diff -r 52b1745787cf -r d6a688186de0 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Nov 25 08:41:45 2019 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Wed Dec 18 02:16:48 2019 +0100 @@ -1,7 +1,36 @@ ------------------------------------------------------------------- -Tue Nov 19 09:30:19 UTC 2019 - Wolfgang Rosenauer - -- Mozilla Firefox 71.0b11 +Mon Dec 2 08:24:05 UTC 2019 - Wolfgang Rosenauer + +- Mozilla Firefox 71.0 + * Improvements to Lockwise, our integrated password manager + * More information about Enhanced Tracking Protection in action + * Native MP3 decoding on Windows, Linux, and macOS + * Configuration page (about:config) reimplemented in HTML + * New kiosk mode functionality, which allows maximum screen space + for customer-facing displays + MFSA 2019-36 + * CVE-2019-11756 (bmo#1508776) + Use-after-free of SFTKSession object + * CVE-2019-17008 (bmo#1546331) + Use-after-free in worker destruction + * CVE-2019-13722 (bmo#1580156) (Windows only) + Stack corruption due to incorrect number of arguments in WebRTC code + * CVE-2019-17014 (bmo#1322864) + Dragging and dropping a cross-origin resource, incorrectly loaded + as an image, could result in information disclosure + * CVE-2019-17010 (bmo#1581084) + Use-after-free when performing device orientation checks + * CVE-2019-17005 (bmo#1584170) + Buffer overflow in plain text serializer + * CVE-2019-17011 (bmo#1591334) + Use-after-free when retrieving a document in antitracking + * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209 + bmo#1580288, bmo#1585760, bmo#1592502) + Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 + * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937 + bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865 + bmo#1594181) + Memory safety bugs fixed in Firefox 71 - requires NSPR >= 4.23 NSS >= 3.47.1 @@ -12,6 +41,13 @@ - removed obsolete patches mozilla-bmo1511604.patch mozilla-openaes-decl.patch +- changed locale building procedure + * removed obsolete compare-locales.tar.xz +- added mozilla-gcc9-lto.patch to fix LTO builds with gcc9 but also + switched from gcc to clang for now since gcc builds are broken + in some ways (bmo#1601707, boo#1158466) +- added mozilla-bmo849632.patch to fix big endian issues in skia + used for WebGL ------------------------------------------------------------------- Fri Nov 1 14:16:39 UTC 2019 - Wolfgang Rosenauer