1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Sun Oct 21 07:24:17 UTC 2018 - wr@rosenauer.org |
2 Tue Mar 5 10:17:01 UTC 2019 - Stephan Kulow <coolo@suse.com> |
3 |
3 |
4 - update to Firefox 63.0b14 |
4 - Do not hardcode nodejs8 but leave the prefer to the distribution |
|
5 (Tumbleweed staging wants to switch to nodejs10) |
|
6 |
|
7 ------------------------------------------------------------------- |
|
8 Fri Feb 15 13:45:57 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
9 |
|
10 - Update _constraints to avoid 'no space left' error seen on aarch64 |
|
11 |
|
12 ------------------------------------------------------------------- |
|
13 Wed Feb 13 07:17:28 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
14 |
|
15 - Mozilla Firefox 65.0.1 |
|
16 * Fixed accidental requests to addons.mozilla.org when an addon |
|
17 recommendation doorhanger is shown (bmo#1526387) |
|
18 * Improved playback of interactive Netflix videos (bmo#1524500) |
|
19 * Fixed incorrect sizing of the "Clear Recent History" window in |
|
20 some situations (bmo#1523696) |
|
21 * Fixed audio & video delays while making WebRTC calls |
|
22 (bmo#1521577, bmo#1523817) |
|
23 * Fixed video sizing problems during some WebRTC calls (bmo#1520200) |
|
24 * Fixed looping CONNECT requests when using WebSockets over HTTP/2 |
|
25 from behind a proxy server (bmo#1523427) |
|
26 * Fixed the "Enter" key not working on password entry fields for |
|
27 certain Linux distributions (bmo#1523635) |
|
28 MFSA 2019-04 (bsc#1125330) |
|
29 * CVE-2018-18356 bmo#1525817 |
|
30 Use-after-free in Skia |
|
31 * CVE-2019-5785 bmo#1525433 |
|
32 Integer overflow in Skia |
|
33 * CVE-2018-18511 bmo#1526218 |
|
34 Cross-origin theft of images with ImageBitmapRenderingContext |
|
35 |
|
36 ------------------------------------------------------------------- |
|
37 Wed Feb 13 06:12:43 UTC 2019 - Martin Liška <mliska@suse.cz> |
|
38 |
|
39 - Enable LTO only for latest new toolchain (boo#1125038) for x86_64 |
|
40 (with increased memory constraints) |
|
41 |
|
42 ------------------------------------------------------------------- |
|
43 Sat Jan 26 22:37:01 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
44 |
|
45 - Mozilla Firefox 65.0 |
|
46 * Enhanced tracking protection |
|
47 * allow switching of UI locales within preferences |
|
48 * support for the WebP image format |
|
49 * "top"-like about:performance |
|
50 MFSA 2019-01 (bsc#1122983) |
|
51 * CVE-2018-18500 bmo#1510114 |
|
52 Use-after-free parsing HTML5 stream |
|
53 * CVE-2018-18503 bmo#1509442 |
|
54 Memory corruption with Audio Buffer |
|
55 * CVE-2018-18504 bmo#1496413 |
|
56 Memory corruption and out-of-bounds read of texture client |
|
57 * CVE-2018-18505 bmo#1497749 |
|
58 Privilege escalation through IPC channel messages |
|
59 * CVE-2018-18506 bmo#1503393 |
|
60 Proxy Auto-Configuration file can define localhost access to be proxied |
|
61 * CVE-2018-18502 bmo#1499426 bmo#1480090 bmo#1472990 bmo#1514762 |
|
62 bmo#1501482 bmo#1505887 bmo#1508102 bmo#1508618 bmo#1511580 |
|
63 bmo#1493497 bmo#1510145 bmo#1516289 bmo#1506798 bmo#1512758 |
|
64 Memory safety bugs fixed in Firefox 65 |
|
65 * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619 |
|
66 bmo#1502871 bmo#1516738 bmo#1516514 |
|
67 Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 |
|
68 - requires |
|
69 NSS 3.41 |
|
70 rust/carge 1.30 |
|
71 rust-cbindgen 0.6.7 |
|
72 - rebased patches |
|
73 - remove workaround for build memory consumption on i586; other |
|
74 mitigations meanwhile introduced (mainly parallelity) will be |
|
75 sufficient |
|
76 mozilla-reduce-files-per-UnifiedBindings.patch |
|
77 |
|
78 ------------------------------------------------------------------- |
|
79 Tue Jan 15 14:32:03 UTC 2019 - Martin Liška <mliska@suse.cz> |
|
80 |
|
81 - Increase disk constraint. |
|
82 |
|
83 ------------------------------------------------------------------- |
|
84 Mon Jan 14 12:12:12 UTC 2019 - Martin Liška <mliska@suse.cz> |
|
85 |
|
86 - Remove -v from mach build in order to work-around bmo#1500436. |
|
87 |
|
88 ------------------------------------------------------------------- |
|
89 Fri Jan 11 15:07:14 UTC 2019 - Martin Liška <mliska@suse.cz> |
|
90 |
|
91 - Set %clang_build to false on all architectures |
|
92 - Do not use -fno-delete-null-pointer-checks and -fno-strict-aliasing: |
|
93 it should not be needed anymore |
|
94 - Do not overwrite enable-optimize and when possible |
|
95 enable --enable-debug-symbols. |
|
96 - Add -v to mach in order to make build verbose. |
|
97 |
|
98 ------------------------------------------------------------------- |
|
99 Wed Jan 9 22:40:14 UTC 2019 - astieger@suse.com |
|
100 |
|
101 - Mozilla Firefox 64.0.2: |
|
102 * Update the Japanese translation for missing strings (bmo#1513259) |
|
103 * Properly restore column sizes in developer tools inspector (bmo#1503175) |
|
104 * Fixed video stuttering on Youtube (bmo#1513511) |
|
105 * Fix updates for some lightweight themes (bmo#1508777) |
|
106 |
|
107 ------------------------------------------------------------------- |
|
108 Tue Dec 18 14:46:41 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
109 |
|
110 - Enable build_hardened for all architectures |
|
111 - Switch back aarch64 to clang as '-fPIC' fixes bmo#1513605 |
|
112 - Remove obolete '--enable-pie' as -pie is always enabled for |
|
113 gcc and clang |
|
114 |
|
115 ------------------------------------------------------------------- |
|
116 Wed Dec 12 17:33:29 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
117 |
|
118 - Switch aarch64 builds back to gcc, not clang (bmo#1513605) |
|
119 - Switch %arm builds back to gcc, not clang to avoid OOM |
|
120 - Fix build flags when clang is not used |
|
121 - Fix flags for clang ppc64 builds |
|
122 |
|
123 ------------------------------------------------------------------- |
|
124 Tue Dec 11 08:45:56 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
125 |
|
126 - update to Firefox 64.0 |
|
127 * Better recommendations: You may see suggestions in regular browsing |
|
128 mode for new and relevant Firefox features, services, and extensions |
|
129 based on how you use the web (for US users only) |
|
130 * Enhanced tab management: You can now select multiple tabs from the |
|
131 tab bar and close, move, bookmark, or pin them quickly and easily |
|
132 * Easier performance management: The new Task Manager page found at |
|
133 about:performance lets you see how much energy each open tab consumes |
|
134 and provides access to close tabs to conserve power |
|
135 * Improved performance for Mac and Linux users, by enabling link time |
|
136 optimization (Clang LTO). |
|
137 * Added option to remove add-ons using the context menu on their |
|
138 toolbar buttons |
|
139 * RSS feed preview and live bookmarks are available only via add-ons |
|
140 * TLS certificates issued by Symantec are no longer trusted by Firefox. |
|
141 Website operators are strongly encouraged to replace any remaining |
|
142 Symantec TLS certificates as soon as possible |
|
143 MFSA 2018-29 (bsc#1119105) |
|
144 * CVE-2018-12407 bmo#1505973 |
|
145 Buffer overflow with ANGLE library when using VertexBuffer11 module |
|
146 * CVE-2018-17466 bmo#1488295 |
|
147 Buffer overflow and out-of-bounds read in ANGLE library with |
|
148 TextureStorage11 |
|
149 * CVE-2018-18492 bmo#1499861 |
|
150 Use-after-free with select element |
|
151 * CVE-2018-18493 bmo#1504452 |
|
152 Buffer overflow in accelerated 2D canvas with Skia |
|
153 * CVE-2018-18494 bmo#1487964 |
|
154 Same-origin policy violation using location attribute and |
|
155 performance.getEntries to steal cross-origin URLs |
|
156 * CVE-2018-18495 bmo#1427585 |
|
157 WebExtension content scripts can be loaded in about: pages |
|
158 * CVE-2018-18496 bmo#1422231 (Windows only) |
|
159 Embedded feed preview page can be abused for clickjacking |
|
160 * CVE-2018-18497 bmo#1488180 |
|
161 WebExtensions can load arbitrary URLs through pipe separators |
|
162 * CVE-2018-18498 bmo#1500011 |
|
163 Integer overflow when calculating buffer sizes for images |
|
164 * CVE-2018-12406 bmo#1456947 bmo#1475669 bmo#1504816 bmo#1502886 |
|
165 bmo#1500064 bmo#1500310 bmo#1500696 bmo#1498765 bmo#1499198 bmo#1434490 |
|
166 bmo#1481745 bmo#1458129 |
|
167 Memory safety bugs fixed in Firefox 64 |
|
168 * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759 |
|
169 bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471 |
|
170 Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 |
|
171 - requires |
|
172 * rust/cargo >= 1.29 |
|
173 * mozilla-nss >= 3.40.1 |
|
174 * rust-cbindgen >= 0.6.4 |
|
175 - rebased patches |
|
176 - removed obsolete patch |
|
177 * mozilla-bmo1491289.patch |
|
178 - now uses clang primarily for compilation |
|
179 |
|
180 ------------------------------------------------------------------- |
|
181 Wed Nov 28 11:07:18 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
182 |
|
183 - Remove --disable-elf-hack when not available: on aarch64 and ppc64* |
|
184 |
|
185 ------------------------------------------------------------------- |
|
186 Mon Nov 26 09:46:02 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
187 |
|
188 - Clean-up %arm build |
|
189 |
|
190 ------------------------------------------------------------------- |
|
191 Sun Nov 18 11:01:21 UTC 2018 - manfred.h@gmx.net |
|
192 |
|
193 - update to Firefox 63.0.3 |
|
194 * Games using WebGL (created in Unity) get stuck after very short |
|
195 time of gameplay (bmo#1502748) |
|
196 * Slow page loading for some users with specific proxy configurations |
|
197 (bmo#1495024) |
|
198 * Disable HTTP response throttling by default for causing bugs with |
|
199 videos in background tabs (bmo#1503354) |
|
200 * Opening magnet links no longer works (bmo#1498934) |
|
201 * Crash fixes (bmo#1498510, bmo#1503424) |
|
202 - removed mozilla-newer-cbindgen.patch; no longer needed |
|
203 |
|
204 ------------------------------------------------------------------- |
|
205 Thu Nov 8 14:59:13 UTC 2018 - wr@rosenauer.org |
|
206 |
|
207 - update to Firefox 63.0.1 |
|
208 * Snippets are not loaded due to missing element (bmo#1503047) |
|
209 * Print preview always shows 30& scale when it is actually |
|
210 Shrink To Fit (bmo#1501952) |
|
211 * Dialog displayed when closing multiple windows shows unreplaced |
|
212 %1$S placeholder in Japanese and potentially other locales |
|
213 (bmo#1500823) |
|
214 |
|
215 ------------------------------------------------------------------- |
|
216 Mon Oct 29 14:07:51 UTC 2018 - wr@rosenauer.org |
|
217 |
|
218 - update to Firefox 63.0 |
5 * WebExtensions now run in their own process on Linux |
219 * WebExtensions now run in their own process on Linux |
6 * The Ctrl+Tab shortcut now displays thumbnail previews of your |
220 * The Ctrl+Tab shortcut now displays thumbnail previews of your |
7 tabs and cycles through tabs in recently used order. This new |
221 tabs and cycles through tabs in recently used order. This new |
8 default behavior is activated only in new profiles and can be |
222 default behavior is activated only in new profiles and can be |
9 changed in preferences. |
223 changed in preferences. |
10 * Added support for Web Components custom elements and shadow DOM |
224 * Added support for Web Components custom elements and shadow DOM |
|
225 MFSA 2018-26 (bsc#1112852) |
|
226 * CVE-2018-12391 (bmo#1478843) (Android-only) |
|
227 HTTP Live Stream audio data is accessible cross-origin |
|
228 * CVE-2018-12392 (bmo#1492823) |
|
229 Crash with nested event loops |
|
230 * CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs) |
|
231 Integer overflow during Unicode conversion while loading JavaScript |
|
232 * CVE-2018-12395 (bmo#1467523) |
|
233 WebExtension bypass of domain restrictions through header rewriting |
|
234 * CVE-2018-12396 (bmo#1483602) |
|
235 WebExtension content scripts can execute in disallowed contexts |
|
236 * CVE-2018-12397 (bmo#1487478) |
|
237 Missing warning prompt when WebExtension requests local file access |
|
238 * CVE-2018-12398 (bmo#1460538, bmo#1488061) |
|
239 CSP bypass through stylesheet injection in resource URIs |
|
240 * CVE-2018-12399 (bmo#1490276) |
|
241 Spoofing of protocol registration notification bar |
|
242 * CVE-2018-12400 (bmo#1448305) (Android only) |
|
243 Favicons are cached in private browsing mode on Firefox for Android |
|
244 * CVE-2018-12401 (bmo#1422456) |
|
245 DOS attack through special resource URI parsing |
|
246 * CVE-2018-12402 (bmo#1469916) |
|
247 SameSite cookies leak when pages are explicitly saved |
|
248 * CVE-2018-12403 (bmo#1484753) |
|
249 Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP |
|
250 * CVE-2018-12388 (bmo#1472639, bmo#1485698, bmo#1301547, bmo#1471427, |
|
251 bmo#1379411, bmo#1482122, bmo#1486314, bmo#1487167) |
|
252 Memory safety bugs fixed in Firefox 63 |
|
253 * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159, |
|
254 bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803, |
|
255 bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699, |
|
256 bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844) |
|
257 Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 |
11 - requires NSPR 4.20, NSS 3.39 and Rust 1.28 |
258 - requires NSPR 4.20, NSS 3.39 and Rust 1.28 |
|
259 - latest rust does not provide rust-std so stop requiring it |
|
260 - requires rust-cbindgen >= 0.6.2 to build |
|
261 - requires nodejs >= 8.11 to build |
|
262 - added mozilla-bmo1491289.patch to fix system NSS build (bmo#1491289) |
|
263 - added mozilla-cubeb-noreturn.patch to fix non-return function |
|
264 - added mozilla-newer-cbindgen.patch to fix build with cbindgen 0.6.7 |
|
265 - disable elfhack for TW and newer due to build errors |
|
266 - removed obsolete patches |
|
267 * mozilla-no-return.patch |
|
268 * mozilla-no-stdcxx-check.patch |
|
269 |
|
270 ------------------------------------------------------------------- |
|
271 Thu Oct 25 14:39:04 UTC 2018 - guillaume.gardet@opensuse.org |
|
272 |
|
273 - Update _constraints for armv6/7 |
|
274 |
|
275 ------------------------------------------------------------------- |
|
276 Thu Oct 25 08:50:24 UTC 2018 - guillaume.gardet@opensuse.org |
|
277 |
|
278 - Add patch to fix build on armv7: |
|
279 * mozilla-bmo1463035.patch |
12 |
280 |
13 ------------------------------------------------------------------- |
281 ------------------------------------------------------------------- |
14 Tue Oct 2 21:28:31 UTC 2018 - astieger@suse.com |
282 Tue Oct 2 21:28:31 UTC 2018 - astieger@suse.com |
15 |
283 |
16 - Mozilla Firefox 62.0.3: |
284 - Mozilla Firefox 62.0.3: |