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   339
- Mozilla Firefox 70.0
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   340
  * more privacy protections from Enhanced Tracking Protection
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   341
  * Firefox Lockwise passwordmanager
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   342
  * Improvements to core engine components, for better browsing on more sites
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   343
  * Improved privacy and security indicators
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   344
  MFSA 2019-34
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   345
  * CVE-2018-6156 (bmo#1480088)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   346
    Heap buffer overflow in FEC processing in WebRTC
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   347
  * CVE-2019-15903 (bmo#1584907)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   348
    Heap overflow in expat library in XML_GetCurrentLineNumber
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   349
  * CVE-2019-11757 (bmo#1577107)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   350
    Use-after-free when creating index updates in IndexedDB
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   351
  * CVE-2019-11759 (bmo#1577953)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   352
    Stack buffer overflow in HKDF output
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   353
  * CVE-2019-11760 (bmo#1577719)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   354
    Stack buffer overflow in WebRTC networking
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   355
  * CVE-2019-11761 (bmo#1561502)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   356
    Unintended access to a privileged JSONView object
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   357
  * CVE-2019-11762 (bmo#1582857)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   358
    document.domain-based origin isolation has same-origin-property violation
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   359
  * CVE-2019-11763 (bmo#1584216)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   360
    Incorrect HTML parsing results in XSS bypass technique
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   361
  * CVE-2019-11765 (bmo#1562582)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   362
    Incorrect permissions could be granted to a website
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   363
  * CVE-2019-17000 (bmo#1441468)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   364
    CSP bypass using object tag with data: URI
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   365
  * CVE-2019-17001 (bmo#1587976)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   366
    CSP bypass using object tag when script-src 'none' is specified
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   367
  * CVE-2019-17002 (bmo#1561056)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   368
    upgrade-insecure-requests was not being honored for links dragged and dropped
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   369
  * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   370
    bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845, bmo#1581950,
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   371
    bmo#1583463, bmo#1586599)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   372
    Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   373
- requires
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   374
    rust/cargo >= 1.36
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   375
    NSPR >= 4.22
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   376
    NSS >= 3.46.1
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   377
    rust-cbindgen >= 0.9.1
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   378
- removed obsolete patches
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   379
    mozilla-bmo1573381.patch
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   380
    mozilla-nestegg-big-endian.patch
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   381
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   382
-------------------------------------------------------------------
1111
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   383
Sun Oct 13 08:58:12 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   384
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   385
- Mozilla Firefox 69.0.3
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   386
  * Fixed Yahoo mail users being prompted to download files when
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   387
    clicking on emails (bmo#1582848)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   388
- devel package build can easily be disabled now
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   389
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   390
-------------------------------------------------------------------
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   391
Thu Oct  3 08:40:05 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   392
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   393
- Mozilla Firefox 69.0.2
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   394
  * Fixed a crash when editing files on Office 365 websites (bmo#1579858)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   395
  * Fixed a Linux-only crash when changing the playback speed while
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   396
    watching YouTube videos (bmo#1582222)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   397
- updated supported locale list
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   398
- Allow to build without profile guided optimizations (boo#1040589)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   399
  (contributed by Bernhard Wiedemann)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   400
- Make build verbose (contributed by Martin Liška)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   401
- remove obsolete kde.js setting (boo#1151186) and related patch
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   402
  firefox-add-kde.js-in-order-to-survive-PGO-build.patch
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   403
- update create-tar.sh to latest revision and adjusted tar_stamps
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   404
- add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   405
- extension preferences moved from branding package to core package
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   406
  (packaging but not branding specific)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   407
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   408
-------------------------------------------------------------------
1110
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   409
Thu Sep 19 13:31:16 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   410
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   411
- Mozilla Firefox 69.0.1
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   412
  * Fixed external programs launching in the background when clicking
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   413
    a link from inside Firefox to launch them (bmo#1570845)
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   414
  * Usability improvements to the Add-ons Manager for users with
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   415
    screen readers (bmo#1567600)
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   416
  * Fixed the Captive Portal notification bar not being dismissable
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   417
    in some situations after login is complete (bmo#1578633)
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   418
  * Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454)
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   419
  * Fixed missing stacks in the Developer Tools Performance section
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   420
    (bmo#1578354)
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   421
  MFSA 2019-31
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   422
  * CVE-2019-11754 (bmo#1580506)
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   423
    Pointer Lock is enabled with no user notification
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   424
- disable DOH by default
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   425
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   426
-------------------------------------------------------------------
1106
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   427
Thu Sep  5 13:02:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   428
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   429
- Mozilla Firefox 69.0
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   430
  * Enhanced Tracking Protection (ETP) for stronger privacy protections
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   431
  * Block Autoplay feature is enhanced to give users the option to block
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   432
    any video
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   433
  * Users in the US or using the en-US browser, can get a new “New Tab”
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   434
    page experience connecting to the best of Pocket's content.
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   435
  * Support for the Web Authentication HmacSecret extension via
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   436
    Windows Hello introduced.
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   437
  * Support for receiving multiple video codecs with this release makes
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   438
    it easier for WebRTC conferencing services to mix video from
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   439
    different clients.
1107
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   440
  MFSA 2019-25 (boo#1149324)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   441
  * CVE-2019-11741 (bmo#1539595)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   442
    Isolate addons.mozilla.org and accounts.firefox.com
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   443
  * CVE-2019-5849 (bmo#1555838)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   444
    Out-of-bounds read in Skia
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   445
  * CVE-2019-11737 (bmo#1388015)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   446
    Content security policy directives ignore port and path if host is a wildcard
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   447
  * CVE-2019-11734 (bmo#1352875,bmo#1536227,bmo#1557208,bmo#1560641)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   448
    Memory safety bugs fixed in Firefox 69
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   449
  * CVE-2019-11735 (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   450
    bmo#1565744,bmo#1568858,bmo#1570358)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   451
    Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   452
  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   453
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
1106
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   454
- requires
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   455
  * rust/cargo >= 1.35
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   456
  * rust-cbindgen >= 0.9.0
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   457
  * mozilla-nss >= 3.45
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   458
- rebased patches
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   459
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   460
-------------------------------------------------------------------
1101
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   461
Wed Sep  4 15:38:40 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   462
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   463
- added a bunch of patches mainly for big endian platforms
1109
972f68ac6b1a Firefox 69.0 as released to Factory/Tumbleweed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1108
diff changeset
   464
  * mozilla-bmo1504834-part1.patch
972f68ac6b1a Firefox 69.0 as released to Factory/Tumbleweed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1108
diff changeset
   465
  * mozilla-bmo1504834-part2.patch
972f68ac6b1a Firefox 69.0 as released to Factory/Tumbleweed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1108
diff changeset
   466
  * mozilla-bmo1504834-part3.patch
1101
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   467
  * mozilla-bmo1511604.patch
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   468
  * mozilla-bmo1554971.patch
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   469
  * mozilla-bmo1573381.patch
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   470
  * mozilla-nestegg-big-endian.patch
1110
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   471
  * mozilla-bmo1512162.patch
1101
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   472
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   473
-------------------------------------------------------------------
1099
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   474
Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   475
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   476
- Mozilla Firefox 68.1.0
1100
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   477
  MFSA 2019-26
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   478
  * CVE-2019-11751 (bmo#1572838; Windows only)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   479
    Malicious code execution through command line parameters
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   480
  * CVE-2019-11746 (bmo#1564449)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   481
    Use-after-free while manipulating video
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   482
  * CVE-2019-11744 (bmo#1562033)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   483
    XSS by breaking out of title and textarea elements using innerHTML
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   484
  * CVE-2019-11742 (bmo#1559715)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   485
    Same-origin policy violation with SVG filters and canvas to steal
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   486
    cross-origin images
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   487
  * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   488
    File manipulation and privilege escalation in Mozilla Maintenance Service
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   489
  * CVE-2019-11753 (bmo#1574980; Windows only)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   490
    Privilege escalation with Mozilla Maintenance Service in custom
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   491
    Firefox installation location
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   492
  * CVE-2019-11752 (bmo#1501152)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   493
    Use-after-free while extracting a key value in IndexedDB
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   494
  * CVE-2019-9812 (bmo#1538008, bmo#1538015)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   495
    Sandbox escape through Firefox Sync
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   496
  * CVE-2019-11743 (bmo#1560495)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   497
    Cross-origin access to unload event attributes
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   498
  * CVE-2019-11748 (bmo#1564588)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   499
    Persistence of WebRTC permissions in a third party context
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   500
  * CVE-2019-11749 (bmo#1565374)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   501
    Camera information available without prompting using getUserMedia
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   502
  * CVE-2019-11750 (bmo#1568397)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   503
    Type confusion in Spidermonkey
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   504
  * CVE-2019-11738 (bmo#1452037)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   505
    Content security policy bypass through hash-based sources in directives
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   506
  * CVE-2019-11747 (bmo#1564481)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   507
    'Forget about this site' removes sites from pre-loaded HSTS list
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   508
  * CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   509
    bmo#1565744,bmo#1568858,bmo#1570358)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   510
    Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   511
  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   512
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   513
- switched package to ESR branch
1099
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   514
- added mozilla-bmo1568145.patch to make builds reproducible
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   515
- removed upstreamed patch mozilla-gcc-internal-compiler-error.patch
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   516
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   517
-------------------------------------------------------------------
1098
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   518
Sun Aug 18 17:29:25 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   519
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   520
- Mozilla Firefox 68.0.2:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   521
  * Fixed a bug causing some special characters to be cut off from
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   522
    the end of the search terms when searching from the URL bar
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   523
    (bmo#1560228)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   524
  * Allow fonts to be loaded via file:// URLs when opening a page
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   525
    locally (bmo#1565942)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   526
  * Printing emails from the Outlook web app no longer prints only
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   527
    the header and footer (bmo#1567105)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   528
  * Fixed a bug causing some images not to be displayed on reload,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   529
    including on Google Maps (bmo# 1565542)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   530
  * Fixed an error when starting external applications configured
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   531
    as URI handlers (bmo#1567614)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   532
  MFSA 2019-24 (boo#1145665)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   533
  * CVE-2019-11733: Stored passwords in 'Saved Logins' can be
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   534
    copied without master password entry (bmo#1565780)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   535
- drop fix-build-after-y2038-changes-in-glibc.patch, upstream
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   536
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   537
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   538
Fri Aug 16 16:49:24 UTC 2019 - Jonathan Brielmaier <jbrielmaier@suse.de>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   539
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   540
- Fix crash when typing in the URL bar on ppc64le (bmo#1512162).
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   541
  The upstream patch doesn't resolve the issue on TW, but compiling
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   542
  with -O1 does. Do this until we have a proper fix.
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   543
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   544
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   545
Thu Aug  1 14:25:02 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   546
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   547
- Update build constraints to fix arm builds
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   548
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   549
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   550
Fri Jul 19 08:11:27 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   551
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   552
- Mozilla Firefox 68.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   553
  * Fixed missing Full Screen button when watching videos in full
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   554
    screen mode on HBO GO (bmo#1562837)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   555
  * Fixed a bug causing incorrect messages to appear for some
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   556
    locales when sites try to request the use of the Storage
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   557
    Access API (bmo#1558503)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   558
  * Users in Russian regions may have their default search engine
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   559
    changed (bmo#1565315)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   560
  * Built-in search engines in some locales do not function
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   561
    correctly (bmo#1565779)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   562
  * SupportMenu policy doesn't always work (bmo#1553290)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   563
  * Allow the privacy.file_unique_origin pref to be controlled by
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   564
    policy (bmo#1563759)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   565
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   566
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   567
Thu Jul 11 10:51:39 UTC 2019 - Jiri Slaby <jslaby@suse.com>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   568
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   569
- add fix-build-after-y2038-changes-in-glibc.patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   570
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   571
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   572
Wed Jul 10 13:47:41 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   573
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   574
- Generate langpacks sequentially to avoid file corruption
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   575
  from racy file writes (boo#1137970)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   576
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   577
-------------------------------------------------------------------
1097
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   578
Mon Jul  8 13:30:35 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   579
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   580
- Mozilla Firefox 68.0
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   581
  * Dark mode in reader view
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   582
  * Improved extension security and discovery
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   583
  * Cryptomining and fingerprinting protections are added to strict
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   584
    content blocking settings in Privacy & Security preferences
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   585
  * Camera and microphone access now require an HTTPS connection
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   586
  MFSA 2019-21 (bsc#1140868)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   587
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   588
    Sandbox escape via installation of malicious languagepack
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   589
  * CVE-2019-11711 (bmo#1552541)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   590
    Script injection within domain through inner window reuse
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   591
  * CVE-2019-11712 (bmo#1543804)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   592
    Cross-origin POST requests can be made with NPAPI plugins by
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   593
    following 308 redirects
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   594
  * CVE-2019-11713 (bmo#1528481)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   595
    Use-after-free with HTTP/2 cached stream
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   596
  * CVE-2019-11714 (bmo#1542593)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   597
    NeckoChild can trigger crash when accessed off of main thread
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   598
  * CVE-2019-11729 (bmo#1515342)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   599
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   600
  * CVE-2019-11715 (bmo#1555523)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   601
    HTML parsing error can contribute to content XSS
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   602
  * CVE-2019-11716 (bmo#1552632)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   603
    globalThis not enumerable until accessed
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   604
  * CVE-2019-11717 (bmo#1548306)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   605
    Caret character improperly escaped in origins
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   606
  * CVE-2019-11718 (bmo#1408349)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   607
    Activity Stream writes unsanitized content to innerHTML
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   608
  * CVE-2019-11719 (bmo#1540541)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   609
    Out-of-bounds read when importing curve25519 private key
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   610
  * CVE-2019-11720 (bmo#1556230)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   611
    Character encoding XSS vulnerability
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   612
  * CVE-2019-11721 (bmo#1256009)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   613
    Domain spoofing through unicode latin 'kra' character
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   614
  * CVE-2019-11730 (bmo#1558299)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   615
    Same-origin policy treats all files in a directory as having the
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   616
    same-origin
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   617
  * CVE-2019-11723 (bmo#1528335)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   618
    Cookie leakage during add-on fetching across private browsing boundaries
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   619
  * CVE-2019-11724 (bmo#1512511)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   620
    Retired site input.mozilla.org has remote troubleshooting permissions
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   621
  * CVE-2019-11725 (bmo#1483510)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   622
    Websocket resources bypass safebrowsing protections
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   623
  * CVE-2019-11727 (bmo#1552208)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   624
    PKCS#1 v1.5 signatures can be used for TLS 1.3
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   625
  * CVE-2019-11728 (bmo#1552993)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   626
    Port scanning through Alt-Svc header
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   627
  * CVE-2019-11710 (bmo#1549768, bmo#1548611, bmo#1533842, bmo#1537692,
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   628
    bmo#1540590, bmo#1551907, bmo#1510345, bmo#1535482, bmo#1535848,
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   629
    bmo#1547472, bmo#1547760, bmo#1507696, bmo#1544180)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   630
    Memory safety bugs fixed in Firefox 68
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   631
  * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   632
    bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   633
    Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   634
- requires
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   635
  * NSS 3.44.1
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   636
  * rust/cargo 1.34
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   637
  * rust-cbindgen 0.8.7
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   638
- rebased patches
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   639
  * mozilla-aarch64-startup-crash.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   640
  * mozilla-kde.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   641
  * mozilla-nongnome-proxies.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   642
  * firefox-kde.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   643
- use new create-tar.sh and add tar_stamps for package definitions
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   644
- added patches imported from SLE flavour
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   645
  * mozilla-gcc-internal-compiler-error.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   646
  * mozilla-bmo1005535.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   647
  * mozilla-ppc-altivec_static_inline.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   648
  * mozilla-reduce-rust-debuginfo.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   649
  * mozilla-s390-bigendian.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   650
  * mozilla-s390-context.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   651
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   652
-------------------------------------------------------------------
1096
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   653
Mon Jul  2 14:15:17 UTC 2019 - Martin Liška <mliska@suse.cz>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   654
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   655
- Enable PGO for x86_64.
1098
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   656
  * added firefox-add-kde.js-in-order-to-survive-PGO-build.patch
1096
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   657
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   658
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   659
Thu Jun 20 06:20:59 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   660
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   661
- Mozilla Firefox 67.0.4
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   662
  MFSA 2019-19 (boo#1138872)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   663
  * CVE-2019-11708 (bmo#1559858)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   664
    sandbox escape using Prompt:Open
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   665
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   666
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   667
Tue Jun 18 18:36:15 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   668
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   669
- Mozilla Firefox 67.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   670
  MFSA 2019-18 (boo#1138614)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   671
  * CVE-2019-11707 (bmo#1544386)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   672
    Type confusion in Array.pop
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   673
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   674
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   675
Thu Jun 12 14:56:32 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   676
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   677
- Mozilla Firefox 67.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   678
  * Fixed: Fix JavaScript error ("TypeError: data is null in
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   679
    PrivacyFilter.jsm") in console which may significantly degrade
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   680
    sessionstore reliability and performance (bmo#1553413)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   681
  * Fixed: Proxy authentication dialog box repeatedly pops up
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   682
    asking to authenticate after upgrading to Firefox 67 (bmo#1548804)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   683
  * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   684
    implementation (bmo#1551282)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   685
  * Fixed: Starting in safe mode on Linux or macOS causes Firefox
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   686
    to think on the subsequent launch that the profile is too
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   687
    recent to be used with this version of Firefox (bmo#1556612)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   688
  * Fixed: Linux distribution users can't easily install/use
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   689
    additional/different languages using the built-in preferences
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   690
    UI (bmo#1554744)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   691
  * Fixed: Developer tools users can't copy the href/src content
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   692
    from various HTML tags via the context menu in the Inspector
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   693
    markup view (bmo#1552275)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   694
  * Fixed: Custom home page is broken with clearing data on shutdown
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   695
    settings applied (bmo#1554167)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   696
  * Fixed: Performance-regression for eclipse RAP based applications
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   697
    (bmo#1555962)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   698
  * Fixed: macOS 10.15 crash fix (bmo#1556076)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   699
  * Fixed: Can't start two downloads in parallel via <a download>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   700
    anymore (bmo#1542912)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   701
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   702
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   703
Thu Jun  6 06:49:51 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   704
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   705
- Mozilla Firefox 67.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   706
  * enable enhanced tracking protection by default for new users
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   707
  * upgrade of Facebook container to version 2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   708
  * new version of Firefox Lockwise (password management)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   709
  * new version of Firefox Monitor
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   710
  * Firefox Send improvements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   711
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   712
-------------------------------------------------------------------
1094
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   713
Sun May 19 20:40:30 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
1093
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   714
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   715
- Mozilla Firefox 67.0
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   716
  * Firefox 67 will be able to run different Firefox installs side by side
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   717
    https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   718
  * Tabs can now be pinned from the Page Actions menu in the address bar
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   719
  * Users can block known cryptominers and fingerprinters in the
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   720
    Custom settings or their Content Blocking preferences
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   721
  * The Import Data from Another Browser feature is now also available
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   722
    from the File menu
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   723
  * Firefox will now protect you against running older versions which
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   724
    can lead to data corruption and stability issues
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   725
  * Easier access to your list of saved logins from the main menu and
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   726
    login autocomplete
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   727
  * We’ve added a toolbar menu for your Firefox Account to provide more
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   728
    transparency for when you are synced, sharing data across devices
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   729
    and with Firefox. Personalize the appearance of the menu with your
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   730
    own avatar
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   731
  * Enable FIDO U2F API, and permit registrations for Google Accounts
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   732
  * Enabled AV1 support on Linux
1096
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   733
  MFSA 2019-13 (boo#1135824)
1094
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   734
  * CVE-2019-9815 (bmo#1546544)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   735
    Disable hyperthreading on content JavaScript threads on macOS
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   736
  * CVE-2019-9816 (bmo#1536768)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   737
    Type confusion with object groups and UnboxedObjects
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   738
  * CVE-2019-9817 (bmo#1540221)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   739
    Stealing of cross-domain images using canvas
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   740
  * CVE-2019-9818 (bmo#1542581) (Windows only)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   741
    Use-after-free in crash generation server
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   742
  * CVE-2019-9819 (bmo#1532553)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   743
    Compartment mismatch with fetch API
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   744
  * CVE-2019-9820 (bmo#1536405)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   745
    Use-after-free of ChromeEventHandler by DocShell
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   746
  * CVE-2019-9821 (bmo#1539125)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   747
    Use-after-free in AssertWorkerThread
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   748
  * CVE-2019-11691 (bmo#1542465)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   749
    Use-after-free in XMLHttpRequest
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   750
  * CVE-2019-11692 (bmo#1544670)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   751
    Use-after-free removing listeners in the event listener manager
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   752
  * CVE-2019-11693 (bmo#1532525)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   753
    Buffer overflow in WebGL bufferdata on Linux
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   754
  * CVE-2019-7317 (bmo#1542829)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   755
    Use-after-free in png_image_free of libpng library
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   756
  * CVE-2019-11694 (bmo#1534196) (Windows only)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   757
    Uninitialized memory memory leakage in Windows sandbox
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   758
  * CVE-2019-11695 (bmo#1445844)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   759
    Custom cursor can render over user interface outside of web content
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   760
  * CVE-2019-11696 (bmo#1392955)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   761
    Java web start .JNLP files are not recognized as executable files
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   762
    for download prompts
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   763
  * CVE-2019-11697 (bmo#1440079)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   764
    Pressing key combinations can bypass installation prompt delays and
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   765
    install extensions
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   766
  * CVE-2019-11698 (bmo#1543191)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   767
    Theft of user history data through drag and drop of hyperlinks
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   768
    to and from bookmarks
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   769
  * CVE-2019-11700 (bmo#1549833) (Windows only)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   770
    res: protocol can be used to open known local files
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   771
  * CVE-2019-11699 (bmo#1528939)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   772
    Incorrect domain name highlighting during page navigation
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   773
  * CVE-2019-11701 (bmo#1518627)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   774
    webcal: protocol default handler loads vulnerable web page
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   775
  * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   776
    bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   777
    Memory safety bugs fixed in Firefox 67
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   778
  * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   779
    bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   780
    bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   781
    bmo#1532465, bmo#1533554, bmo#1541580)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   782
    Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
1093
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   783
- requires
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   784
  * rust/cargo >= 1.32
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   785
  * mozilla-nspr >= 4.21
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   786
  * mozilla-nss >= 3.43
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   787
  * rust-cbindgen >= 0.8.2
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   788
- rebased patches
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   789
- KDE integration for default browser detection is broken in this revision
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   790
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   791
-------------------------------------------------------------------
1094
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   792
Fri May 17 12:04:49 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   793
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   794
- Fix armv7 build with:
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   795
  * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   796
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   797
-------------------------------------------------------------------
1092
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   798
Fri May 10 10:30:05 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   799
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   800
- Mozilla Firefox 66.0.5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   801
  * Fixed: Further improvements to re-enable web extensions which
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   802
    had been disabled for users with a master password set (bmo#1549249)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   803
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   804
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   805
Sun May  5 20:21:02 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   806
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   807
- Mozilla Firefox 66.0.4 (boo#1134126)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   808
  * fix extension certificate chain
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   809
    https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   810
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   811
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   812
Thu Apr 11 09:16:17 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   813
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   814
- Mozilla Firefox 66.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   815
  * Fixed: Address bar on tablets running Windows 10 now behaves
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   816
    correctly (bmo#1498973)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   817
  * Fixed: Performance issues with some HTML5 games (bmo#1537609)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   818
  * Fixed a bug with keypress events in IBM cloud applications
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   819
    (bmo#1538970)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   820
  * Fix for keypress events in some Microsoft cloud applications
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   821
    (bmo#1539618)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   822
  * Changed: Updated Baidu search plugin
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   823
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   824
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   825
Thu Mar 28 19:01:41 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   826
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   827
- Mozilla Firefox 66.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   828
  * Fixed Web compatibility issues with Office 365, iCloud and
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   829
    IBM WebMail caused by recent changes to the handling of
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   830
    keyboard events (bmo#1538966)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   831
  * Crash fixes (bmo#1521370, bmo#1539118)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   832
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   833
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   834
Thu Mar 28 09:58:36 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   835
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   836
- Add patch to fix aarch64 build:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   837
  * mozilla-fix-aarch64-libopus.patch (bmo#1539737)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   838
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   839
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   840
Fri Mar 22 22:22:08 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   841
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   842
- Mozilla Firefox 66.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   843
  MFSA 2019-09 (bsc#1130262)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   844
  * CVE-2019-9810 (bmo#1537924)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   845
    IonMonkey MArraySlice has incorrect alias information
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   846
  * CVE-2019-9813 (bmo#1538006)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   847
    Ionmonkey type confusion with __proto__ mutations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   848
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   849
-------------------------------------------------------------------
1089
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   850
Sun Mar 17 10:08:51 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   851
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   852
- Mozilla Firefox 66.0
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   853
  * Increased content processes to 8
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   854
  * Added capability to search through open tabs from the tab overflow menu
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   855
  * New backend for the storage.local WebExtensions API, providing
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   856
    I/O performance improvements when the extension updates a small
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   857
    subset of the stored data
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   858
  * WebExtension keyboard shortcuts can now be managed or overridden
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   859
    from about:addons
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   860
  * Improved scrolling behavior: Firefox will now attempt to keep content
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   861
    from jumping around while a page is loading by supporting scroll
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   862
    anchoring
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   863
  * New about:privatebrowsing with search
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   864
  * A certificate error page now notifies the user of the name of the
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   865
    certificate issuer that breaks HTTPs connections on intercepted
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   866
    connections to help troubleshooting possible anti-virus software
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   867
    issues.
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   868
  * Fixed an performance issue some Linux users experienced with the
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   869
    Downloads panel (bmo#1517101)
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   870
  * Firefox now blocks all autoplay media with sound by default. Users
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   871
    can add individual sites to an exceptions list or turn the blocking
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   872
    off.
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   873
  * System title bar is hidden by default to match Gnome guideline
1092
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   874
  MFSA 2019-07 (bsc#1129821)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   875
  * CVE-2019-9790 (bmo#1525145)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   876
    Use-after-free when removing in-use DOM elements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   877
  * CVE-2019-9791 (bmo#1530958)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   878
    Type inference is incorrect for constructors entered through on-stack
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   879
    replacement with IonMonkey
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   880
  * CVE-2019-9792 (bmo#1532599)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   881
    IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   882
  * CVE-2019-9793 (bmo#1528829)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   883
    Improper bounds checks when Spectre mitigations are disabled
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   884
  * CVE-2019-9794 (bmo#1530103) (Windows only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   885
    Command line arguments not discarded during execution
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   886
  * CVE-2019-9795 (bmo#1514682)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   887
    Type-confusion in IonMonkey JIT compiler
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   888
  * CVE-2019-9796 (bmo#1531277)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   889
    Use-after-free with SMIL animation controller
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   890
  * CVE-2019-9797 (bmo#1528909)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   891
    Cross-origin theft of images with createImageBitmap
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   892
  * CVE-2019-9798 (bmo#1527534) (Android only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   893
    Library is loaded from world writable APITRACE_LIB location
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   894
  * CVE-2019-9799 (bmo#1505678)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   895
    Information disclosure via IPC channel messages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   896
  * CVE-2019-9801 (bmo#1527717) (Windows only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   897
    Windows programs that are not 'URL Handlers' are exposed to web content
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   898
  * CVE-2019-9802 (bmo#1415508)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   899
    Chrome process information leak
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   900
  * CVE-2019-9803 (bmo#1515863, bmo#1437009)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   901
    Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   902
  * CVE-2019-9804 (bmo#1518026) (MacOS only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   903
    Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   904
  * CVE-2019-9805 (bmo#1521360)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   905
    Potential use of uninitialized memory in Prio
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   906
  * CVE-2019-9806 (bmo#1525267)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   907
    Denial of service through successive FTP authorization prompts
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   908
  * CVE-2019-9807 (bmo#1362050)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   909
    Text sent through FTP connection can be incorporated into alert messages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   910
  * CVE-2019-9809 (bmo#1282430, bmo#1523249)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   911
    Denial of service through FTP modal alert error messages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   912
  * CVE-2019-9808 (bmo#1434634)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   913
    WebRTC permissions can display incorrect origin with data: and blob: URLs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   914
  * CVE-2019-9789 bmo#1520483, bmo#1522987, bmo#1528199, bmo#1519337,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   915
    bmo#1525549, bmo#1516179, bmo#1518524, bmo#1518331, bmo#1526579,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   916
    bmo#1512567, bmo#1524335, bmo#1448505, bmo#1518821
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   917
    Memory safety bugs fixed in Firefox 66
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   918
  * CVE-2019-9788 bmo#1518001, bmo#1521304, bmo#1521214, bmo#1506665,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   919
    bmo#1516834, bmo#1518774, bmo#1524755, bmo#1523362, bmo#1524214, bmo#1529203
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   920
    Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
1089
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   921
- updated build/runtime requirements
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   922
  * mozilla-nss >= 3.42.1
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   923
  * cargo/rust >= 1.31
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   924
  * rust-cbindgen >= 0.6.8
1092
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   925
  * nasm >= 2.13 (new)
1089
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   926
- removed obsolete patch
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   927
  * mozilla-bmo256180.patch
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   928
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   929
-------------------------------------------------------------------
1087
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   930
Tue Mar  5 10:17:01 UTC 2019 - Stephan Kulow <coolo@suse.com>
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   931
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   932
- Do not hardcode nodejs8 but leave the prefer to the distribution
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   933
  (Tumbleweed staging wants to switch to nodejs10)
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   934
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   935
-------------------------------------------------------------------
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   936
Fri Feb 15 13:45:57 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   937
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   938
- Update _constraints to avoid 'no space left' error seen on aarch64
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   939
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   940
-------------------------------------------------------------------
1086
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   941
Wed Feb 13 07:17:28 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   942
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   943
- Mozilla Firefox 65.0.1
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   944
  * Fixed accidental requests to addons.mozilla.org when an addon
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   945
    recommendation doorhanger is shown (bmo#1526387)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   946
  * Improved playback of interactive Netflix videos (bmo#1524500)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   947
  * Fixed incorrect sizing of the "Clear Recent History" window in
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   948
    some situations (bmo#1523696)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   949
  * Fixed audio & video delays while making WebRTC calls
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   950
    (bmo#1521577, bmo#1523817)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   951
  * Fixed video sizing problems during some WebRTC calls (bmo#1520200)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   952
  * Fixed looping CONNECT requests when using WebSockets over HTTP/2
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   953
    from behind a proxy server (bmo#1523427)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   954
  * Fixed the "Enter" key not working on password entry fields for
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   955
    certain Linux distributions (bmo#1523635)
1087
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   956
  MFSA 2019-04 (bsc#1125330)
1086
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   957
  * CVE-2018-18356 bmo#1525817
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   958
    Use-after-free in Skia
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   959
  * CVE-2019-5785 bmo#1525433
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   960
    Integer overflow in Skia
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   961
  * CVE-2018-18511 bmo#1526218
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   962
    Cross-origin theft of images with ImageBitmapRenderingContext
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   963
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   964
-------------------------------------------------------------------
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   965
Wed Feb 13 06:12:43 UTC 2019 - Martin Liška <mliska@suse.cz>
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   966
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   967
- Enable LTO only for latest new toolchain (boo#1125038) for x86_64
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   968
  (with increased memory constraints)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   969
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   970
-------------------------------------------------------------------
1085
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   971
Sat Jan 26 22:37:01 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   972
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   973
- Mozilla Firefox 65.0
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   974
  * Enhanced tracking protection
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   975
  * allow switching of UI locales within preferences
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   976
  * support for the WebP image format
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   977
  * "top"-like about:performance
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   978
  MFSA 2019-01 (bsc#1122983)
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   979
  * CVE-2018-18500 bmo#1510114
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   980
    Use-after-free parsing HTML5 stream
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   981
  * CVE-2018-18503 bmo#1509442
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   982
    Memory corruption with Audio Buffer
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   983
  * CVE-2018-18504 bmo#1496413
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   984
    Memory corruption and out-of-bounds read of texture client
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   985
  * CVE-2018-18505 bmo#1497749
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   986
    Privilege escalation through IPC channel messages
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   987
  * CVE-2018-18506 bmo#1503393
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   988
    Proxy Auto-Configuration file can define localhost access to be proxied
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   989
  * CVE-2018-18502 bmo#1499426 bmo#1480090 bmo#1472990 bmo#1514762
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   990
    bmo#1501482 bmo#1505887 bmo#1508102 bmo#1508618 bmo#1511580
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   991
    bmo#1493497 bmo#1510145 bmo#1516289 bmo#1506798 bmo#1512758
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   992
    Memory safety bugs fixed in Firefox 65
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   993
  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   994
    bmo#1502871 bmo#1516738 bmo#1516514
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   995
    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   996
- requires
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   997
  NSS 3.41
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   998
  rust/carge 1.30
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   999
  rust-cbindgen 0.6.7
1086
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
  1000
- rebased patches
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
  1001
- remove workaround for build memory consumption on i586; other
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
  1002
  mitigations meanwhile introduced (mainly parallelity) will be
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
  1003
  sufficient
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
  1004
  mozilla-reduce-files-per-UnifiedBindings.patch
1085
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
  1005
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
  1006
-------------------------------------------------------------------
1084
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1007
Tue Jan 15 14:32:03 UTC 2019 - Martin Liška <mliska@suse.cz>
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1008
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1009
- Increase disk constraint.
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1010
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1011
-------------------------------------------------------------------
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1012
Mon Jan 14 12:12:12 UTC 2019 - Martin Liška <mliska@suse.cz>
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1013
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1014
- Remove -v from mach build in order to work-around bmo#1500436.
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1015
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1016
-------------------------------------------------------------------
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1017
Fri Jan 11 15:07:14 UTC 2019 - Martin Liška <mliska@suse.cz>
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1018
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1019
- Set %clang_build to false on all architectures
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1020
- Do not use -fno-delete-null-pointer-checks and -fno-strict-aliasing:
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1021
  it should not be needed anymore
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1022
- Do not overwrite enable-optimize and when possible
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1023
  enable --enable-debug-symbols.
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1024
- Add -v to mach in order to make build verbose.
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1025
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1026
-------------------------------------------------------------------
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1027
Wed Jan  9 22:40:14 UTC 2019 - astieger@suse.com
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1028
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1029
- Mozilla Firefox 64.0.2:
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1030
  * Update the Japanese translation for missing strings (bmo#1513259)
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1031
  * Properly restore column sizes in developer tools inspector (bmo#1503175)
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1032
  * Fixed video stuttering on Youtube (bmo#1513511)
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1033
  * Fix updates for some lightweight themes (bmo#1508777)
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1034
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1035
-------------------------------------------------------------------
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1036
Tue Dec 18 14:46:41 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1037
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1038
- Enable build_hardened for all architectures
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1039
- Switch back aarch64 to clang as '-fPIC' fixes bmo#1513605
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1040
- Remove obolete '--enable-pie' as -pie is always enabled for
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1041
  gcc and clang
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1042
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
  1043
-------------------------------------------------------------------
1083
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
  1044
Wed Dec 12 17:33:29 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
  1045
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
  1046
- Switch aarch64 builds back to gcc, not clang (bmo#1513605)
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
  1047
- Switch %arm builds back to gcc, not clang to avoid OOM
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
  1048
- Fix build flags when clang is not used
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
  1049
- Fix flags for clang ppc64 builds
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
  1050
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
  1051
-------------------------------------------------------------------
1082
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1052
Tue Dec 11 08:45:56 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org>
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1053
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1054
- update to Firefox 64.0
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1055
  * Better recommendations: You may see suggestions in regular browsing
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1056
    mode for new and relevant Firefox features, services, and extensions
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1057
    based on how you use the web (for US users only)
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1058
  * Enhanced tab management: You can now select multiple tabs from the
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1059
    tab bar and close, move, bookmark, or pin them quickly and easily
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1060
  * Easier performance management: The new Task Manager page found at
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1061
    about:performance lets you see how much energy each open tab consumes
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1062
    and provides access to close tabs to conserve power
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1063
  * Improved performance for Mac and Linux users, by enabling link time
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1064
    optimization (Clang LTO).
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1065
  * Added option to remove add-ons using the context menu on their
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1066
    toolbar buttons
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1067
  * RSS feed preview and live bookmarks are available only via add-ons
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1068
  * TLS certificates issued by Symantec are no longer trusted by Firefox.
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1069
    Website operators are strongly encouraged to replace any remaining
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1070
    Symantec TLS certificates as soon as possible
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1071
  MFSA 2018-29 (bsc#1119105)
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1072
  * CVE-2018-12407 bmo#1505973
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1073
    Buffer overflow with ANGLE library when using VertexBuffer11 module
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1074
  * CVE-2018-17466 bmo#1488295
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1075
    Buffer overflow and out-of-bounds read in ANGLE library with
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1076
    TextureStorage11
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1077
  * CVE-2018-18492 bmo#1499861
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1078
    Use-after-free with select element
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1079
  * CVE-2018-18493 bmo#1504452
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1080
    Buffer overflow in accelerated 2D canvas with Skia
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1081
  * CVE-2018-18494 bmo#1487964
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1082
    Same-origin policy violation using location attribute and
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1083
    performance.getEntries to steal cross-origin URLs
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1084
  * CVE-2018-18495 bmo#1427585
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1085
    WebExtension content scripts can be loaded in about: pages
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1086
  * CVE-2018-18496 bmo#1422231 (Windows only)
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1087
    Embedded feed preview page can be abused for clickjacking
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1088
  * CVE-2018-18497 bmo#1488180
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1089
    WebExtensions can load arbitrary URLs through pipe separators
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
  1090
  * CVE-2018-18498 bmo#1500011
821cfbe8efcc Firefox 64.0
Wolfgang Rosenaue