MozillaFirefox/MozillaFirefox.changes
author Wolfgang Rosenauer <wr@rosenauer.org>
Sat, 14 Sep 2019 10:56:02 +0200
branchfirefox69
changeset 1109 972f68ac6b1a
parent 1108 33b03cfb3747
child 1110 9e4b30f05706
permissions -rw-r--r--
Firefox 69.0 as released to Factory/Tumbleweed (including fixes for arch specific patches)
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1108
33b03cfb3747 bugfixes, improvements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1107
diff changeset
     1
-------------------------------------------------------------------
1106
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
     2
Thu Sep  5 13:02:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
     3
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
     4
- Mozilla Firefox 69.0
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
     5
  * Enhanced Tracking Protection (ETP) for stronger privacy protections
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
     6
  * Block Autoplay feature is enhanced to give users the option to block
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
     7
    any video
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
     8
  * Users in the US or using the en-US browser, can get a new “New Tab”
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
     9
    page experience connecting to the best of Pocket's content.
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
    10
  * Support for the Web Authentication HmacSecret extension via
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
    11
    Windows Hello introduced.
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
    12
  * Support for receiving multiple video codecs with this release makes
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
    13
    it easier for WebRTC conferencing services to mix video from
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
    14
    different clients.
1107
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    15
  MFSA 2019-25 (boo#1149324)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    16
  * CVE-2019-11741 (bmo#1539595)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    17
    Isolate addons.mozilla.org and accounts.firefox.com
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    18
  * CVE-2019-5849 (bmo#1555838)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    19
    Out-of-bounds read in Skia
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    20
  * CVE-2019-11737 (bmo#1388015)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    21
    Content security policy directives ignore port and path if host is a wildcard
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    22
  * CVE-2019-11734 (bmo#1352875,bmo#1536227,bmo#1557208,bmo#1560641)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    23
    Memory safety bugs fixed in Firefox 69
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    24
  * CVE-2019-11735 (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    25
    bmo#1565744,bmo#1568858,bmo#1570358)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    26
    Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    27
  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
    28
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
1106
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
    29
- requires
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
    30
  * rust/cargo >= 1.35
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
    31
  * rust-cbindgen >= 0.9.0
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
    32
  * mozilla-nss >= 3.45
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
    33
- rebased patches
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
    34
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
    35
-------------------------------------------------------------------
1101
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
    36
Wed Sep  4 15:38:40 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
    37
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
    38
- added a bunch of patches mainly for big endian platforms
1109
972f68ac6b1a Firefox 69.0 as released to Factory/Tumbleweed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1108
diff changeset
    39
  * mozilla-bmo1504834-part1.patch
972f68ac6b1a Firefox 69.0 as released to Factory/Tumbleweed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1108
diff changeset
    40
  * mozilla-bmo1504834-part2.patch
972f68ac6b1a Firefox 69.0 as released to Factory/Tumbleweed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1108
diff changeset
    41
  * mozilla-bmo1504834-part3.patch
1101
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
    42
  * mozilla-bmo1511604.patch
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
    43
  * mozilla-bmo1554971.patch
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
    44
  * mozilla-bmo1573381.patch
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
    45
  * mozilla-nestegg-big-endian.patch
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
    46
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
    47
-------------------------------------------------------------------
1099
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
    48
Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
    49
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
    50
- Mozilla Firefox 68.1.0
1100
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    51
  MFSA 2019-26
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    52
  * CVE-2019-11751 (bmo#1572838; Windows only)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    53
    Malicious code execution through command line parameters
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    54
  * CVE-2019-11746 (bmo#1564449)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    55
    Use-after-free while manipulating video
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    56
  * CVE-2019-11744 (bmo#1562033)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    57
    XSS by breaking out of title and textarea elements using innerHTML
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    58
  * CVE-2019-11742 (bmo#1559715)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    59
    Same-origin policy violation with SVG filters and canvas to steal
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    60
    cross-origin images
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    61
  * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    62
    File manipulation and privilege escalation in Mozilla Maintenance Service
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    63
  * CVE-2019-11753 (bmo#1574980; Windows only)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    64
    Privilege escalation with Mozilla Maintenance Service in custom
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    65
    Firefox installation location
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    66
  * CVE-2019-11752 (bmo#1501152)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    67
    Use-after-free while extracting a key value in IndexedDB
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    68
  * CVE-2019-9812 (bmo#1538008, bmo#1538015)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    69
    Sandbox escape through Firefox Sync
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    70
  * CVE-2019-11743 (bmo#1560495)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    71
    Cross-origin access to unload event attributes
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    72
  * CVE-2019-11748 (bmo#1564588)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    73
    Persistence of WebRTC permissions in a third party context
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    74
  * CVE-2019-11749 (bmo#1565374)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    75
    Camera information available without prompting using getUserMedia
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    76
  * CVE-2019-11750 (bmo#1568397)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    77
    Type confusion in Spidermonkey
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    78
  * CVE-2019-11738 (bmo#1452037)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    79
    Content security policy bypass through hash-based sources in directives
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    80
  * CVE-2019-11747 (bmo#1564481)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    81
    'Forget about this site' removes sites from pre-loaded HSTS list
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    82
  * CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    83
    bmo#1565744,bmo#1568858,bmo#1570358)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    84
    Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    85
  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    86
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
    87
- switched package to ESR branch
1099
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
    88
- added mozilla-bmo1568145.patch to make builds reproducible
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
    89
- removed upstreamed patch mozilla-gcc-internal-compiler-error.patch
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
    90
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
    91
-------------------------------------------------------------------
1098
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
    92
Sun Aug 18 17:29:25 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
    93
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
    94
- Mozilla Firefox 68.0.2:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
    95
  * Fixed a bug causing some special characters to be cut off from
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
    96
    the end of the search terms when searching from the URL bar
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
    97
    (bmo#1560228)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
    98
  * Allow fonts to be loaded via file:// URLs when opening a page
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
    99
    locally (bmo#1565942)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   100
  * Printing emails from the Outlook web app no longer prints only
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   101
    the header and footer (bmo#1567105)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   102
  * Fixed a bug causing some images not to be displayed on reload,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   103
    including on Google Maps (bmo# 1565542)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   104
  * Fixed an error when starting external applications configured
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   105
    as URI handlers (bmo#1567614)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   106
  MFSA 2019-24 (boo#1145665)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   107
  * CVE-2019-11733: Stored passwords in 'Saved Logins' can be
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   108
    copied without master password entry (bmo#1565780)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   109
- drop fix-build-after-y2038-changes-in-glibc.patch, upstream
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   110
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   111
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   112
Fri Aug 16 16:49:24 UTC 2019 - Jonathan Brielmaier <jbrielmaier@suse.de>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   113
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   114
- Fix crash when typing in the URL bar on ppc64le (bmo#1512162).
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   115
  The upstream patch doesn't resolve the issue on TW, but compiling
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   116
  with -O1 does. Do this until we have a proper fix.
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   117
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   118
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   119
Thu Aug  1 14:25:02 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   120
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   121
- Update build constraints to fix arm builds
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   122
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   123
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   124
Fri Jul 19 08:11:27 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   125
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   126
- Mozilla Firefox 68.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   127
  * Fixed missing Full Screen button when watching videos in full
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   128
    screen mode on HBO GO (bmo#1562837)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   129
  * Fixed a bug causing incorrect messages to appear for some
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   130
    locales when sites try to request the use of the Storage
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   131
    Access API (bmo#1558503)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   132
  * Users in Russian regions may have their default search engine
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   133
    changed (bmo#1565315)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   134
  * Built-in search engines in some locales do not function
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   135
    correctly (bmo#1565779)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   136
  * SupportMenu policy doesn't always work (bmo#1553290)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   137
  * Allow the privacy.file_unique_origin pref to be controlled by
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   138
    policy (bmo#1563759)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   139
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   140
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   141
Thu Jul 11 10:51:39 UTC 2019 - Jiri Slaby <jslaby@suse.com>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   142
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   143
- add fix-build-after-y2038-changes-in-glibc.patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   144
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   145
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   146
Wed Jul 10 13:47:41 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   147
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   148
- Generate langpacks sequentially to avoid file corruption
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   149
  from racy file writes (boo#1137970)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   150
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   151
-------------------------------------------------------------------
1097
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   152
Mon Jul  8 13:30:35 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   153
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   154
- Mozilla Firefox 68.0
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   155
  * Dark mode in reader view
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   156
  * Improved extension security and discovery
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   157
  * Cryptomining and fingerprinting protections are added to strict
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   158
    content blocking settings in Privacy & Security preferences
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   159
  * Camera and microphone access now require an HTTPS connection
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   160
  MFSA 2019-21 (bsc#1140868)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   161
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   162
    Sandbox escape via installation of malicious languagepack
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   163
  * CVE-2019-11711 (bmo#1552541)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   164
    Script injection within domain through inner window reuse
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   165
  * CVE-2019-11712 (bmo#1543804)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   166
    Cross-origin POST requests can be made with NPAPI plugins by
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   167
    following 308 redirects
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   168
  * CVE-2019-11713 (bmo#1528481)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   169
    Use-after-free with HTTP/2 cached stream
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   170
  * CVE-2019-11714 (bmo#1542593)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   171
    NeckoChild can trigger crash when accessed off of main thread
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   172
  * CVE-2019-11729 (bmo#1515342)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   173
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   174
  * CVE-2019-11715 (bmo#1555523)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   175
    HTML parsing error can contribute to content XSS
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   176
  * CVE-2019-11716 (bmo#1552632)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   177
    globalThis not enumerable until accessed
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   178
  * CVE-2019-11717 (bmo#1548306)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   179
    Caret character improperly escaped in origins
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   180
  * CVE-2019-11718 (bmo#1408349)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   181
    Activity Stream writes unsanitized content to innerHTML
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   182
  * CVE-2019-11719 (bmo#1540541)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   183
    Out-of-bounds read when importing curve25519 private key
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   184
  * CVE-2019-11720 (bmo#1556230)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   185
    Character encoding XSS vulnerability
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   186
  * CVE-2019-11721 (bmo#1256009)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   187
    Domain spoofing through unicode latin 'kra' character
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   188
  * CVE-2019-11730 (bmo#1558299)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   189
    Same-origin policy treats all files in a directory as having the
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   190
    same-origin
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   191
  * CVE-2019-11723 (bmo#1528335)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   192
    Cookie leakage during add-on fetching across private browsing boundaries
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   193
  * CVE-2019-11724 (bmo#1512511)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   194
    Retired site input.mozilla.org has remote troubleshooting permissions
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   195
  * CVE-2019-11725 (bmo#1483510)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   196
    Websocket resources bypass safebrowsing protections
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   197
  * CVE-2019-11727 (bmo#1552208)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   198
    PKCS#1 v1.5 signatures can be used for TLS 1.3
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   199
  * CVE-2019-11728 (bmo#1552993)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   200
    Port scanning through Alt-Svc header
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   201
  * CVE-2019-11710 (bmo#1549768, bmo#1548611, bmo#1533842, bmo#1537692,
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   202
    bmo#1540590, bmo#1551907, bmo#1510345, bmo#1535482, bmo#1535848,
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   203
    bmo#1547472, bmo#1547760, bmo#1507696, bmo#1544180)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   204
    Memory safety bugs fixed in Firefox 68
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   205
  * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   206
    bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   207
    Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   208
- requires
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   209
  * NSS 3.44.1
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   210
  * rust/cargo 1.34
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   211
  * rust-cbindgen 0.8.7
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   212
- rebased patches
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   213
  * mozilla-aarch64-startup-crash.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   214
  * mozilla-kde.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   215
  * mozilla-nongnome-proxies.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   216
  * firefox-kde.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   217
- use new create-tar.sh and add tar_stamps for package definitions
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   218
- added patches imported from SLE flavour
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   219
  * mozilla-gcc-internal-compiler-error.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   220
  * mozilla-bmo1005535.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   221
  * mozilla-ppc-altivec_static_inline.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   222
  * mozilla-reduce-rust-debuginfo.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   223
  * mozilla-s390-bigendian.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   224
  * mozilla-s390-context.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   225
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   226
-------------------------------------------------------------------
1096
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   227
Mon Jul  2 14:15:17 UTC 2019 - Martin Liška <mliska@suse.cz>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   228
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   229
- Enable PGO for x86_64.
1098
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   230
  * added firefox-add-kde.js-in-order-to-survive-PGO-build.patch
1096
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   231
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   232
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   233
Thu Jun 20 06:20:59 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   234
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   235
- Mozilla Firefox 67.0.4
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   236
  MFSA 2019-19 (boo#1138872)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   237
  * CVE-2019-11708 (bmo#1559858)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   238
    sandbox escape using Prompt:Open
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   239
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   240
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   241
Tue Jun 18 18:36:15 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   242
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   243
- Mozilla Firefox 67.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   244
  MFSA 2019-18 (boo#1138614)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   245
  * CVE-2019-11707 (bmo#1544386)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   246
    Type confusion in Array.pop
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   247
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   248
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   249
Thu Jun 12 14:56:32 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   250
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   251
- Mozilla Firefox 67.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   252
  * Fixed: Fix JavaScript error ("TypeError: data is null in
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   253
    PrivacyFilter.jsm") in console which may significantly degrade
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   254
    sessionstore reliability and performance (bmo#1553413)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   255
  * Fixed: Proxy authentication dialog box repeatedly pops up
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   256
    asking to authenticate after upgrading to Firefox 67 (bmo#1548804)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   257
  * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   258
    implementation (bmo#1551282)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   259
  * Fixed: Starting in safe mode on Linux or macOS causes Firefox
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   260
    to think on the subsequent launch that the profile is too
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   261
    recent to be used with this version of Firefox (bmo#1556612)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   262
  * Fixed: Linux distribution users can't easily install/use
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   263
    additional/different languages using the built-in preferences
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   264
    UI (bmo#1554744)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   265
  * Fixed: Developer tools users can't copy the href/src content
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   266
    from various HTML tags via the context menu in the Inspector
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   267
    markup view (bmo#1552275)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   268
  * Fixed: Custom home page is broken with clearing data on shutdown
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   269
    settings applied (bmo#1554167)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   270
  * Fixed: Performance-regression for eclipse RAP based applications
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   271
    (bmo#1555962)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   272
  * Fixed: macOS 10.15 crash fix (bmo#1556076)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   273
  * Fixed: Can't start two downloads in parallel via <a download>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   274
    anymore (bmo#1542912)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   275
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   276
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   277
Thu Jun  6 06:49:51 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   278
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   279
- Mozilla Firefox 67.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   280
  * enable enhanced tracking protection by default for new users
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   281
  * upgrade of Facebook container to version 2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   282
  * new version of Firefox Lockwise (password management)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   283
  * new version of Firefox Monitor
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   284
  * Firefox Send improvements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   285
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   286
-------------------------------------------------------------------
1094
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   287
Sun May 19 20:40:30 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
1093
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   288
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   289
- Mozilla Firefox 67.0
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   290
  * Firefox 67 will be able to run different Firefox installs side by side
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   291
    https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   292
  * Tabs can now be pinned from the Page Actions menu in the address bar
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   293
  * Users can block known cryptominers and fingerprinters in the
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   294
    Custom settings or their Content Blocking preferences
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   295
  * The Import Data from Another Browser feature is now also available
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   296
    from the File menu
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   297
  * Firefox will now protect you against running older versions which
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   298
    can lead to data corruption and stability issues
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   299
  * Easier access to your list of saved logins from the main menu and
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   300
    login autocomplete
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   301
  * We’ve added a toolbar menu for your Firefox Account to provide more
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   302
    transparency for when you are synced, sharing data across devices
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   303
    and with Firefox. Personalize the appearance of the menu with your
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   304
    own avatar
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   305
  * Enable FIDO U2F API, and permit registrations for Google Accounts
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   306
  * Enabled AV1 support on Linux
1096
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   307
  MFSA 2019-13 (boo#1135824)
1094
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   308
  * CVE-2019-9815 (bmo#1546544)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   309
    Disable hyperthreading on content JavaScript threads on macOS
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   310
  * CVE-2019-9816 (bmo#1536768)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   311
    Type confusion with object groups and UnboxedObjects
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   312
  * CVE-2019-9817 (bmo#1540221)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   313
    Stealing of cross-domain images using canvas
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   314
  * CVE-2019-9818 (bmo#1542581) (Windows only)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   315
    Use-after-free in crash generation server
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   316
  * CVE-2019-9819 (bmo#1532553)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   317
    Compartment mismatch with fetch API
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   318
  * CVE-2019-9820 (bmo#1536405)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   319
    Use-after-free of ChromeEventHandler by DocShell
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   320
  * CVE-2019-9821 (bmo#1539125)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   321
    Use-after-free in AssertWorkerThread
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   322
  * CVE-2019-11691 (bmo#1542465)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   323
    Use-after-free in XMLHttpRequest
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   324
  * CVE-2019-11692 (bmo#1544670)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   325
    Use-after-free removing listeners in the event listener manager
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   326
  * CVE-2019-11693 (bmo#1532525)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   327
    Buffer overflow in WebGL bufferdata on Linux
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   328
  * CVE-2019-7317 (bmo#1542829)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   329
    Use-after-free in png_image_free of libpng library
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   330
  * CVE-2019-11694 (bmo#1534196) (Windows only)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   331
    Uninitialized memory memory leakage in Windows sandbox
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   332
  * CVE-2019-11695 (bmo#1445844)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   333
    Custom cursor can render over user interface outside of web content
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   334
  * CVE-2019-11696 (bmo#1392955)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   335
    Java web start .JNLP files are not recognized as executable files
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   336
    for download prompts
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   337
  * CVE-2019-11697 (bmo#1440079)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   338
    Pressing key combinations can bypass installation prompt delays and
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   339
    install extensions
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   340
  * CVE-2019-11698 (bmo#1543191)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   341
    Theft of user history data through drag and drop of hyperlinks
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   342
    to and from bookmarks
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   343
  * CVE-2019-11700 (bmo#1549833) (Windows only)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   344
    res: protocol can be used to open known local files
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   345
  * CVE-2019-11699 (bmo#1528939)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   346
    Incorrect domain name highlighting during page navigation
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   347
  * CVE-2019-11701 (bmo#1518627)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   348
    webcal: protocol default handler loads vulnerable web page
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   349
  * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   350
    bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   351
    Memory safety bugs fixed in Firefox 67
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   352
  * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   353
    bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   354
    bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   355
    bmo#1532465, bmo#1533554, bmo#1541580)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   356
    Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
1093
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   357
- requires
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   358
  * rust/cargo >= 1.32
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   359
  * mozilla-nspr >= 4.21
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   360
  * mozilla-nss >= 3.43
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   361
  * rust-cbindgen >= 0.8.2
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   362
- rebased patches
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   363
- KDE integration for default browser detection is broken in this revision
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   364
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
   365
-------------------------------------------------------------------
1094
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   366
Fri May 17 12:04:49 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   367
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   368
- Fix armv7 build with:
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   369
  * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   370
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
   371
-------------------------------------------------------------------
1092
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   372
Fri May 10 10:30:05 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   373
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   374
- Mozilla Firefox 66.0.5
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   375
  * Fixed: Further improvements to re-enable web extensions which
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   376
    had been disabled for users with a master password set (bmo#1549249)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   377
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   378
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   379
Sun May  5 20:21:02 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   380
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   381
- Mozilla Firefox 66.0.4 (boo#1134126)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   382
  * fix extension certificate chain
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   383
    https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   384
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   385
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   386
Thu Apr 11 09:16:17 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   387
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   388
- Mozilla Firefox 66.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   389
  * Fixed: Address bar on tablets running Windows 10 now behaves
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   390
    correctly (bmo#1498973)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   391
  * Fixed: Performance issues with some HTML5 games (bmo#1537609)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   392
  * Fixed a bug with keypress events in IBM cloud applications
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   393
    (bmo#1538970)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   394
  * Fix for keypress events in some Microsoft cloud applications
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   395
    (bmo#1539618)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   396
  * Changed: Updated Baidu search plugin
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   397
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   398
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   399
Thu Mar 28 19:01:41 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   400
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   401
- Mozilla Firefox 66.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   402
  * Fixed Web compatibility issues with Office 365, iCloud and
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   403
    IBM WebMail caused by recent changes to the handling of
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   404
    keyboard events (bmo#1538966)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   405
  * Crash fixes (bmo#1521370, bmo#1539118)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   406
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   407
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   408
Thu Mar 28 09:58:36 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   409
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   410
- Add patch to fix aarch64 build:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   411
  * mozilla-fix-aarch64-libopus.patch (bmo#1539737)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   412
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   413
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   414
Fri Mar 22 22:22:08 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   415
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   416
- Mozilla Firefox 66.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   417
  MFSA 2019-09 (bsc#1130262)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   418
  * CVE-2019-9810 (bmo#1537924)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   419
    IonMonkey MArraySlice has incorrect alias information
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   420
  * CVE-2019-9813 (bmo#1538006)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   421
    Ionmonkey type confusion with __proto__ mutations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   422
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   423
-------------------------------------------------------------------
1089
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   424
Sun Mar 17 10:08:51 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   425
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   426
- Mozilla Firefox 66.0
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   427
  * Increased content processes to 8
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   428
  * Added capability to search through open tabs from the tab overflow menu
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   429
  * New backend for the storage.local WebExtensions API, providing
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   430
    I/O performance improvements when the extension updates a small
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   431
    subset of the stored data
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   432
  * WebExtension keyboard shortcuts can now be managed or overridden
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   433
    from about:addons
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   434
  * Improved scrolling behavior: Firefox will now attempt to keep content
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   435
    from jumping around while a page is loading by supporting scroll
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   436
    anchoring
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   437
  * New about:privatebrowsing with search
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   438
  * A certificate error page now notifies the user of the name of the
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   439
    certificate issuer that breaks HTTPs connections on intercepted
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   440
    connections to help troubleshooting possible anti-virus software
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   441
    issues.
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   442
  * Fixed an performance issue some Linux users experienced with the
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   443
    Downloads panel (bmo#1517101)
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   444
  * Firefox now blocks all autoplay media with sound by default. Users
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   445
    can add individual sites to an exceptions list or turn the blocking
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   446
    off.
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   447
  * System title bar is hidden by default to match Gnome guideline
1092
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   448
  MFSA 2019-07 (bsc#1129821)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   449
  * CVE-2019-9790 (bmo#1525145)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   450
    Use-after-free when removing in-use DOM elements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   451
  * CVE-2019-9791 (bmo#1530958)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   452
    Type inference is incorrect for constructors entered through on-stack
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   453
    replacement with IonMonkey
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   454
  * CVE-2019-9792 (bmo#1532599)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   455
    IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   456
  * CVE-2019-9793 (bmo#1528829)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   457
    Improper bounds checks when Spectre mitigations are disabled
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   458
  * CVE-2019-9794 (bmo#1530103) (Windows only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   459
    Command line arguments not discarded during execution
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   460
  * CVE-2019-9795 (bmo#1514682)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   461
    Type-confusion in IonMonkey JIT compiler
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   462
  * CVE-2019-9796 (bmo#1531277)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   463
    Use-after-free with SMIL animation controller
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   464
  * CVE-2019-9797 (bmo#1528909)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   465
    Cross-origin theft of images with createImageBitmap
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   466
  * CVE-2019-9798 (bmo#1527534) (Android only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   467
    Library is loaded from world writable APITRACE_LIB location
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   468
  * CVE-2019-9799 (bmo#1505678)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   469
    Information disclosure via IPC channel messages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   470
  * CVE-2019-9801 (bmo#1527717) (Windows only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   471
    Windows programs that are not 'URL Handlers' are exposed to web content
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   472
  * CVE-2019-9802 (bmo#1415508)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   473
    Chrome process information leak
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   474
  * CVE-2019-9803 (bmo#1515863, bmo#1437009)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   475
    Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   476
  * CVE-2019-9804 (bmo#1518026) (MacOS only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   477
    Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   478
  * CVE-2019-9805 (bmo#1521360)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   479
    Potential use of uninitialized memory in Prio
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   480
  * CVE-2019-9806 (bmo#1525267)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   481
    Denial of service through successive FTP authorization prompts
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   482
  * CVE-2019-9807 (bmo#1362050)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   483
    Text sent through FTP connection can be incorporated into alert messages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   484
  * CVE-2019-9809 (bmo#1282430, bmo#1523249)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   485
    Denial of service through FTP modal alert error messages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   486
  * CVE-2019-9808 (bmo#1434634)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   487
    WebRTC permissions can display incorrect origin with data: and blob: URLs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   488
  * CVE-2019-9789 bmo#1520483, bmo#1522987, bmo#1528199, bmo#1519337,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   489
    bmo#1525549, bmo#1516179, bmo#1518524, bmo#1518331, bmo#1526579,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   490
    bmo#1512567, bmo#1524335, bmo#1448505, bmo#1518821
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   491
    Memory safety bugs fixed in Firefox 66
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   492
  * CVE-2019-9788 bmo#1518001, bmo#1521304, bmo#1521214, bmo#1506665,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   493
    bmo#1516834, bmo#1518774, bmo#1524755, bmo#1523362, bmo#1524214, bmo#1529203
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   494
    Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
1089
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   495
- updated build/runtime requirements
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   496
  * mozilla-nss >= 3.42.1
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   497
  * cargo/rust >= 1.31
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   498
  * rust-cbindgen >= 0.6.8
1092
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1089
diff changeset
   499
  * nasm >= 2.13 (new)
1089
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   500
- removed obsolete patch
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   501
  * mozilla-bmo256180.patch
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   502
eca1c1f2fe50 Firefox 66.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1087
diff changeset
   503
-------------------------------------------------------------------
1087
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   504
Tue Mar  5 10:17:01 UTC 2019 - Stephan Kulow <coolo@suse.com>
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   505
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   506
- Do not hardcode nodejs8 but leave the prefer to the distribution
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   507
  (Tumbleweed staging wants to switch to nodejs10)
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   508
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   509
-------------------------------------------------------------------
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   510
Fri Feb 15 13:45:57 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   511
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   512
- Update _constraints to avoid 'no space left' error seen on aarch64
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   513
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   514
-------------------------------------------------------------------
1086
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   515
Wed Feb 13 07:17:28 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   516
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   517
- Mozilla Firefox 65.0.1
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   518
  * Fixed accidental requests to addons.mozilla.org when an addon
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   519
    recommendation doorhanger is shown (bmo#1526387)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   520
  * Improved playback of interactive Netflix videos (bmo#1524500)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   521
  * Fixed incorrect sizing of the "Clear Recent History" window in
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   522
    some situations (bmo#1523696)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   523
  * Fixed audio & video delays while making WebRTC calls
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   524
    (bmo#1521577, bmo#1523817)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   525
  * Fixed video sizing problems during some WebRTC calls (bmo#1520200)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   526
  * Fixed looping CONNECT requests when using WebSockets over HTTP/2
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   527
    from behind a proxy server (bmo#1523427)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   528
  * Fixed the "Enter" key not working on password entry fields for
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   529
    certain Linux distributions (bmo#1523635)
1087
5fab52cd743d latest version
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1086
diff changeset
   530
  MFSA 2019-04 (bsc#1125330)
1086
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   531
  * CVE-2018-18356 bmo#1525817
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   532
    Use-after-free in Skia
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   533
  * CVE-2019-5785 bmo#1525433
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   534
    Integer overflow in Skia
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   535
  * CVE-2018-18511 bmo#1526218
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   536
    Cross-origin theft of images with ImageBitmapRenderingContext
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   537
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   538
-------------------------------------------------------------------
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   539
Wed Feb 13 06:12:43 UTC 2019 - Martin Liška <mliska@suse.cz>
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   540
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   541
- Enable LTO only for latest new toolchain (boo#1125038) for x86_64
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   542
  (with increased memory constraints)
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   543
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   544
-------------------------------------------------------------------
1085
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   545
Sat Jan 26 22:37:01 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   546
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   547
- Mozilla Firefox 65.0
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   548
  * Enhanced tracking protection
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   549
  * allow switching of UI locales within preferences
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   550
  * support for the WebP image format
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   551
  * "top"-like about:performance
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   552
  MFSA 2019-01 (bsc#1122983)
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   553
  * CVE-2018-18500 bmo#1510114
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   554
    Use-after-free parsing HTML5 stream
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   555
  * CVE-2018-18503 bmo#1509442
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   556
    Memory corruption with Audio Buffer
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   557
  * CVE-2018-18504 bmo#1496413
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   558
    Memory corruption and out-of-bounds read of texture client
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   559
  * CVE-2018-18505 bmo#1497749
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   560
    Privilege escalation through IPC channel messages
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   561
  * CVE-2018-18506 bmo#1503393
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   562
    Proxy Auto-Configuration file can define localhost access to be proxied
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   563
  * CVE-2018-18502 bmo#1499426 bmo#1480090 bmo#1472990 bmo#1514762
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   564
    bmo#1501482 bmo#1505887 bmo#1508102 bmo#1508618 bmo#1511580
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   565
    bmo#1493497 bmo#1510145 bmo#1516289 bmo#1506798 bmo#1512758
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   566
    Memory safety bugs fixed in Firefox 65
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   567
  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   568
    bmo#1502871 bmo#1516738 bmo#1516514
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   569
    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   570
- requires
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   571
  NSS 3.41
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   572
  rust/carge 1.30
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   573
  rust-cbindgen 0.6.7
1086
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   574
- rebased patches
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   575
- remove workaround for build memory consumption on i586; other
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   576
  mitigations meanwhile introduced (mainly parallelity) will be
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   577
  sufficient
ed1c30c5f456 Firefox 65.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1085
diff changeset
   578
  mozilla-reduce-files-per-UnifiedBindings.patch
1085
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   579
87f893cf45b9 Firefox 65.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1084
diff changeset
   580
-------------------------------------------------------------------
1084
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   581
Tue Jan 15 14:32:03 UTC 2019 - Martin Liška <mliska@suse.cz>
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   582
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   583
- Increase disk constraint.
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   584
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   585
-------------------------------------------------------------------
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   586
Mon Jan 14 12:12:12 UTC 2019 - Martin Liška <mliska@suse.cz>
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   587
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   588
- Remove -v from mach build in order to work-around bmo#1500436.
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   589
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   590
-------------------------------------------------------------------
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   591
Fri Jan 11 15:07:14 UTC 2019 - Martin Liška <mliska@suse.cz>
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   592
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   593
- Set %clang_build to false on all architectures
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   594
- Do not use -fno-delete-null-pointer-checks and -fno-strict-aliasing:
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   595
  it should not be needed anymore
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   596
- Do not overwrite enable-optimize and when possible
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   597
  enable --enable-debug-symbols.
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   598
- Add -v to mach in order to make build verbose.
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   599
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   600
-------------------------------------------------------------------
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   601
Wed Jan  9 22:40:14 UTC 2019 - astieger@suse.com
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   602
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   603
- Mozilla Firefox 64.0.2:
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   604
  * Update the Japanese translation for missing strings (bmo#1513259)
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   605
  * Properly restore column sizes in developer tools inspector (bmo#1503175)
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   606
  * Fixed video stuttering on Youtube (bmo#1513511)
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   607
  * Fix updates for some lightweight themes (bmo#1508777)
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   608
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   609
-------------------------------------------------------------------
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   610
Tue Dec 18 14:46:41 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   611
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   612
- Enable build_hardened for all architectures
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   613
- Switch back aarch64 to clang as '-fPIC' fixes bmo#1513605
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   614
- Remove obolete '--enable-pie' as -pie is always enabled for
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   615
  gcc and clang
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   616
b0b3c507e253 latest Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1083
diff changeset
   617
-------------------------------------------------------------------
1083
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   618
Wed Dec 12 17:33:29 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   619
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   620
- Switch aarch64 builds back to gcc, not clang (bmo#1513605)
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   621
- Switch %arm builds back to gcc, not clang to avoid OOM
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   622
- Fix build flags when clang is not used
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   623
- Fix flags for clang ppc64 builds
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   624
2f7023025374 reduced memory requirements and rely on memory limitations in parallelization
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1082
diff changeset
   625
-------------------------------------------------------------------
1082
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   626
Tue Dec 11 08:45:56 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org>
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   627
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   628
- update to Firefox 64.0
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   629
  * Better recommendations: You may see suggestions in regular browsing
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   630
    mode for new and relevant Firefox features, services, and extensions
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   631
    based on how you use the web (for US users only)
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   632
  * Enhanced tab management: You can now select multiple tabs from the
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   633
    tab bar and close, move, bookmark, or pin them quickly and easily
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   634
  * Easier performance management: The new Task Manager page found at
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   635
    about:performance lets you see how much energy each open tab consumes
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   636
    and provides access to close tabs to conserve power
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   637
  * Improved performance for Mac and Linux users, by enabling link time
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   638
    optimization (Clang LTO).
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   639
  * Added option to remove add-ons using the context menu on their
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   640
    toolbar buttons
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   641
  * RSS feed preview and live bookmarks are available only via add-ons
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   642
  * TLS certificates issued by Symantec are no longer trusted by Firefox.
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   643
    Website operators are strongly encouraged to replace any remaining
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   644
    Symantec TLS certificates as soon as possible
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   645
  MFSA 2018-29 (bsc#1119105)
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   646
  * CVE-2018-12407 bmo#1505973
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   647
    Buffer overflow with ANGLE library when using VertexBuffer11 module
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   648
  * CVE-2018-17466 bmo#1488295
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   649
    Buffer overflow and out-of-bounds read in ANGLE library with
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   650
    TextureStorage11
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   651
  * CVE-2018-18492 bmo#1499861
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   652
    Use-after-free with select element
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   653
  * CVE-2018-18493 bmo#1504452
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   654
    Buffer overflow in accelerated 2D canvas with Skia
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   655
  * CVE-2018-18494 bmo#1487964
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   656
    Same-origin policy violation using location attribute and
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   657
    performance.getEntries to steal cross-origin URLs
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   658
  * CVE-2018-18495 bmo#1427585
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   659
    WebExtension content scripts can be loaded in about: pages
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   660
  * CVE-2018-18496 bmo#1422231 (Windows only)
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   661
    Embedded feed preview page can be abused for clickjacking
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   662
  * CVE-2018-18497 bmo#1488180
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   663
    WebExtensions can load arbitrary URLs through pipe separators
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   664
  * CVE-2018-18498 bmo#1500011
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   665
    Integer overflow when calculating buffer sizes for images
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   666
  * CVE-2018-12406 bmo#1456947 bmo#1475669 bmo#1504816 bmo#1502886
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   667
    bmo#1500064 bmo#1500310 bmo#1500696 bmo#1498765 bmo#1499198 bmo#1434490
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   668
    bmo#1481745 bmo#1458129
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   669
    Memory safety bugs fixed in Firefox 64
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   670
  * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   671
    bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   672
    Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   673
- requires
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   674
  * rust/cargo >= 1.29
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   675
  * mozilla-nss >= 3.40.1
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   676
  * rust-cbindgen >= 0.6.4
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   677
- rebased patches
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   678
- removed obsolete patch
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   679
  * mozilla-bmo1491289.patch
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   680
- now uses clang primarily for compilation
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   681
821cfbe8efcc Firefox 64.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1081
diff changeset
   682
-------------------------------------------------------------------
1081
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   683
Wed Nov 28 11:07:18 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   684
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   685
- Remove --disable-elf-hack when not available: on aarch64 and ppc64*
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   686
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   687
-------------------------------------------------------------------
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   688
Mon Nov 26 09:46:02 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   689
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   690
- Clean-up %arm build
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   691
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   692
-------------------------------------------------------------------
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   693
Sun Nov 18 11:01:21 UTC 2018 - manfred.h@gmx.net
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   694
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   695
- update to Firefox 63.0.3
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   696
  * Games using WebGL (created in Unity) get stuck after very short
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   697
    time of gameplay (bmo#1502748)
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   698
  * Slow page loading for some users with specific proxy configurations
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   699
    (bmo#1495024)
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   700
  * Disable HTTP response throttling by default for causing bugs with
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   701
    videos in background tabs (bmo#1503354)
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   702
  * Opening magnet links no longer works (bmo#1498934)
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   703
  * Crash fixes (bmo#1498510, bmo#1503424)
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   704
- removed mozilla-newer-cbindgen.patch; no longer needed
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   705
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   706
-------------------------------------------------------------------
1077
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   707
Thu Nov  8 14:59:13 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   708
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   709
- update to Firefox 63.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   710
  * Snippets are not loaded due to missing element (bmo#1503047)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   711
  * Print preview always shows 30& scale when it is actually
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   712
    Shrink To Fit (bmo#1501952)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   713
  * Dialog displayed when closing multiple windows shows unreplaced
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   714
    %1$S placeholder in Japanese and potentially other locales
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   715
    (bmo#1500823)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   716
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   717
-------------------------------------------------------------------
1075
0831123bc28a final 63.0 release preparations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1074
diff changeset
   718
Mon Oct 29 14:07:51 UTC 2018 - wr@rosenauer.org
0831123bc28a final 63.0 release preparations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1074
diff changeset
   719
0831123bc28a final 63.0 release preparations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1074
diff changeset
   720
- update to Firefox 63.0
1074
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   721
  * WebExtensions now run in their own process on Linux
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   722
  * The Ctrl+Tab shortcut now displays thumbnail previews of your
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   723
    tabs and cycles through tabs in recently used order. This new
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   724
    default behavior is activated only in new profiles and can be
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   725
    changed in preferences.
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   726
  * Added support for Web Components custom elements and shadow DOM
1077
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   727
  MFSA 2018-26 (bsc#1112852)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   728
  * CVE-2018-12391 (bmo#1478843) (Android-only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   729
    HTTP Live Stream audio data is accessible cross-origin
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   730
  * CVE-2018-12392 (bmo#1492823)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   731
    Crash with nested event loops
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   732
  * CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   733
    Integer overflow during Unicode conversion while loading JavaScript
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   734
  * CVE-2018-12395 (bmo#1467523)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   735
    WebExtension bypass of domain restrictions through header rewriting
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   736
  * CVE-2018-12396 (bmo#1483602)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   737
    WebExtension content scripts can execute in disallowed contexts
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   738
  * CVE-2018-12397 (bmo#1487478)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   739
    Missing warning prompt when WebExtension requests local file access
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   740
  * CVE-2018-12398 (bmo#1460538, bmo#1488061)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   741
    CSP bypass through stylesheet injection in resource URIs
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   742
  * CVE-2018-12399 (bmo#1490276)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   743
    Spoofing of protocol registration notification bar
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   744
  * CVE-2018-12400 (bmo#1448305) (Android only)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   745
    Favicons are cached in private browsing mode on Firefox for Android
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   746
  * CVE-2018-12401 (bmo#1422456)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   747
    DOS attack through special resource URI parsing
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   748
  * CVE-2018-12402 (bmo#1469916)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   749
    SameSite cookies leak when pages are explicitly saved
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   750
  * CVE-2018-12403 (bmo#1484753)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   751
    Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   752
  * CVE-2018-12388 (bmo#1472639, bmo#1485698, bmo#1301547, bmo#1471427,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   753
    bmo#1379411, bmo#1482122, bmo#1486314, bmo#1487167)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   754
    Memory safety bugs fixed in Firefox 63
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   755
  * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   756
    bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   757
    bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   758
    bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   759
    Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
1074
4b99400f6d17 rebased patches and updated spec for 63.0b14
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1073
diff changeset
   760
- requires NSPR 4.20, NSS 3.39 and Rust 1.28
1077
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1076
diff changeset
   761
- latest rust does not provide rust-std so stop requiring it
1079
1663e876731f latest toolchain updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1078
diff changeset
   762
- requires rust-cbindgen >= 0.6.2 to build
1663e876731f latest toolchain updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1078
diff changeset
   763
- requires nodejs >= 8.11 to build
1078
9f49c406dc11 63.0.1 release candidate with several build updates and required fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1077
diff changeset
   764
- added mozilla-bmo1491289.patch to fix system NSS build (bmo#1491289)
9f49c406dc11 63.0.1 release candidate with several build updates and required fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1077
diff changeset
   765
- added mozilla-cubeb-noreturn.patch to fix non-return function
1079
1663e876731f latest toolchain updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1078
diff changeset
   766
- added mozilla-newer-cbindgen.patch to fix build with cbindgen 0.6.7
1663e876731f latest toolchain updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1078
diff changeset
   767
- disable elfhack for TW and newer due to build errors
1081
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   768
- removed obsolete patches
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   769
  * mozilla-no-return.patch
9fec29d2ead2 latest updates from Factory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1079
diff changeset
   770
  * mozilla-no-stdcxx-check.patch
1073
63a32fb3b602 merge from firefox62 and prepare for 63beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1072
diff changeset
   771
63a32fb3b602 merge from firefox62 and prepare for 63beta
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1072
diff changeset
   772
-------------------------------------------------------------------
1076
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   773
Thu Oct 25 14:39:04 UTC 2018 - guillaume.gardet@opensuse.org
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   774
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   775
- Update _constraints for armv6/7
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   776
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   777
-------------------------------------------------------------------
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   778
Thu Oct 25 08:50:24 UTC 2018 - guillaume.gardet@opensuse.org
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   779
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   780
- Add patch to fix build on armv7:
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   781
  * mozilla-bmo1463035.patch
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   782
2823eb50c9a9 ARM updates
Guillaume GARDET <guillaume.gardet@opensuse.org>
parents: 1075
diff changeset
   783
-------------------------------------------------------------------
1072
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   784
Tue Oct  2 21:28:31 UTC 2018 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   785
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   786
- Mozilla Firefox 62.0.3:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   787
  MFSA 2018-24
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   788
  * CVE-2018-12386 (bsc#1110506, bmo#1493900)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   789
    Type confusion in JavaScript allowed remote code execution
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   790
  * CVE-2018-12387 (bsc#1110507, bmo#1493903)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   791
    Array.prototype.push stack pointer vulnerability may enable
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   792
    exploits in the sandboxed content process
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   793
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1071
diff changeset
   794
-------------------------------------------------------------------
1071
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   795
Sat Sep 22 09:03:53 UTC 2018 - astieger@suse.com
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   796
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   797
- Mozilla Firefox 62.0.2:
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   798
  MFSA 2018-22
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   799
  * CVE-2018-12385 (boo#1109363, bmo#1490585)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   800
    Crash in TransportSecurityInfo due to cached data
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   801
  * Unvisited bookmarks can once again be autofilled in the address
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   802
    bar
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   803
  * Fix WebGL rendering issues
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   804
  * Fix fallback on startup when a language pack is missing
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   805
  * Avoid crash when sharing a profile with newer (as yet
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   806
    unreleased) versions of Firefox
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   807
  * Do not undo removal of search engines when using a language
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   808
    pack
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   809
  * Fixed rendering of some web sites
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   810
  * Restored compatibility with some sites using deprecated TLS
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   811
    settings
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   812
- disable rust debug symbols to fix build on %ix86
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   813
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   814
-------------------------------------------------------------------
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   815
Mon Sep  3 10:47:43 UTC 2018 - wr@rosenauer.org
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   816
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   817
- update to Firefox 62.0
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   818
  * Firefox Home (the default New Tab) now allows users to display
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   819
    up to 4 rows of top sites, Pocket stories, and highlights
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   820
  * "Reopen in Container" tab menu option appears for users with
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   821
    Containers that lets them choose to reopen a tab in a different
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   822
    container
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   823
  * In advance of removing all trust for Symantec-issued certificates
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   824
    in Firefox 63, a preference was added that allows users to distrust
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   825
    certificates issued by Symantec. To use this preference, go to
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   826
    about:config in the address bar and set the preference
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   827
    "security.pki.distrust_ca_policy" to 2.
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   828
  * Support for CSS Shapes, allowing for richer web page layouts.
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   829
    This goes hand in hand with a brand new Shape Path Editor in the
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   830
    CSS inspector.
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   831
  * CSS Variable Fonts (OpenType Font Variations) support, which makes
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   832
    it possible to create beautiful typography with a single font file
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   833
  * Added Canadian English (en-CA) locale
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   834
  MFSA 2018-20 (bsc#1107343)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   835
  * CVE-2018-12377 (bmo#1470260)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   836
    Use-after-free in refresh driver timers
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   837
  * CVE-2018-12378 (bmo#1459383)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   838
    Use-after-free in IndexedDB
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   839
  * CVE-2018-12379 (bmo#1473113) (updater is disabled for us)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   840
    Out-of-bounds write with malicious MAR file
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   841
  * CVE-2017-16541 (bmo#1412081)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   842
    Proxy bypass using automount and autofs
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   843
  * CVE-2018-12381 (bmo#1435319)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   844
    Dragging and dropping Outlook email message results in page navigation
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   845
  * CVE-2018-12382 (bmo#1479311) (Android only)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   846
    Addressbar spoofing with javascript URI on Firefox for Android
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   847
  * CVE-2018-12383 (bmo#1475775)
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   848
    Setting a master password post-Firefox 58 does not delete
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   849
    unencrypted previously stored passwords
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   850
  * CVE-2018-12375
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   851
    Memory safety bugs fixed in Firefox 62
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   852
  * CVE-2018-12376
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   853
    Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
1066
3f18b0f2a868 merge from firefox61 and specify next beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1065
diff changeset
   854
- requires NSS >= 3.38
1071
8dc7d19e8298 firefox 62.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1070
diff changeset
   855
- removed obsolete patch
1067
735b140fb042 rebased patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1066
diff changeset
   856
  mozilla-bmo1464766.patch
1066
3f18b0f2a868 merge from firefox61 and specify next beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1065
diff changeset
   857
3f18b0f2a868 merge from firefox61 and specify next beta cycle
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1065
diff changeset
   858
-------------------------------------------------------------------
1065
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   859
Thu Aug  9 14:22:00 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   860
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   861
- update to Firefox 61.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   862
  * Improved website rendering with the Retained Display List feature
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   863
    enabled (bmo#1474402)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   864
  * Fixed broken DevTools panels with certain extensions installed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   865
    (bmo#1474379)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   866
  * Fixed a crash for users with some accessibility tools enabled
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   867
    (bmo#1474007)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   868
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   869
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   870
Mon Jul  9 07:22:09 UTC 2018 - astieger@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   871
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   872
- Mozilla Firefox 61.0.1:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   873
  * Fix missing content on the New Tab Page and the Home section of
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   874
    the Preferences page (bmo#1471375)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   875
  * Fixed loss of bookmarks under rare circumstances when upgrading
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   876
    from Firefox 60 (bmo#1472127)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   877
  * Improved playback of Twitch 1080p video streams (bmo#1469257)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   878
  * Web pages no longer lose focus when a browser popup window is
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   879
    opened (bmo#1471415)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   880
  * Re-allowed downloading files from FTP sites via the "Save Link
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   881
    As" option when linked from HTTP pages (bmo#1470295)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   882
  * Fixed extensions being unable to override the default homepage
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   883
    in certain situations (bmo#1466846)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   884
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   885
-------------------------------------------------------------------
1061
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   886
Sat Jun 23 07:25:51 UTC 2018 - wr@rosenauer.org
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   887
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   888
- update to Firefox 61.0
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   889
  * Performance enhancements
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   890
  * Various improvements for dark theme support will provide a more
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   891
    consistent experience across the entire Firefox UI
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   892
  * OpenSearch plugins offered by web pages can now be added from the
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   893
    page action menu for easier installation
42510f8eee28 61.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1060
diff changeset
   894
  * Improved support for allowing WebExtensions to manage and hide tabs
1065
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   895
  MFSA 2018-15 (bsc#1098998)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   896
  * CVE-2018-12359 (bmo#1459162)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   897
    Buffer overflow using computed size of canvas element
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   898
  * CVE-2018-12360 (bmo#1459693)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   899
    Use-after-free when using focus()
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   900
  * CVE-2018-12361 (bmo#1463244)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   901
    Integer overflow in SwizzleData
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   902
  * CVE-2018-12358 (bmo#1467852)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   903
    Same-origin bypass using service worker and redirection
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   904
  * CVE-2018-12362 (bmo#1452375)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   905
    Integer overflow in SSSE3 scaler
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   906
  * CVE-2018-5156 (bmo#1453127)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   907
    Media recorder segmentation fault when track type is changed during capture
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   908
  * CVE-2018-12363 (bmo#1464784)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   909
    Use-after-free when appending DOM nodes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   910
  * CVE-2018-12364 (bmo#1436241)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   911
    CSRF attacks through 307 redirects and NPAPI plugins
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   912
  * CVE-2018-12365 (bmo#1459206)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   913
    Compromised IPC child process can list local filenames
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   914
  * CVE-2018-12371 (bmo#1465686) 
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   915
    Integer overflow in Skia library during edge builder allocation
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   916
  * CVE-2018-12366 (bmo#1464039)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   917
    Invalid data handling during QCMS transformations
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   918
  * CVE-2018-12367 (bmo#1462891)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   919
    Timing attack mitigation of PerformanceNavigationTiming
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   920
  * CVE-2018-12369 (bmo#1454909)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   921
    WebExtension security permission checks bypassed by embedded experiments
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   922
  * CVE-2018-12370 (bmo#1456652)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   923
    SameSite cookie protections bypassed when exiting Reader View
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   924
  * CVE-2018-5186 (bmo#1464872,bmo#1463329,bmo#1419373,bmo#1412882,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   925
    bmo#1413033,bmo#1444673,bmo#1454448,bmo#1453505,bmo#1438671)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   926
    Memory safety bugs fixed in Firefox 61
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   927
  * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   928
    bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   929
    bmo#1463884)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   930
    Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   931
  * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   932
    bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   933
    bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   934
    bmo#1464079,bmo#1463494,bmo#1458048)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   935
    Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
1054
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   936
- requires NSS 3.37.3
1065
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   937
- requires python >= 3.5 to build
1055
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   938
- removed obsolete patches
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   939
  mozilla-i586-DecoderDoctorLogger.patch
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   940
  mozilla-i586-domPrefs.patch
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   941
  mozilla-fix-skia-aarch64.patch
526f445635f3 removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1054
diff changeset
   942
  mozilla-bmo1375074.patch
1065
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1061
diff changeset
   943
  mozilla-enable-csd.patch
1057
b70ce330958c successfull RPM build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1056
diff changeset
   944
- patch for new no-return warnings (mozilla-no-return.patch)
1059
936bf8851c57 try to make langpacks work again
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1057
diff changeset
   945
- do not disable system installed locales (mozilla-bmo1464766.patch)
1054
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   946
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   947
-------------------------------------------------------------------
1056
90e1f32cf034 several changes to make upstream tarballs a good neighbour for locale fetching and HG checkouts
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1055
diff changeset
   948
Fri Jun  8 10:52:13 UTC 2018 - bjorn.lie@gmail.com
1054
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   949
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   950
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   951
  conditional --disable-gconf to configure: no longer pull in
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   952
  obsolete gconf2 for Tumbleweed.
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   953
fbfe323c62cd Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
<bjorn.lie@gmail.com>
parents: 1052
diff changeset
   954
-------------------------------------------------------------------
1052
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   955
Thu Jun  7 12:11:06 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   956
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   957
- update to Firefox 60.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   958
  * requires NSS 3.36.4
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   959
  MFSA 2018-14 (bsc#1096449)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   960
  * CVE-2018-6126 (bmo#1462682)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   961
    Heap buffer overflow rasterizing paths in SVG with Skia
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   962
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   963
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   964
Wed Jun  6 18:57:52 UTC 2018 - guillaume.gardet@opensuse.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   965
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   966
- Add upstream patch to fix boo#1093059 instead of '-ffixed-x28'
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   967
  workaround:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   968
  * mozilla-bmo1375074.patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   969
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   970
-------------------------------------------------------------------
1051
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   971
Sat May 26 15:53:25 UTC 2018 - wr@rosenauer.org
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   972
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   973
- fixed "open with" option under KDE (boo#1094747)
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   974
- workaround crash on startup on aarch64 (boo#1093059)
1052
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1051
diff changeset
   975
  (contributed by guillaume.gardet@arm.com)
1051
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   976
87c1625d07e2 fix aarch64 startup crash
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1049
diff changeset
   977
-------------------------------------------------------------------
1049
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   978
Wed May 23 08:49:09 UTC 2018 - guillaume.gardet@opensuse.org
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   979
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   980
- Disable webrtc for aarch64 due to bmo#1434589
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   981
- Add patch to fix skia build on AArch64:
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   982
  * mozilla-fix-skia-aarch64.patch
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   983
08307c08d990 architecture fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1048
diff changeset
   984
-------------------------------------------------------------------
1048
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   985
Thu May 17 14:01:18 UTC 2018 - wr@rosenauer.org
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   986
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   987
- update to Firefox 60.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   988
  * Avoid overly long cycle collector pauses with some add-ons installed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   989
    (bmo#1449033)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   990
  * After unckecking the "Sponsored Stories" option, the New Tab page
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   991
    now immediately stops displaying "Sponsored content" cards (bmo#1458906)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   992
  * On touchscreen devices, fixed momentum scrolling on non-zoomable pages
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   993
    (bmo#1457743)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   994
  * Use the right default background when opening tabs or windows in
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   995
    high contrast mode (bmo#1458956)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   996
  * Restored translations of the Preferences panels when using a
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   997
    language pack (bmo#1461590)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   998
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
   999
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
  1000
Mon May 14 13:37:38 UTC 2018 - pcerny@suse.com
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
  1001
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
  1002
- parellelise locales building
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
  1003
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1047
diff changeset
  1004
-------------------------------------------------------------------
1047
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1005
Mon May  7 08:32:28 UTC 2018 - wr@rosenauer.org
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1006
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1007
- update to Firefox 60.0
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1008
  * Added a policy engine that allows customized Firefox deployments
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1009
    in enterprise environments, using Windows Group Policy or a
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1010
    cross-platform JSON file
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1011
  * Applied Quantum CSS to render browser UI
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1012
  * Added support for Web Authentication, allowing the use of USB
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1013
    tokens for authentication to web sites
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1014
  * Locale added: Occitan (oc)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1015
  MFSA 2018-11 (bsc#1092548)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1016
  * CVE-2018-5154 (bmo#1443092)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1017
    Use-after-free with SVG animations and clip paths
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1018
  * CVE-2018-5155 (bmo#1448774)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1019
    Use-after-free with SVG animations and text paths
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1020
  * CVE-2018-5157 (bmo#1449898)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1021
    Same-origin bypass of PDF Viewer to view protected PDF files
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1022
  * CVE-2018-5158 (bmo#1452075)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1023
    Malicious PDF can inject JavaScript into PDF Viewer
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1024
  * CVE-2018-5159 (bmo#1441941)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1025
    Integer overflow and out-of-bounds write in Skia
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1026
  * CVE-2018-5160 (bmo#1436117)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1027
    Uninitialized memory use by WebRTC encoder
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1028
  * CVE-2018-5152 (bmo#1415644, bmo#1427289)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1029
    WebExtensions information leak through webRequest API
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1030
  * CVE-2018-5153 (bmo#1436809)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1031
    Out-of-bounds read in mixed content websocket messages
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1032
  * CVE-2018-5163 (bmo#1426353)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1033
    Replacing cached data in JavaScript Start-up Bytecode Cache
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1034
  * CVE-2018-5164 (bmo#1416045)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1035
    CSP not applied to all multipart content sent with
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1036
    multipart/x-mixed-replace
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1037
  * CVE-2018-5166 (bmo#1437325)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1038
    WebExtension host permission bypass through filterReponseData
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1039
  * CVE-2018-5167 (bmo#1447969)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1040
    Improper linkification of chrome: and javascript: content in
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1041
    web console and JavaScript debugger
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1042
  * CVE-2018-5168 (bmo#1449548)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1043
    Lightweight themes can be installed without user interaction
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1044
  * CVE-2018-5169 (bmo#1319157)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1045
    Dragging and dropping link text onto home button can set home page
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1046
    to include chrome pages
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1047
  * CVE-2018-5172 (bmo#1436482)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1048
    Pasted script from clipboard can run in the Live Bookmarks page
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1049
    or PDF viewer
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1050
  * CVE-2018-5173 (bmo#1438025)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1051
    File name spoofing of Downloads panel with Unicode characters
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1052
  * CVE-2018-5174 (bmo#1447080) (Windows-only)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1053
    Windows Defender SmartScreen UI runs with less secure behavior
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1054
    for downloaded files in Windows 10 April 2018 Update
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1055
  * CVE-2018-5175 (bmo#1432358)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1056
    Universal CSP bypass on sites using strict-dynamic in their policies
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1057
  * CVE-2018-5176 (bmo#1442840)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1058
    JSON Viewer script injection
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1059
  * CVE-2018-5177 (bmo#1451908)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1060
    Buffer overflow in XSLT during number formatting
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1061
  * CVE-2018-5165 (bmo#1451452)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1062
    Checkbox for enabling Flash protected mode is inverted in 32-bit
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1063
    Firefox
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1064
  * CVE-2018-5180 (bmo#1444086)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1065
    heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1066
  * CVE-2018-5181 (bmo#1424107)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1067
    Local file can be displayed in noopener tab through drag and
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1068
    drop of hyperlink
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1069
  * CVE-2018-5182 (bmo#1435908)
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1070
    Local file can be displayed from hyperlink dragged and dropped
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1071
    on addressbar
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1072
  * CVE-2018-5151
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1073
    Memory safety bugs fixed in Firefox 60
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1074
  * CVE-2018-5150
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1075
    Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
1046
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
  1076
- removed obsolete patches
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
  1077
  0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
1047
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1078
  mozilla-bmo1005535.patch
1046
75893a3d8fbe 60.0b16
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1044
diff changeset
  1079
- requires NSPR 4.19 and NSS 3.36.1
1047
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1080
- requires rust 1.24 or higher
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1081
- use upstream source archive and detached signature for
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1082
  source verification
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1083
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1084
-------------------------------------------------------------------
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1085
Thu May  3 14:33:37 UTC 2018 - guillaume.gardet@opensuse.org
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1086
847ae61baab6 Firefox 60.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1046
diff changeset
  1087
- Fix armv7 build by: