Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox60
changeset 1047 847ae61baab6
parent 1046 75893a3d8fbe
child 1048 a6a2360bc1bd 
--- a/MozillaFirefox/MozillaFirefox.changes	Wed May 02 09:28:53 2018 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Wed May 09 22:06:26 2018 +0200
@@ -1,14 +1,94 @@
 -------------------------------------------------------------------
-Tue May  1 20:50:14 UTC 2018 - wr@rosenauer.org
-
-- update to Firefox 60.0b16
+Mon May  7 08:32:28 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 60.0
+  * Added a policy engine that allows customized Firefox deployments
+    in enterprise environments, using Windows Group Policy or a
+    cross-platform JSON file
+  * Applied Quantum CSS to render browser UI
+  * Added support for Web Authentication, allowing the use of USB
+    tokens for authentication to web sites
+  * Locale added: Occitan (oc)
+  MFSA 2018-11 (bsc#1092548)
+  * CVE-2018-5154 (bmo#1443092)
+    Use-after-free with SVG animations and clip paths
+  * CVE-2018-5155 (bmo#1448774)
+    Use-after-free with SVG animations and text paths
+  * CVE-2018-5157 (bmo#1449898)
+    Same-origin bypass of PDF Viewer to view protected PDF files
+  * CVE-2018-5158 (bmo#1452075)
+    Malicious PDF can inject JavaScript into PDF Viewer
+  * CVE-2018-5159 (bmo#1441941)
+    Integer overflow and out-of-bounds write in Skia
+  * CVE-2018-5160 (bmo#1436117)
+    Uninitialized memory use by WebRTC encoder
+  * CVE-2018-5152 (bmo#1415644, bmo#1427289)
+    WebExtensions information leak through webRequest API
+  * CVE-2018-5153 (bmo#1436809)
+    Out-of-bounds read in mixed content websocket messages
+  * CVE-2018-5163 (bmo#1426353)
+    Replacing cached data in JavaScript Start-up Bytecode Cache
+  * CVE-2018-5164 (bmo#1416045)
+    CSP not applied to all multipart content sent with
+    multipart/x-mixed-replace
+  * CVE-2018-5166 (bmo#1437325)
+    WebExtension host permission bypass through filterReponseData
+  * CVE-2018-5167 (bmo#1447969)
+    Improper linkification of chrome: and javascript: content in
+    web console and JavaScript debugger
+  * CVE-2018-5168 (bmo#1449548)
+    Lightweight themes can be installed without user interaction
+  * CVE-2018-5169 (bmo#1319157)
+    Dragging and dropping link text onto home button can set home page
+    to include chrome pages
+  * CVE-2018-5172 (bmo#1436482)
+    Pasted script from clipboard can run in the Live Bookmarks page
+    or PDF viewer
+  * CVE-2018-5173 (bmo#1438025)
+    File name spoofing of Downloads panel with Unicode characters
+  * CVE-2018-5174 (bmo#1447080) (Windows-only)
+    Windows Defender SmartScreen UI runs with less secure behavior
+    for downloaded files in Windows 10 April 2018 Update
+  * CVE-2018-5175 (bmo#1432358)
+    Universal CSP bypass on sites using strict-dynamic in their policies
+  * CVE-2018-5176 (bmo#1442840)
+    JSON Viewer script injection
+  * CVE-2018-5177 (bmo#1451908)
+    Buffer overflow in XSLT during number formatting
+  * CVE-2018-5165 (bmo#1451452)
+    Checkbox for enabling Flash protected mode is inverted in 32-bit
+    Firefox
+  * CVE-2018-5180 (bmo#1444086)
+    heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
+  * CVE-2018-5181 (bmo#1424107)
+    Local file can be displayed in noopener tab through drag and
+    drop of hyperlink
+  * CVE-2018-5182 (bmo#1435908)
+    Local file can be displayed from hyperlink dragged and dropped
+    on addressbar
+  * CVE-2018-5151
+    Memory safety bugs fixed in Firefox 60
+  * CVE-2018-5150
+    Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
 - removed obsolete patches
   0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
+  mozilla-bmo1005535.patch
 - requires NSPR 4.19 and NSS 3.36.1
-
--------------------------------------------------------------------
-Tue May  1 18:45:02 UTC 2018 - astieger@suse.com
-
+- requires rust 1.24 or higher
+- use upstream source archive and detached signature for
+  source verification
+
+-------------------------------------------------------------------
+Thu May  3 14:33:37 UTC 2018 - guillaume.gardet@opensuse.org
+
+- Fix armv7 build by:
+  * adding RUSTFLAGS="-Cdebuginfo=0"
+  * updating _constraints for %arm
+
+-------------------------------------------------------------------
+Wed May  2 20:46:37 UTC 2018 - wr@rosenauer.org
+
+- do not try CSD on kwin (boo#1091592)
 - fix build in openSUSE:Leap:42.3:Update, use gcc7
 
 -------------------------------------------------------------------
mozilla