1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Tue May 1 20:50:14 UTC 2018 - wr@rosenauer.org |
2 Mon May 7 08:32:28 UTC 2018 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 60.0b16 |
4 - update to Firefox 60.0 |
|
5 * Added a policy engine that allows customized Firefox deployments |
|
6 in enterprise environments, using Windows Group Policy or a |
|
7 cross-platform JSON file |
|
8 * Applied Quantum CSS to render browser UI |
|
9 * Added support for Web Authentication, allowing the use of USB |
|
10 tokens for authentication to web sites |
|
11 * Locale added: Occitan (oc) |
|
12 MFSA 2018-11 (bsc#1092548) |
|
13 * CVE-2018-5154 (bmo#1443092) |
|
14 Use-after-free with SVG animations and clip paths |
|
15 * CVE-2018-5155 (bmo#1448774) |
|
16 Use-after-free with SVG animations and text paths |
|
17 * CVE-2018-5157 (bmo#1449898) |
|
18 Same-origin bypass of PDF Viewer to view protected PDF files |
|
19 * CVE-2018-5158 (bmo#1452075) |
|
20 Malicious PDF can inject JavaScript into PDF Viewer |
|
21 * CVE-2018-5159 (bmo#1441941) |
|
22 Integer overflow and out-of-bounds write in Skia |
|
23 * CVE-2018-5160 (bmo#1436117) |
|
24 Uninitialized memory use by WebRTC encoder |
|
25 * CVE-2018-5152 (bmo#1415644, bmo#1427289) |
|
26 WebExtensions information leak through webRequest API |
|
27 * CVE-2018-5153 (bmo#1436809) |
|
28 Out-of-bounds read in mixed content websocket messages |
|
29 * CVE-2018-5163 (bmo#1426353) |
|
30 Replacing cached data in JavaScript Start-up Bytecode Cache |
|
31 * CVE-2018-5164 (bmo#1416045) |
|
32 CSP not applied to all multipart content sent with |
|
33 multipart/x-mixed-replace |
|
34 * CVE-2018-5166 (bmo#1437325) |
|
35 WebExtension host permission bypass through filterReponseData |
|
36 * CVE-2018-5167 (bmo#1447969) |
|
37 Improper linkification of chrome: and javascript: content in |
|
38 web console and JavaScript debugger |
|
39 * CVE-2018-5168 (bmo#1449548) |
|
40 Lightweight themes can be installed without user interaction |
|
41 * CVE-2018-5169 (bmo#1319157) |
|
42 Dragging and dropping link text onto home button can set home page |
|
43 to include chrome pages |
|
44 * CVE-2018-5172 (bmo#1436482) |
|
45 Pasted script from clipboard can run in the Live Bookmarks page |
|
46 or PDF viewer |
|
47 * CVE-2018-5173 (bmo#1438025) |
|
48 File name spoofing of Downloads panel with Unicode characters |
|
49 * CVE-2018-5174 (bmo#1447080) (Windows-only) |
|
50 Windows Defender SmartScreen UI runs with less secure behavior |
|
51 for downloaded files in Windows 10 April 2018 Update |
|
52 * CVE-2018-5175 (bmo#1432358) |
|
53 Universal CSP bypass on sites using strict-dynamic in their policies |
|
54 * CVE-2018-5176 (bmo#1442840) |
|
55 JSON Viewer script injection |
|
56 * CVE-2018-5177 (bmo#1451908) |
|
57 Buffer overflow in XSLT during number formatting |
|
58 * CVE-2018-5165 (bmo#1451452) |
|
59 Checkbox for enabling Flash protected mode is inverted in 32-bit |
|
60 Firefox |
|
61 * CVE-2018-5180 (bmo#1444086) |
|
62 heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced |
|
63 * CVE-2018-5181 (bmo#1424107) |
|
64 Local file can be displayed in noopener tab through drag and |
|
65 drop of hyperlink |
|
66 * CVE-2018-5182 (bmo#1435908) |
|
67 Local file can be displayed from hyperlink dragged and dropped |
|
68 on addressbar |
|
69 * CVE-2018-5151 |
|
70 Memory safety bugs fixed in Firefox 60 |
|
71 * CVE-2018-5150 |
|
72 Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 |
5 - removed obsolete patches |
73 - removed obsolete patches |
6 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch |
74 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch |
|
75 mozilla-bmo1005535.patch |
7 - requires NSPR 4.19 and NSS 3.36.1 |
76 - requires NSPR 4.19 and NSS 3.36.1 |
8 |
77 - requires rust 1.24 or higher |
9 ------------------------------------------------------------------- |
78 - use upstream source archive and detached signature for |
10 Tue May 1 18:45:02 UTC 2018 - astieger@suse.com |
79 source verification |
11 |
80 |
|
81 ------------------------------------------------------------------- |
|
82 Thu May 3 14:33:37 UTC 2018 - guillaume.gardet@opensuse.org |
|
83 |
|
84 - Fix armv7 build by: |
|
85 * adding RUSTFLAGS="-Cdebuginfo=0" |
|
86 * updating _constraints for %arm |
|
87 |
|
88 ------------------------------------------------------------------- |
|
89 Wed May 2 20:46:37 UTC 2018 - wr@rosenauer.org |
|
90 |
|
91 - do not try CSD on kwin (boo#1091592) |
12 - fix build in openSUSE:Leap:42.3:Update, use gcc7 |
92 - fix build in openSUSE:Leap:42.3:Update, use gcc7 |
13 |
93 |
14 ------------------------------------------------------------------- |
94 ------------------------------------------------------------------- |
15 Tue May 1 14:26:24 UTC 2018 - astieger@suse.com |
95 Tue May 1 14:26:24 UTC 2018 - astieger@suse.com |
16 |
96 |