1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Tue May 1 20:50:14 UTC 2018 - wr@rosenauer.org |
2 Thu Jun 7 12:11:06 UTC 2018 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 60.0b16 |
4 - update to Firefox 60.0.2 |
|
5 * requires NSS 3.36.4 |
|
6 MFSA 2018-14 (bsc#1096449) |
|
7 * CVE-2018-6126 (bmo#1462682) |
|
8 Heap buffer overflow rasterizing paths in SVG with Skia |
|
9 |
|
10 ------------------------------------------------------------------- |
|
11 Wed Jun 6 18:57:52 UTC 2018 - guillaume.gardet@opensuse.org |
|
12 |
|
13 - Add upstream patch to fix boo#1093059 instead of '-ffixed-x28' |
|
14 workaround: |
|
15 * mozilla-bmo1375074.patch |
|
16 |
|
17 ------------------------------------------------------------------- |
|
18 Sat May 26 15:53:25 UTC 2018 - wr@rosenauer.org |
|
19 |
|
20 - fixed "open with" option under KDE (boo#1094747) |
|
21 - workaround crash on startup on aarch64 (boo#1093059) |
|
22 (contributed by guillaume.gardet@arm.com) |
|
23 |
|
24 ------------------------------------------------------------------- |
|
25 Wed May 23 08:49:09 UTC 2018 - guillaume.gardet@opensuse.org |
|
26 |
|
27 - Disable webrtc for aarch64 due to bmo#1434589 |
|
28 - Add patch to fix skia build on AArch64: |
|
29 * mozilla-fix-skia-aarch64.patch |
|
30 |
|
31 ------------------------------------------------------------------- |
|
32 Thu May 17 14:01:18 UTC 2018 - wr@rosenauer.org |
|
33 |
|
34 - update to Firefox 60.0.1 |
|
35 * Avoid overly long cycle collector pauses with some add-ons installed |
|
36 (bmo#1449033) |
|
37 * After unckecking the "Sponsored Stories" option, the New Tab page |
|
38 now immediately stops displaying "Sponsored content" cards (bmo#1458906) |
|
39 * On touchscreen devices, fixed momentum scrolling on non-zoomable pages |
|
40 (bmo#1457743) |
|
41 * Use the right default background when opening tabs or windows in |
|
42 high contrast mode (bmo#1458956) |
|
43 * Restored translations of the Preferences panels when using a |
|
44 language pack (bmo#1461590) |
|
45 |
|
46 ------------------------------------------------------------------- |
|
47 Mon May 14 13:37:38 UTC 2018 - pcerny@suse.com |
|
48 |
|
49 - parellelise locales building |
|
50 |
|
51 ------------------------------------------------------------------- |
|
52 Mon May 7 08:32:28 UTC 2018 - wr@rosenauer.org |
|
53 |
|
54 - update to Firefox 60.0 |
|
55 * Added a policy engine that allows customized Firefox deployments |
|
56 in enterprise environments, using Windows Group Policy or a |
|
57 cross-platform JSON file |
|
58 * Applied Quantum CSS to render browser UI |
|
59 * Added support for Web Authentication, allowing the use of USB |
|
60 tokens for authentication to web sites |
|
61 * Locale added: Occitan (oc) |
|
62 MFSA 2018-11 (bsc#1092548) |
|
63 * CVE-2018-5154 (bmo#1443092) |
|
64 Use-after-free with SVG animations and clip paths |
|
65 * CVE-2018-5155 (bmo#1448774) |
|
66 Use-after-free with SVG animations and text paths |
|
67 * CVE-2018-5157 (bmo#1449898) |
|
68 Same-origin bypass of PDF Viewer to view protected PDF files |
|
69 * CVE-2018-5158 (bmo#1452075) |
|
70 Malicious PDF can inject JavaScript into PDF Viewer |
|
71 * CVE-2018-5159 (bmo#1441941) |
|
72 Integer overflow and out-of-bounds write in Skia |
|
73 * CVE-2018-5160 (bmo#1436117) |
|
74 Uninitialized memory use by WebRTC encoder |
|
75 * CVE-2018-5152 (bmo#1415644, bmo#1427289) |
|
76 WebExtensions information leak through webRequest API |
|
77 * CVE-2018-5153 (bmo#1436809) |
|
78 Out-of-bounds read in mixed content websocket messages |
|
79 * CVE-2018-5163 (bmo#1426353) |
|
80 Replacing cached data in JavaScript Start-up Bytecode Cache |
|
81 * CVE-2018-5164 (bmo#1416045) |
|
82 CSP not applied to all multipart content sent with |
|
83 multipart/x-mixed-replace |
|
84 * CVE-2018-5166 (bmo#1437325) |
|
85 WebExtension host permission bypass through filterReponseData |
|
86 * CVE-2018-5167 (bmo#1447969) |
|
87 Improper linkification of chrome: and javascript: content in |
|
88 web console and JavaScript debugger |
|
89 * CVE-2018-5168 (bmo#1449548) |
|
90 Lightweight themes can be installed without user interaction |
|
91 * CVE-2018-5169 (bmo#1319157) |
|
92 Dragging and dropping link text onto home button can set home page |
|
93 to include chrome pages |
|
94 * CVE-2018-5172 (bmo#1436482) |
|
95 Pasted script from clipboard can run in the Live Bookmarks page |
|
96 or PDF viewer |
|
97 * CVE-2018-5173 (bmo#1438025) |
|
98 File name spoofing of Downloads panel with Unicode characters |
|
99 * CVE-2018-5174 (bmo#1447080) (Windows-only) |
|
100 Windows Defender SmartScreen UI runs with less secure behavior |
|
101 for downloaded files in Windows 10 April 2018 Update |
|
102 * CVE-2018-5175 (bmo#1432358) |
|
103 Universal CSP bypass on sites using strict-dynamic in their policies |
|
104 * CVE-2018-5176 (bmo#1442840) |
|
105 JSON Viewer script injection |
|
106 * CVE-2018-5177 (bmo#1451908) |
|
107 Buffer overflow in XSLT during number formatting |
|
108 * CVE-2018-5165 (bmo#1451452) |
|
109 Checkbox for enabling Flash protected mode is inverted in 32-bit |
|
110 Firefox |
|
111 * CVE-2018-5180 (bmo#1444086) |
|
112 heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced |
|
113 * CVE-2018-5181 (bmo#1424107) |
|
114 Local file can be displayed in noopener tab through drag and |
|
115 drop of hyperlink |
|
116 * CVE-2018-5182 (bmo#1435908) |
|
117 Local file can be displayed from hyperlink dragged and dropped |
|
118 on addressbar |
|
119 * CVE-2018-5151 |
|
120 Memory safety bugs fixed in Firefox 60 |
|
121 * CVE-2018-5150 |
|
122 Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 |
5 - removed obsolete patches |
123 - removed obsolete patches |
6 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch |
124 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch |
|
125 mozilla-bmo1005535.patch |
7 - requires NSPR 4.19 and NSS 3.36.1 |
126 - requires NSPR 4.19 and NSS 3.36.1 |
8 |
127 - requires rust 1.24 or higher |
9 ------------------------------------------------------------------- |
128 - use upstream source archive and detached signature for |
10 Tue May 1 18:45:02 UTC 2018 - astieger@suse.com |
129 source verification |
11 |
130 |
|
131 ------------------------------------------------------------------- |
|
132 Thu May 3 14:33:37 UTC 2018 - guillaume.gardet@opensuse.org |
|
133 |
|
134 - Fix armv7 build by: |
|
135 * adding RUSTFLAGS="-Cdebuginfo=0" |
|
136 * updating _constraints for %arm |
|
137 |
|
138 ------------------------------------------------------------------- |
|
139 Wed May 2 20:46:37 UTC 2018 - wr@rosenauer.org |
|
140 |
|
141 - do not try CSD on kwin (boo#1091592) |
12 - fix build in openSUSE:Leap:42.3:Update, use gcc7 |
142 - fix build in openSUSE:Leap:42.3:Update, use gcc7 |
13 |
143 |
14 ------------------------------------------------------------------- |
144 ------------------------------------------------------------------- |
15 Tue May 1 14:26:24 UTC 2018 - astieger@suse.com |
145 Tue May 1 14:26:24 UTC 2018 - astieger@suse.com |
16 |
146 |