# HG changeset patch # User Wolfgang Rosenauer # Date 1510863759 -3600 # Node ID 85bd01789b6f22d4697c93b2dc1bea8c1e0b8b13 # Parent 77c890186192a4d49829aed9f0cb0cfbc5e2156e Firefo 57.0 final release (incl. changelogs) diff -r 77c890186192 -r 85bd01789b6f MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Nov 11 10:08:36 2017 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Thu Nov 16 21:22:39 2017 +0100 @@ -1,15 +1,52 @@ ------------------------------------------------------------------- -Thu Nov 9 15:01:30 UTC 2017 - wr@rosenauer.org - -- update to Firefox 57.0b14 +Wed Nov 15 06:46:06 UTC 2017 - wr@rosenauer.org + +- update to Firefox 57.0 (boo#1068101) * Firefox Quantum * Photon UI + * Unified address and search bar * AMD VP9 hardware video decoder support * Added support for Date/Time input * stricter security sandbox blocking filesystem reading and writing on Linux systems * middle mouse paste in the content area no longer navigates to URLs by default on Unix systems + MFSA 2017-24 + * CVE-2017-7828 (bmo#1406750. bmo#1412252) + Use-after-free of PressShell while restyling layout + * CVE-2017-7830 (bmo#1408990) + Cross-origin URL information leak through Resource Timing API + * CVE-2017-7831 (bmo#1392026) + Information disclosure of exposed properties on JavaScript proxy + objects + * CVE-2017-7832 (bmo#1408782) + Domain spoofing through use of dotless 'i' character followed + by accent markers + * CVE-2017-7833 (bmo#1370497) + Domain spoofing with Arabic and Indic vowel marker characters + * CVE-2017-7834 (bmo#1358009) + data: URLs opened in new tabs bypass CSP protections + * CVE-2017-7835 (bmo#1402363) + Mixed content blocking incorrectly applies with redirects + * CVE-2017-7836 (bmo#1401339) + Pingsender dynamically loads libcurl on Linux and OS X + * CVE-2017-7837 (bmo#1325923) + SVG loaded as can use meta tags to set cookies + * CVE-2017-7838 (bmo#1399540) + Failure of individual decoding of labels in international domain + names triggers punycode display of entire IDN + * CVE-2017-7839 (bmo#1402896) + Control characters before javascript: URLs defeats self-XSS + prevention mechanism + * CVE-2017-7840 (bmo#1366420) + Exported bookmarks do not strip script elements from user-supplied + tags + * CVE-2017-7842 (bmo#1397064) + Referrer Policy is not always respected for elements + * CVE-2017-7827 + Memory safety bugs fixed in Firefox 57 + * CVE-2017-7826 + Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 - requires NSPR 4.17, NSS 3.33 and rustc 1.19 - rebased patches - added mozilla-bindgen-systemlibs.patch to allow stylo build diff -r 77c890186192 -r 85bd01789b6f MozillaFirefox/MozillaFirefox.spec --- a/MozillaFirefox/MozillaFirefox.spec Sat Nov 11 10:08:36 2017 +0100 +++ b/MozillaFirefox/MozillaFirefox.spec Thu Nov 16 21:22:39 2017 +0100 @@ -18,11 +18,11 @@ # changed with every update -%define major 56 -%define mainver %major.99 -%define update_channel beta +%define major 57 +%define mainver %major.0 +%define update_channel release %define branding 1 -%define releasedate 20171102181127 +%define releasedate 20171109183137 # PIE, full relro (x86_64 for now) %define build_hardened 1 diff -r 77c890186192 -r 85bd01789b6f MozillaFirefox/create-tar.sh --- a/MozillaFirefox/create-tar.sh Sat Nov 11 10:08:36 2017 +0100 +++ b/MozillaFirefox/create-tar.sh Thu Nov 16 21:22:39 2017 +0100 @@ -5,10 +5,10 @@ # "moz_source_stamp": "c1de04f39fa956cfce83f6065b0e709369215ed5" # http://ftp.mozilla.org/pub/firefox/candidates/48.0-candidates/build2/l10n_changesets.txt -CHANNEL="beta" +CHANNEL="release" BRANCH="releases/mozilla-$CHANNEL" -RELEASE_TAG="FIREFOX_57_0b14_RELEASE" -VERSION="56.99" +RELEASE_TAG="8af8bd128bd014669ad89774f47668b0b8109337" # build 3 +VERSION="57.0" # mozilla if [ -d mozilla ]; then