# HG changeset patch # User Wolfgang Rosenauer # Date 1540106848 -7200 # Node ID 63a32fb3b602e99314bbecdc9de44b35d45a7f12 # Parent 18f97bd2c2bf07072f9e92e496b3c5e023e2606b# Parent 84c1339de2590613b9d386448faa0020a79657a8 merge from firefox62 and prepare for 63beta diff -r 18f97bd2c2bf -r 63a32fb3b602 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Aug 25 18:07:14 2018 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Sun Oct 21 09:27:28 2018 +0200 @@ -1,9 +1,81 @@ ------------------------------------------------------------------- -Sat Aug 25 15:56:51 UTC 2018 - wr@rosenauer.org - -- update to Firefox 62.0b20 +Sun Oct 21 07:24:17 UTC 2018 - wr@rosenauer.org + +- update to Firefox 63.0b14 + +------------------------------------------------------------------- +Tue Oct 2 21:28:31 UTC 2018 - astieger@suse.com + +- Mozilla Firefox 62.0.3: + MFSA 2018-24 + * CVE-2018-12386 (bsc#1110506, bmo#1493900) + Type confusion in JavaScript allowed remote code execution + * CVE-2018-12387 (bsc#1110507, bmo#1493903) + Array.prototype.push stack pointer vulnerability may enable + exploits in the sandboxed content process + +------------------------------------------------------------------- +Sat Sep 22 09:03:53 UTC 2018 - astieger@suse.com + +- Mozilla Firefox 62.0.2: + MFSA 2018-22 + * CVE-2018-12385 (boo#1109363, bmo#1490585) + Crash in TransportSecurityInfo due to cached data + * Unvisited bookmarks can once again be autofilled in the address + bar + * Fix WebGL rendering issues + * Fix fallback on startup when a language pack is missing + * Avoid crash when sharing a profile with newer (as yet + unreleased) versions of Firefox + * Do not undo removal of search engines when using a language + pack + * Fixed rendering of some web sites + * Restored compatibility with some sites using deprecated TLS + settings +- disable rust debug symbols to fix build on %ix86 + +------------------------------------------------------------------- +Mon Sep 3 10:47:43 UTC 2018 - wr@rosenauer.org + +- update to Firefox 62.0 + * Firefox Home (the default New Tab) now allows users to display + up to 4 rows of top sites, Pocket stories, and highlights + * "Reopen in Container" tab menu option appears for users with + Containers that lets them choose to reopen a tab in a different + container + * In advance of removing all trust for Symantec-issued certificates + in Firefox 63, a preference was added that allows users to distrust + certificates issued by Symantec. To use this preference, go to + about:config in the address bar and set the preference + "security.pki.distrust_ca_policy" to 2. + * Support for CSS Shapes, allowing for richer web page layouts. + This goes hand in hand with a brand new Shape Path Editor in the + CSS inspector. + * CSS Variable Fonts (OpenType Font Variations) support, which makes + it possible to create beautiful typography with a single font file + * Added Canadian English (en-CA) locale + MFSA 2018-20 (bsc#1107343) + * CVE-2018-12377 (bmo#1470260) + Use-after-free in refresh driver timers + * CVE-2018-12378 (bmo#1459383) + Use-after-free in IndexedDB + * CVE-2018-12379 (bmo#1473113) (updater is disabled for us) + Out-of-bounds write with malicious MAR file + * CVE-2017-16541 (bmo#1412081) + Proxy bypass using automount and autofs + * CVE-2018-12381 (bmo#1435319) + Dragging and dropping Outlook email message results in page navigation + * CVE-2018-12382 (bmo#1479311) (Android only) + Addressbar spoofing with javascript URI on Firefox for Android + * CVE-2018-12383 (bmo#1475775) + Setting a master password post-Firefox 58 does not delete + unencrypted previously stored passwords + * CVE-2018-12375 + Memory safety bugs fixed in Firefox 62 + * CVE-2018-12376 + Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 - requires NSS >= 3.38 -- removed obsolete patches +- removed obsolete patch mozilla-bmo1464766.patch ------------------------------------------------------------------- diff -r 18f97bd2c2bf -r 63a32fb3b602 MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Sat Aug 25 18:07:14 2018 +0200 +++ b/MozillaFirefox/MozillaFirefox.spec Sun Oct 21 09:27:28 2018 +0200 @@ -18,13 +18,13 @@ # changed with every update -%define major 61 +%define major 62 %define mainver %major.99 -%define orig_version 62.0 -%define orig_suffix b20 +%define orig_version 63.0 +%define orig_suffix b14 %define update_channel beta %define branding 1 -%define releasedate 20180823143155 +%define releasedate 20181011200118 %define source_prefix firefox-%{orig_version} # PIE, full relro (x86_64 for now) @@ -345,11 +345,15 @@ %if 0%{?suse_version} > 1320 ac_add_options --enable-optimize="-g -O2" %endif -%ifarch %ix86 %arm +%ifarch %arm %if 0%{?suse_version} > 1230 ac_add_options --disable-optimize %endif %endif +# bmo#1441155 - Disable the generation of Rust debug symbols on Linux32 +%ifarch %ix86 +ac_add_options --disable-debug-symbols +%endif %ifarch %arm ac_add_options --disable-elf-hack %endif diff -r 18f97bd2c2bf -r 63a32fb3b602 MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Sat Aug 25 18:07:14 2018 +0200 +++ b/MozillaFirefox/create-tar.sh Sun Oct 21 09:27:28 2018 +0200 @@ -7,9 +7,9 @@ CHANNEL="beta" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_62_0b20_RELEASE" -VERSION="62.0" -VERSION_SUFFIX="b20" +RELEASE_TAG="FIREFOX_63_0b14_RELEASE" +VERSION="63.0" +VERSION_SUFFIX="b14" LOCALE_FILE="firefox-$VERSION/browser/locales/l10n-changesets.json" # check required tools diff -r 18f97bd2c2bf -r 63a32fb3b602 MozillaFirefox/source-stamp.txt --- a/MozillaFirefox/source-stamp.txt Sat Aug 25 18:07:14 2018 +0200 +++ b/MozillaFirefox/source-stamp.txt Sun Oct 21 09:27:28 2018 +0200 @@ -1,2 +1,2 @@ -REV=7fda8e538067 +REV=91955baf362b REPO=http://hg.mozilla.org/releases/mozilla-beta