--- a/MozillaFirefox/MozillaFirefox.changes Sat Jan 20 21:27:34 2018 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Fri Feb 09 13:28:07 2018 +0100
@@ -1,10 +1,108 @@
-------------------------------------------------------------------
-Wed Jan 10 21:39:09 UTC 2018 - wr@rosenauer.org
-
-- update to Firefox 58.0b15
+Fri Feb 9 12:23:34 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 59.0b8
+- requires NSPR 4.18 and NSS 3.35
+- requires rust >= 1.22.1
+
+-------------------------------------------------------------------
+Fri Feb 9 12:06:31 UTC 2018 - wr@rosenauer.org
+
+- correct requires and provides handling (boo#1076907)
+
+-------------------------------------------------------------------
+Tue Feb 6 07:03:42 UTC 2018 - fstrba@suse.com
+
+- Added patch:
+ * mozilla-alsa-sandbox.patch: Fix bmo#1430274, ALSA sound (still
+ or again?) not working in Firefox 58 due to sandboxing.
+
+-------------------------------------------------------------------
+Mon Jan 29 22:32:21 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 58.0.1
+ MFSA 2018-05
+ * Arbitrary code execution through unsanitized browser UI (bmo#1432966)
+- use correct language packs
+- readd mozilla-enable-csd.patch as it only lands for FF59 upstream
+- allow larger number of nested elements (mozilla-bmo256180.patch)
+
+-------------------------------------------------------------------
+Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 58.0 (bsc#1077291)
* Added Nepali (ne-NP) locale
* Added support for form autofill for credit card
* Optimize page load by caching JavaScript internal representation
+ MFSA 2018-02
+ * CVE-2018-5091 (bmo#1423086)
+ Use-after-free with DTMF timers
+ * CVE-2018-5092 (bmo#1418074)
+ Use-after-free in Web Workers
+ * CVE-2018-5093 (bmo#1415291)
+ Buffer overflow in WebAssembly during Memory/Table resizing
+ * CVE-2018-5094 (bmo#1415883)
+ Buffer overflow in WebAssembly with garbage collection on
+ uninitialized memory
+ * CVE-2018-5095 (bmo#1418447)
+ Integer overflow in Skia library during edge builder allocation
+ * CVE-2018-5097 (bmo#1387427)
+ Use-after-free when source document is manipulated during XSLT
+ * CVE-2018-5098 (bmo#1399400)
+ Use-after-free while manipulating form input elements
+ * CVE-2018-5099 (bmo#1416878)
+ Use-after-free with widget listener
+ * CVE-2018-5100 (bmo#1417405)
+ Use-after-free when IsPotentiallyScrollable arguments are freed
+ from memory
+ * CVE-2018-5101 (bmo#1417661)
+ Use-after-free with floating first-letter style elements
+ * CVE-2018-5102 (bmo#1419363)
+ Use-after-free in HTML media elements
+ * CVE-2018-5103 (bmo#1423159)
+ Use-after-free during mouse event handling
+ * CVE-2018-5104 (bmo#1425000)
+ Use-after-free during font face manipulation
+ * CVE-2018-5105 (bmo#1390882)
+ WebExtensions can save and execute files on local file system
+ without user prompts
+ * CVE-2018-5106 (bmo#1408708)
+ Developer Tools can expose style editor information cross-origin
+ through service worker
+ * CVE-2018-5107 (bmo#1379276)
+ Printing process will follow symlinks for local file access
+ * CVE-2018-5108 (bmo#1421099)
+ Manually entered blob URL can be accessed by subsequent private browsing tabs
+ * CVE-2018-5109 (bmo#1405599)
+ Audio capture prompts and starts with incorrect origin attribution
+ * CVE-2018-5110 (bmo#1423275) (affects only OS X)
+ Cursor can be made invisible on OS X
+ * CVE-2018-5111 (bmo#1321619)
+ URL spoofing in addressbar through drag and drop
+ * CVE-2018-5112 (bmo#1425224)
+ Extension development tools panel can open a non-relative URL in the panel
+ * CVE-2018-5113 (bmo#1425267)
+ WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
+ * CVE-2018-5114 (bmo#1421324)
+ The old value of a cookie changed to HttpOnly remains accessible to scripts
+ * CVE-2018-5115 (bmo#1409449)
+ Background network requests can open HTTP authentication in unrelated foreground tabs
+ * CVE-2018-5116 (bmo#1396399)
+ WebExtension ActiveTab permission allows cross-origin frame content access
+ * CVE-2018-5117 (bmo#1395508)
+ URL spoofing with right-to-left text aligned left-to-right
+ * CVE-2018-5118 (bmo#1420049)
+ Activity Stream images can attempt to load local content through file:
+ * CVE-2018-5119 (bmo#1420507)
+ Reader view will load cross-origin content in violation of CORS headers
+ * CVE-2018-5121 (bmo#1402368) (affects only OS X)
+ OS X Tibetan characters render incompletely in the addressbar
+ * CVE-2018-5122 (bmo#1413841)
+ Potential integer overflow in DoCrypt
+ * CVE-2018-5090
+ Memory safety bugs fixed in Firefox 58
+ * CVE-2018-5089
+ Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
- requires NSS 3.34.1
- requires rust 1.21
- removed obsolete patches: