Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

MozillaFirefox-60.7.0-lp150.3.54.5 RPM for armv7hl

From OpenSuSE Ports Leap 15.0 updates for rpms / armv7hl

Name: MozillaFirefox Distribution: openSUSE Leap 15.0
Version: 60.7.0 Vendor: openSUSE
Release: lp150.3.54.5 Build date: Mon Jun 3 12:51:22 2019
Group: Productivity/Networking/Web/Browsers Build host: obs-arm-5
Size: 146099705 Source RPM: MozillaFirefox-60.7.0-lp150.3.54.5.src.rpm
Packager: http://bugs.opensuse.org
Url: http://www.mozilla.org/
Summary: Mozilla Firefox Web Browser
Mozilla Firefox is a standalone web browser, designed for standards
compliance and performance.  Its functionality can be enhanced via a
plethora of extensions.

Provides

Requires

License

MPL-2.0

Changelog

* Thu May 23 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 60.7.0esr (boo#1135824)
    MFSA 2019-14
    * CVE-2019-9815 (bmo#1546544)
      Disable hyperthreading on content JavaScript threads on macOS
    * CVE-2019-9816 (bmo#1536768)
      Type confusion with object groups and UnboxedObjects
    * CVE-2019-9817 (bmo#1540221)
      Stealing of cross-domain images using canvas
    * CVE-2019-9818 (bmo#1542581) (Windows only)
      Use-after-free in crash generation server
    * CVE-2019-9819 (bmo#1532553)
      Compartment mismatch with fetch API
    * CVE-2019-9820 (bmo#1536405)
      Use-after-free of ChromeEventHandler by DocShell
    * CVE-2019-9821 (bmo#1539125)
      Use-after-free in AssertWorkerThread
    * CVE-2019-11691 (bmo#1542465)
      Use-after-free in XMLHttpRequest
    * CVE-2019-11692 (bmo#1544670)
      Use-after-free removing listeners in the event listener manager
    * CVE-2019-11693 (bmo#1532525)
      Buffer overflow in WebGL bufferdata on Linux
    * CVE-2019-7317 (bmo#1542829)
      Use-after-free in png_image_free of libpng library
    * CVE-2019-9797 (bmo#1528909)
      Cross-origin theft of images with createImageBitmap
    * CVE-2018-18511 (bmo#1526218)
      Cross-origin theft of images with ImageBitmapRenderingContext
    * CVE-2019-11694 (bmo#1534196) (Windows only)
      Uninitialized memory memory leakage in Windows sandbox
    * CVE-2019-11698 (bmo#1543191)
      Theft of user history data through drag and drop of hyperlinks
      to and from bookmarks
    * CVE-2019-5798 (bmo#1535518)
      Out-of-bounds read in Skia
    * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
      bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
      bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
      bmo#1532465, bmo#1533554, bmo#1541580)
      Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
* Wed May 08 2019 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 60.6.3esr (boo#1134126)
    * Further improvements to re-enable web extensions which had been
      disabled for users with a master password set (bmo#1549249)
* Mon May 06 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Add patch to fix build using rust-1.33:
    * mozilla-bmo1519629.patch
* Sun May 05 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 60.6.2esr (boo#1134126)
    * fix extension certificate chain
      https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
* Fri Mar 22 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 60.6.1esr
    MFSA 2019-10 (bsc#1130262)
    * CVE-2019-9810 (bmo#1537924)
      IonMonkey MArraySlice has incorrect alias information
    * CVE-2019-9813 (bmo#1538006)
      Ionmonkey type confusion with __proto__ mutations
* Tue Mar 19 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 60.6.0esr
    MFSA 2019-08 (bsc#1129821)
    * CVE-2019-9790 bmo#1525145
      Use-after-free when removing in-use DOM elements
    * CVE-2019-9791 bmo#1530958
      Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
    * CVE-2019-9792 bmo#1532599
      IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
    * CVE-2019-9793 bmo#1528829
      Improper bounds checks when Spectre mitigations are disabled
    * CVE-2019-9794 bmo#1530103
      Command line arguments not discarded during execution
    * CVE-2019-9795 bmo#1514682
      Type-confusion in IonMonkey JIT compiler
    * CVE-2019-9796 bmo#1531277
      Use-after-free with SMIL animation controller
    * CVE-2018-18506 bmo#1503393
      Proxy Auto-Configuration file can define localhost access to be proxied
    * CVE-2019-9788 bmo#1518001 bmo#1521304 bmo#1521214 bmo#1506665 bmo#1516834
      bmo#1518774 bmo#1524755 bmo#1523362 bmo#1524214 bmo#1529203
      Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
* Fri Feb 22 2019 Andreas Stieger <andreas.stieger@gmx.de>
  - Mozilla Firefox 60.5.2esr:
    * Fix a frequent crash when reading various Reuters news articles
      (bmo#1505844)
* Wed Feb 13 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 60.5.1esr (bsc#1125330)
    MFSA 2019-05
    * CVE-2018-18356 bmo#1525817
      Use-after-free in Skia
    * CVE-2019-5785 bmo#1525433
      Integer overflow in Skia
    * CVE-2018-18335 bmo#1525815
      Buffer overflow in Skia with accelerated Canvas 2D
  - increased disk space requirement to 20G for build
* Wed Jan 23 2019 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 60.5.0esr
    MFSA 2019-02 (bsc#1122983)
    * CVE-2018-18500 bmo#1510114
      Use-after-free parsing HTML5 stream
    * CVE-2018-18505 bmo#1497749
      Privilege escalation through IPC channel messages
    * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
      bmo#1502871 bmo#1516738 bmo#1516514
      Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
  - requires NSS >= 3.36.7
  - rebased patches
  - removed obsolete patch:
    mozilla-no-stdcxx-check.patch
* Wed Jan 09 2019 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Add patch to fix armv7 build (boo#1121255):
    * mozilla-bmo1463035.patch
* Mon Dec 10 2018 Wolfgang Rosenauer <wr@rosenauer.org>
  - Mozilla Firefox 60.4.0esr:
    * Updated list of currency codes to include Unidad Previsional (UYW)
      (bmo#1499028)
    MFSA 2018-30 (bsc#1119105)
    * CVE-2018-17466 bmo#1488295
      Buffer overflow and out-of-bounds read in ANGLE library with
      TextureStorage11
    * CVE-2018-18492 bmo#1499861
      Use-after-free with select element
    * CVE-2018-18493 bmo#1504452
      Buffer overflow in accelerated 2D canvas with Skia
    * CVE-2018-18494 bmo#1487964
      Same-origin policy violation using location attribute and
      performance.getEntries to steal cross-origin URLs
    * CVE-2018-18498 bmo#1500011
      Integer overflow when calculating buffer sizes for images
    * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759
      bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471
      Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
  - requires NSS >= 3.36.6
* Tue Oct 23 2018 astieger@suse.com
  - Mozilla Firefox 60.3.0esr:
    * Various stability and regression fixes
    MFSA 2018-27 bsc#1112852
    * CVE-2018-12392 bmo#1492823
      Crash with nested event loops
    * CVE-2018-12393 bmo#1495011
      Integer overflow during Unicode conversion while loading
      JavaScript
    * CVE-2018-12395 bmo#1467523
      WebExtension bypass of domain restrictions through header
      rewriting
    * CVE-2018-12396 bmo#1483602
      WebExtension content scripts can execute in disallowed
      contexts
    * CVE-2018-12397 bmo#1487478
      WebExtension local file access vulnerability
    * CVE-2018-12389 bmo#1498460, bmo#1499198
      Memory safety bugs fixed in Firefox ESR 60.3
    * CVE-2018-12390 bmo#1487098 bmo#1487660 bmo#1490234 bmo#1496159
      bmo#1443748 bmo#1496340 bmo#1483905 bmo#1493347 bmo#1488803
      bmo#1498701 bmo#1498482 bmo#1442010 bmo#1495245 bmo#1483699
      bmo#1469486 bmo#1484905 bmo#1490561 bmo#1492524 bmo#1481844
      Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
* Tue Oct 02 2018 astieger@suse.com
  - Mozilla Firefox 60.2.2esr:
    MFSA 2018-24
    * CVE-2018-12386 (bsc#1110506, bmo#1493900)
      Type confusion in JavaScript allowed remote code execution
    * CVE-2018-12387 (bsc#1110507, bmo#1493903)
      Array.prototype.push stack pointer vulnerability may enable
      exploits in the sandboxed content process
* Thu Sep 27 2018 olaf@aepfle.de
  - Avoid undefined behavior in IPC fd-passing code with
    mozilla-bmo1436242.patch (boo#1094767, bmo#1436242)
* Fri Sep 21 2018 astieger@suse.com
  - Mozilla Firefox 60.2.1esr:
    MFSA 2018-23
    * CVE-2018-12385 (boo#1109363, bmo#1490585)
      Crash in TransportSecurityInfo due to cached data
    * CVE-2018-12383 (boo#1107343, bmo#1475775)
      Setting a master password did not delete unencrypted
      previously stored passwords
    * Fixed a startup crash affecting users migrating from older ESR
      releases
    * Clean up old NSS DB files after upgrading
* Wed Sep 05 2018 security@suse.com
  - Mozilla Firefox 60.2.0esr:
    MFSA 2018-21 (bsc#1107343)
    * CVE-2018-12377 (bmo#1470260)
      Use-after-free in refresh driver timers
    * CVE-2018-12378 (bmo#1459383)
      Use-after-free in IndexedDB
    * CVE-2017-16541 (bsc#1066489, bmo#1412081)
      Proxy bypass using automount and autofs
    * CVE-2018-12376 (bmo#69309,bmo#69914,bmo#50989,bmo#80092,
      bmo#80517,bmo#81093,bmo#78575,bmo#71953,bmo#73161,bmo#66991,
      bmo#68738,bmo#83120,bmo#67363,bmo#72925,bmo#66577,bmo#67889,
      bmo#80521)
      Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
  - unfuzz mozilla-kde.patch
* Sat Jun 23 2018 wr@rosenauer.org
  - update to Firefox 60.1.0esr
    MFSA 2018-16 (bsc#1098998)
    * CVE-2018-12359 (bmo#1459162)
      Buffer overflow using computed size of canvas element
    * CVE-2018-12360 (bmo#1459693)
      Use-after-free when using focus()
    * CVE-2018-12361 (bmo#1463244)
      Integer overflow in SwizzleData
    * CVE-2018-12362 (bmo#1452375)
      Integer overflow in SSSE3 scaler
    * CVE-2018-5156 (bmo#1453127)
      Media recorder segmentation fault when track type is changed during capture
    * CVE-2018-12363 (bmo#1464784)
      Use-after-free when appending DOM nodes
    * CVE-2018-12364 (bmo#1436241)
      CSRF attacks through 307 redirects and NPAPI plugins
    * CVE-2018-12365 (bmo#1459206)
      Compromised IPC child process can list local filenames
    * CVE-2018-12371 (bmo#1465686)
      Integer overflow in Skia library during edge builder allocation
    * CVE-2018-12366 (bmo#1464039)
      Invalid data handling during QCMS transformations
    * CVE-2018-12367 (bmo#1462891)
      Timing attack mitigation of PerformanceNavigationTiming
    * CVE-2018-12369 (bmo#1454909)
      WebExtension security permission checks bypassed by embedded experiments
    * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
      bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
      bmo#1463884)
      Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
    * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
      bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
      bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
      bmo#1464079,bmo#1463494,bmo#1458048)
      Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
  - remove obsolete patches
    mozilla-enable-csd.patch
    mozilla-fix-skia-aarch64.patch
  - do not disable system installed unsigned langpacks
    (mozilla-bmo1464766.patch)
* Thu Jun 07 2018 wr@rosenauer.org
  - update to Firefox 60.0.2esr
    * requires NSS 3.36.4
    MFSA 2018-14 (bsc#1096449)
    * CVE-2018-6126 (bmo#1462682)
      Heap buffer overflow rasterizing paths in SVG with Skia
* Wed Jun 06 2018 guillaume.gardet@opensuse.org
  - Add upstream patch to fix boo#1093059 instead of '-ffixed-x28'
    workaround:
    * mozilla-bmo1375074.patch
* Sat May 26 2018 wr@rosenauer.org
  - fixed "open with" option under KDE (boo#1094747)
  - workaround crash on startup on aarch64 (boo#1093059)
    (contributed by guillaume.gardet@arm.com)
* Wed May 23 2018 guillaume.gardet@opensuse.org
  - Disable webrtc for aarch64 due to bmo#1434589
  - Add patch to fix skia build on AArch64:
    * mozilla-fix-skia-aarch64.patch
* Thu May 17 2018 wr@rosenauer.org
  - update to Firefox 60.0.1esr (bsc#1093767)
    * Avoid overly long cycle collector pauses with some add-ons installed
      (bmo#1449033)
    * After unckecking the "Sponsored Stories" option, the New Tab page
      now immediately stops displaying "Sponsored content" cards (bmo#1458906)
    * On touchscreen devices, fixed momentum scrolling on non-zoomable pages
      (bmo#1457743)
    * Use the right default background when opening tabs or windows in
      high contrast mode (bmo#1458956)
    * Restored translations of the Preferences panels when using a
      language pack (bmo#1461590)
* Mon May 14 2018 pcerny@suse.com
  - parellelise locales building
* Fri May 11 2018 wr@rosenauer.org
  - correct buildconfig (source-stamp.txt) and update channel
    definition
* Mon May 07 2018 wr@rosenauer.org
  - update to Firefox 60.0esr
    * Added a policy engine that allows customized Firefox deployments
      in enterprise environments, using Windows Group Policy or a
      cross-platform JSON file
    * Applied Quantum CSS to render browser UI
    * Added support for Web Authentication, allowing the use of USB
      tokens for authentication to web sites
    * Locale added: Occitan (oc)
    MFSA 2018-11 (bsc#1092548)
    * CVE-2018-5154 (bmo#1443092)
      Use-after-free with SVG animations and clip paths
    * CVE-2018-5155 (bmo#1448774)
      Use-after-free with SVG animations and text paths
    * CVE-2018-5157 (bmo#1449898)
      Same-origin bypass of PDF Viewer to view protected PDF files
    * CVE-2018-5158 (bmo#1452075)
      Malicious PDF can inject JavaScript into PDF Viewer
    * CVE-2018-5159 (bmo#1441941)
      Integer overflow and out-of-bounds write in Skia
    * CVE-2018-5160 (bmo#1436117)
      Uninitialized memory use by WebRTC encoder
    * CVE-2018-5152 (bmo#1415644, bmo#1427289)
      WebExtensions information leak through webRequest API
    * CVE-2018-5153 (bmo#1436809)
      Out-of-bounds read in mixed content websocket messages
    * CVE-2018-5163 (bmo#1426353)
      Replacing cached data in JavaScript Start-up Bytecode Cache
    * CVE-2018-5164 (bmo#1416045)
      CSP not applied to all multipart content sent with
      multipart/x-mixed-replace
    * CVE-2018-5166 (bmo#1437325)
      WebExtension host permission bypass through filterReponseData
    * CVE-2018-5167 (bmo#1447969)
      Improper linkification of chrome: and javascript: content in
      web console and JavaScript debugger
    * CVE-2018-5168 (bmo#1449548)
      Lightweight themes can be installed without user interaction
    * CVE-2018-5169 (bmo#1319157)
      Dragging and dropping link text onto home button can set home page
      to include chrome pages
    * CVE-2018-5172 (bmo#1436482)
      Pasted script from clipboard can run in the Live Bookmarks page
      or PDF viewer
    * CVE-2018-5173 (bmo#1438025)
      File name spoofing of Downloads panel with Unicode characters
    * CVE-2018-5174 (bmo#1447080) (Windows-only)
      Windows Defender SmartScreen UI runs with less secure behavior
      for downloaded files in Windows 10 April 2018 Update
    * CVE-2018-5175 (bmo#1432358)
      Universal CSP bypass on sites using strict-dynamic in their policies
    * CVE-2018-5176 (bmo#1442840)
      JSON Viewer script injection
    * CVE-2018-5177 (bmo#1451908)
      Buffer overflow in XSLT during number formatting
    * CVE-2018-5165 (bmo#1451452)
      Checkbox for enabling Flash protected mode is inverted in 32-bit
      Firefox
    * CVE-2018-5180 (bmo#1444086)
      heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
    * CVE-2018-5181 (bmo#1424107)
      Local file can be displayed in noopener tab through drag and
      drop of hyperlink
    * CVE-2018-5182 (bmo#1435908)
      Local file can be displayed from hyperlink dragged and dropped
      on addressbar
    * CVE-2018-5151
      Memory safety bugs fixed in Firefox 60
    * CVE-2018-5150
      Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
  - removed obsolete patches
    0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
    mozilla-bmo1005535.patch
  - requires NSPR 4.19 and NSS 3.36.1
  - requires rust 1.24 or higher
  - use upstream source archive and detached signature for
    source verification
* Thu May 03 2018 guillaume.gardet@opensuse.org
  - Fix armv7 build by:
    * adding RUSTFLAGS="-Cdebuginfo=0"
    * updating _constraints for %arm
* Wed May 02 2018 wr@rosenauer.org
  - do not try CSD on kwin (boo#1091592)
  - fix build in openSUSE:Leap:42.3:Update, use gcc7
* Tue May 01 2018 astieger@suse.com
  - Mozilla Firefox 59.0.3:
    * fixes for platforms other than GNU/Linux
* Fri Apr 20 2018 mliska@suse.cz
  - Add 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
    in order to fix boo#1090362.
* Mon Apr 02 2018 badshah400@gmail.com
  - Add back mozilla-enable-csd.patch: New rebased version from
    Fedora for version 59.0.x.
* Tue Mar 27 2018 schwab@suse.de
  - Reduce constraints on aarch64
* Tue Mar 27 2018 wr@rosenauer.org
  - update to Firefox 59.0.2
    * Invalid page rendering with hardware acceleration enabled (bmo#1435472)
    * Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites
      that use those keys with resistFingerprinting enabled (bmo#1433592)
    * High CPU / memory churn caused by third-party software on some
      computers (bmo#1446280)
    * Users who have configured an "automatic proxy configuration URL"
      and want to reload their proxy settings from the URL will find
      the Reload button disabled in the Connection Settings dialog when
      they select Preferences/Options>Network Proxy>Settings... (bmo#1445991)
    * URL Fragment Identifiers Break Service Worker Responses (bmo#1443850)
    * User's trying to cancel a print around the time it completes will
      continue to get intermittent crashes (bmo#1441598)
    MFSA 2018-10 (bsc#1087059)
    * CVE-2018-5148 (bmo#1440717)
      Use-after-free in compositor
  - removed obsolete patch mozilla-bmo1446062.patch
* Wed Mar 21 2018 cgrobertson@suse.com
  - Added patches:
    * mozilla-i586-DecoderDoctorLogger.patch - bmo#1447070
      fixes non-unified build error
    * mozilla-i586-domPrefs.patch - DOMPrefs.h
      fixes 32bit build error
* Fri Mar 16 2018 wr@rosenauer.org
  - update to Firefox 59.0.1 (bsc#1085671)
    MFSA 2018-08
    * CVE-2018-5146 (bmo#1446062)
      Vorbis audio processing out of bounds write
    * CVE-2018-5147 (bmo#1446365)
      Out of bounds memory write in libtremor
      (mozilla-bmo1446062.patch)
* Wed Mar 14 2018 cgrobertson@suse.com
  - Added patch:
    * mozilla-bmo1005535.patch:
      Enable skia_gpu on big endian platforms.
* Sun Mar 11 2018 wr@rosenauer.org
  - update to Firefox 59.0
    * Performance enhancements
    * Drag-and-drop to rearrange Top Sites on the Firefox Home page
    * added features for Firefox Screenshots
    * Enhanced WebExtensions API
    * Improved RTC capabilities
    MFSA 2018-06 (bsc#1085130)
    * CVE-2018-5127 (bmo#1430557)
      Buffer overflow manipulating SVG animatedPathSegList
    * CVE-2018-5128 (bmo#1431336)
      Use-after-free manipulating editor selection ranges
    * CVE-2018-5129 (bmo#1428947)
      Out-of-bounds write with malformed IPC messages
    * CVE-2018-5130 (bmo#1433005)
      Mismatched RTP payload type can trigger memory corruption
    * CVE-2018-5131 (bmo#1440775)
      Fetch API improperly returns cached copies of no-store/no-cache resources
    * CVE-2018-5132 (bmo#1408194)
      WebExtension Find API can search privileged pages
    * CVE-2018-5133 (bmo#1430511, bmo#1430974)
      Value of the app.support.baseURL preference is not properly sanitized
    * CVE-2018-5134 (bmo#1429379)
      WebExtensions may use view-source: URLs to bypass content restrictions
    * CVE-2018-5135 (bmo#1431371)
      WebExtension browserAction can inject scripts into unintended contexts
    * CVE-2018-5136 (bmo#1419166)
      Same-origin policy violation with data: URL shared workers
    * CVE-2018-5137 (bmo#1432870)
      Script content can access legacy extension non-contentaccessible resources
    * CVE-2018-5138 (bmo#1432624) (Android only)
      Android Custom Tab address spoofing through long domain names
    * CVE-2018-5140 (bmo#1424261)
      Moz-icon images accessible to web content through moz-icon: protocol
    * CVE-2018-5141 (bmo#1429093)
      DOS attack through notifications Push API
    * CVE-2018-5142 (bmo#1366357)
      Media Capture and Streams API permissions display incorrect origin
      with data: and blob: URLs
    * CVE-2018-5143 (bmo#1422643)
      Self-XSS pasting javascript: URL with embedded tab into addressbar
    * CVE-2018-5126
      Memory safety bugs fixed in Firefox 59
    * CVE-2018-5125
      Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
  - requires NSPR 4.18 and NSS 3.35
  - requires rust >= 1.22.1
  - removed obsolete patches:
    mozilla-alsa-sandbox.patch
    mozilla-enable-csd.patch
    firefox-no-default-ualocale.patch
  - removed l10n_changesets.txt since same information is now in
    Firefox source tree (updated create-tar.sh now requires jq)
* Fri Feb 09 2018 astieger@suse.com
  - Mozilla Firefox 58.0.2:
    * Blocklisted graphics drivers related to off main thread painting
      crashes
    * Fix tab crash during printing
    * Fix clicking links and scrolling emails on Microsoft Hotmail
      and Outlook (OWA) webmail
* Fri Feb 09 2018 wr@rosenauer.org
  - correct requires and provides handling (boo#1076907)
* Tue Feb 06 2018 fstrba@suse.com
  - Added patch:
    * mozilla-alsa-sandbox.patch: Fix bmo#1430274, ALSA sound (still
      or again?) not working in Firefox 58 due to sandboxing.
* Mon Jan 29 2018 wr@rosenauer.org
  - update to Firefox 58.0.1
    MFSA 2018-05
    * Arbitrary code execution through unsanitized browser UI (bmo#1432966)
  - use correct language packs
  - readd mozilla-enable-csd.patch as it only lands for FF59 upstream
  - allow larger number of nested elements (mozilla-bmo256180.patch)
* Tue Jan 23 2018 wr@rosenauer.org
  - update to Firefox 58.0 (bsc#1077291)
    * Added Nepali (ne-NP) locale
    * Added support for form autofill for credit card
    * Optimize page load by caching JavaScript internal representation
    MFSA 2018-02
    * CVE-2018-5091 (bmo#1423086)
      Use-after-free with DTMF timers
    * CVE-2018-5092 (bmo#1418074)
      Use-after-free in Web Workers
    * CVE-2018-5093 (bmo#1415291)
      Buffer overflow in WebAssembly during Memory/Table resizing
    * CVE-2018-5094 (bmo#1415883)
      Buffer overflow in WebAssembly with garbage collection on
      uninitialized memory
    * CVE-2018-5095 (bmo#1418447)
      Integer overflow in Skia library during edge builder allocation
    * CVE-2018-5097 (bmo#1387427)
      Use-after-free when source document is manipulated during XSLT
    * CVE-2018-5098 (bmo#1399400)
      Use-after-free while manipulating form input elements
    * CVE-2018-5099 (bmo#1416878)
      Use-after-free with widget listener
    * CVE-2018-5100 (bmo#1417405)
      Use-after-free when IsPotentiallyScrollable arguments are freed
      from memory
    * CVE-2018-5101 (bmo#1417661)
      Use-after-free with floating first-letter style elements
    * CVE-2018-5102 (bmo#1419363)
      Use-after-free in HTML media elements
    * CVE-2018-5103 (bmo#1423159)
      Use-after-free during mouse event handling
    * CVE-2018-5104 (bmo#1425000)
      Use-after-free during font face manipulation
    * CVE-2018-5105 (bmo#1390882)
      WebExtensions can save and execute files on local file system
      without user prompts
    * CVE-2018-5106 (bmo#1408708)
      Developer Tools can expose style editor information cross-origin
      through service worker
    * CVE-2018-5107 (bmo#1379276)
      Printing process will follow symlinks for local file access
    * CVE-2018-5108 (bmo#1421099)
      Manually entered blob URL can be accessed by subsequent private browsing tabs
    * CVE-2018-5109 (bmo#1405599)
      Audio capture prompts and starts with incorrect origin attribution
    * CVE-2018-5110 (bmo#1423275) (affects only OS X)
      Cursor can be made invisible on OS X
    * CVE-2018-5111 (bmo#1321619)
      URL spoofing in addressbar through drag and drop
    * CVE-2018-5112 (bmo#1425224)
      Extension development tools panel can open a non-relative URL in the panel
    * CVE-2018-5113 (bmo#1425267)
      WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
    * CVE-2018-5114 (bmo#1421324)
      The old value of a cookie changed to HttpOnly remains accessible to scripts
    * CVE-2018-5115 (bmo#1409449)
      Background network requests can open HTTP authentication in unrelated foreground tabs
    * CVE-2018-5116 (bmo#1396399)
      WebExtension ActiveTab permission allows cross-origin frame content access
    * CVE-2018-5117 (bmo#1395508)
      URL spoofing with right-to-left text aligned left-to-right
    * CVE-2018-5118 (bmo#1420049)
      Activity Stream images can attempt to load local content through file:
    * CVE-2018-5119 (bmo#1420507)
      Reader view will load cross-origin content in violation of CORS headers
    * CVE-2018-5121 (bmo#1402368) (affects only OS X)
      OS X Tibetan characters render incompletely in the addressbar
    * CVE-2018-5122 (bmo#1413841)
      Potential integer overflow in DoCrypt
    * CVE-2018-5090
      Memory safety bugs fixed in Firefox 58
    * CVE-2018-5089
      Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
  - requires NSS 3.34.1
  - requires rust 1.21
  - removed obsolete patches:
    mozilla-bindgen-systemlibs.patch
    mozilla-bmo1360278.patch
    mozilla-bmo1399611-csd.patch
    mozilla-rust-1.23.patch
  - rebased patches
  - updated man-page
* Tue Jan 09 2018 wr@rosenauer.org
  - fixed build with latest rust (mozilla-rust-1.23.patch)
* Thu Jan 04 2018 wr@rosenauer.org
  - update to Firefox 57.0.4
    MFSA 2018-1: Speculative execution side-channel attack ("Spectre")
    (boo#1074723)
* Wed Jan 03 2018 wr@rosenauer.org
  - fixed regression introduced Oct 10th which made Firefox crash
    when cancelling the KDE file dialog (boo#1069962)
* Fri Dec 29 2017 astieger@suse.com
  - Mozilla Firefox 57.0.3:
    * Fix a crash reporting issue that inadvertently sends background
      tab crash reports to Mozilla without user opt-in (bmo#1427111,
      bsc#1074235)
  - Includes changes from 57.0.2:
    * fixes for platforms other than GNU/Linux
* Fri Dec 08 2017 dimstar@opensuse.org
  - Explicitly buildrequires python2-xml: The build system relies on
    it. We wrongly relied on other packages pulling it in for us.
* Thu Dec 07 2017 dimstar@opensuse.org
  - Escape the usage of %{VERSION} when calling out to rpm.
    RPM 4.14 has %{VERSION} defined as 'the main packages version'.
* Wed Nov 29 2017 wr@rosenauer.org
  - update to Firefox 57.0.1
    * CVE-2017-7843: Web worker in Private Browsing mode can write
      IndexedDB data (bsc#1072034, bmo#1410106)
    * CVE-2017-7844: Visited history information leak through SVG
      image (bsc#1072036, bmo#1420001)
    * Fix a video color distortion issue on YouTube and other video
      sites with some AMD devices (bmo#1417442)
    * Fix an issue with prefs.js when the profile path has non-ascii
      characters (bmo#1420427)
* Tue Nov 21 2017 christophe@krop.fr
  - Add mozilla-bmo1360278.patch
    Starting with Firefox 57, the context menu appears on key press.
    This patch creates a config entry to restore the
    old behaviour. Without the patch, the mouse gesture extensions
    require 2 clicks to work (bmo#1360278).
    The new config entry is named ui.context_menus.after_mouseup
    (default : false).
* Sat Nov 18 2017 wr@rosenauer.org
  - Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled
    widget.allow-client-side-decoration=true
    (mozilla-bmo1399611-csd.patch)
* Wed Nov 15 2017 wr@rosenauer.org
  - update to Firefox 57.0 (boo#1068101)
    * Firefox Quantum
    * Photon UI
    * Unified address and search bar
    * AMD VP9 hardware video decoder support
    * Added support for Date/Time input
    * stricter security sandbox blocking filesystem reading and
      writing on Linux systems
    * middle mouse paste in the content area no longer navigates to
      URLs by default on Unix systems
    MFSA 2017-24
    * CVE-2017-7828 (bmo#1406750. bmo#1412252)
      Use-after-free of PressShell while restyling layout
    * CVE-2017-7830 (bmo#1408990)
      Cross-origin URL information leak through Resource Timing API
    * CVE-2017-7831 (bmo#1392026)
      Information disclosure of exposed properties on JavaScript proxy
      objects
    * CVE-2017-7832 (bmo#1408782)
      Domain spoofing through use of dotless 'i' character followed
      by accent markers
    * CVE-2017-7833 (bmo#1370497)
      Domain spoofing with Arabic and Indic vowel marker characters
    * CVE-2017-7834 (bmo#1358009)
      data: URLs opened in new tabs bypass CSP protections
    * CVE-2017-7835 (bmo#1402363)
      Mixed content blocking incorrectly applies with redirects
    * CVE-2017-7836 (bmo#1401339)
      Pingsender dynamically loads libcurl on Linux and OS X
    * CVE-2017-7837 (bmo#1325923)
      SVG loaded as <img> can use meta tags to set cookies
    * CVE-2017-7838 (bmo#1399540)
      Failure of individual decoding of labels in international domain
      names triggers punycode display of entire IDN
    * CVE-2017-7839 (bmo#1402896)
      Control characters before javascript: URLs defeats self-XSS
      prevention mechanism
    * CVE-2017-7840 (bmo#1366420)
      Exported bookmarks do not strip script elements from user-supplied
      tags
    * CVE-2017-7842 (bmo#1397064)
      Referrer Policy is not always respected for <link> elements
    * CVE-2017-7827
      Memory safety bugs fixed in Firefox 57
    * CVE-2017-7826
      Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
  - requires NSPR 4.17, NSS 3.33 and rustc 1.19
  - rebased patches
  - added mozilla-bindgen-systemlibs.patch to allow stylo build
    with system libs (bmo#1341234)
  - removed mozilla-language.patch since the whole locale code
    changed in Firefox and is relying on ICU now
  - removed obsolete mozilla-ucontext.patch
* Sat Oct 28 2017 wr@rosenauer.org
  - update to Firefox 56.0.2
    * Disable Form Autofill completely on user request (bmo#1404531)
    * Fix for video-related crashes on Windows 7 (bmo#1409141)
    * Correct detection for 64-bit GSSAPI authentication (bmo#1409275)
    * Fix for shutdown crash (bmo#1404105)
* Tue Oct 10 2017 wr@rosenauer.org
  - update to Firefox 56.0.1
    * Block D3D11 when using Intel drivers on Windows 7 systems with
      partial AVX support (bmo#1403353)
    - > just to sync the version number
  - enable stylo for TW (requires LLVM >= 3.9)
  - queue KDE filepicker requests to avoid non-opening file dialogs
    happening in certain situations (contributed by Ignaz Forster)
  - the placeholder dot in KDE file dialog in case of empty filenames
    was removed, apparently not required (anymore)
    (contributed by Ignaz Forster)
* Sun Oct 01 2017 stefan.bruens@rwth-aachen.de
  - Correct plugin directory for aarch64 (boo#1061207). The wrapper
    script was not detecting aarch64 as a 64 bit architecture, thus
    used /usr/lib/browser-plugins/.
* Sat Sep 30 2017 zaitor@opensuse.org
  - Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
    pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
    pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
    pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
    looks for.
* Thu Sep 28 2017 wr@rosenauer.org
  - update to Firefox 56.0 (boo#1060445)
    * Firefox Screenshots
    * Find Options/Preferences more quickly with new search function
    * Media is no longer auto-played when opened in a background tab
    * Enable CSS Grid Layout View
    MFSA 2017-21
    * CVE-2017-7793 (bmo#1371889)
      Use-after-free with Fetch API
    * CVE-2017-7817 (bmo#1356596) (Android-only)
      Firefox for Android address bar spoofing through fullscreen mode
    * CVE-2017-7818 (bmo#1363723)
      Use-after-free during ARIA array manipulation
    * CVE-2017-7819 (bmo#1380292)
      Use-after-free while resizing images in design mode
    * CVE-2017-7824 (bmo#1398381)
      Buffer overflow when drawing and validating elements with ANGLE
    * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
      Use-after-free in TLS 1.2 generating handshake hashes
    * CVE-2017-7812 (bmo#1379842)
      Drag and drop of malicious page content to the tab bar can open locally stored files
    * CVE-2017-7814 (bmo#1376036)
      Blob and data URLs bypass phishing and malware protection warnings
    * CVE-2017-7813 (bmo#1383951)
      Integer truncation in the JavaScript parser
    * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
      OS X fonts render some Tibetan and Arabic unicode characters as spaces
    * CVE-2017-7815 (bmo#1368981)
      Spoofing attack with modal dialogs on non-e10s installations
    * CVE-2017-7816 (bmo#1380597)
      WebExtensions can load about: URLs in extension UI
    * CVE-2017-7821 (bmo#1346515)
      WebExtensions can download and open non-executable files without user interaction
    * CVE-2017-7823 (bmo#1396320)
      CSP sandbox directive did not create a unique origin
    * CVE-2017-7822 (bmo#1368859)
      WebCrypto allows AES-GCM with 0-length IV
    * CVE-2017-7820 (bmo#1378207)
      Xray wrapper bypass with new tab and web console
    * CVE-2017-7811
      Memory safety bugs fixed in Firefox 56
    * CVE-2017-7810
      Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
  - requires NSPR 4.16 and NSS 3.32.1
  - rebased patches
* Thu Sep 28 2017 dimstar@opensuse.org
  - Add alsa-devel BuildRequires: we care for ALSA support to be
    built and thus need to ensure we get the dependencies in place.
    In the past, alsa-devel was pulled in by accident: we
    buildrequire libgnome-devel. This required esound-devel and that
    in turn pulled in alsa-devel for us. libgnome is being fixed to
    no longer require esound-devel.
* Mon Sep 04 2017 wr@rosenauer.org
  - update to Firefox 55.0.3
    * Fix an issue with addons when using a path containing non-ascii
      characters (bmo#1389160)
    * Fix file uploads to some websites, including YouTube (bmo#1383518)
  - fix Google API key build integration
  - add mozilla-ucontext.patch to fix Tumbleweed build
  - do not enable XINPUT2 for now (boo#1053959)
* Fri Aug 11 2017 wr@rosenauer.org
  - update to Firefox 55.0.1
    * Fix a regression the tab restoration process (bmo#1388160)
    * Fix a problem causing What's new pages not to be displayed (bmo#1386224)
    * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370)
    * Disable the predictor prefetch (bmo#1388160)
* Sat Aug 05 2017 wr@rosenauer.org
  - update to Firefox 55.0 (boo#1052829)
    * Browsing sessions with a high number of tabs are now restored
      in an instant
    * Sidebar (bookmarks, history, synced tabs) can now be moved to
      the right edge of the window
    * Fine-tune your browser performance from the Preferences/Options page.
    * Make screenshots of webpages, and save them locally or upload
      them to the cloud. This feature will undergo A/B testing and
      will not be visible for some users.
    * Added Belarusian (be) locale
    * Simplify print jobs from within print preview
    * Use virtual reality devices with the web with the introduction
      of WebVR
    * Search suggestions are now enabled by default for users who
      haven't explicitly opted-out
    * Search with any installed search engine directly from the
      location bar
    * IMPORTANT: Breaking profile changes - do not downgrade Firefox
      and use a profile that has been opened with Firefox 55+.
    * The Adobe Flash plugin is now click-to-activate by default and
      only allowed on http:// and https:// URL schemes. This change
      will be rolled out progressively and so will not be visible to
      all users immediately. For more information see the Firefox
      plugin roadmap
    * Modernized application update UI to be less intrusive and more
      aligned with the rest of the browser. Only users who have not
      restarted their browser 8 days after downloading an update or
      users who opted out of automatic updates will see this change.
    * Insecure sites can no longer access the Geolocation APIs to get
      access to your physical location
    * requires NSPR 4.15 and NSS 3.31
    MFSA 2017-18
    * CVE-2017-7798 (bmo#1371586, bmo#1372112)
      XUL injection in the style editor in devtools
    * CVE-2017-7800 (bmo#1374047)
      Use-after-free in WebSockets during disconnection
    * CVE-2017-7801 (bmo#1371259)
      Use-after-free with marquee during window resizing
    * CVE-2017-7809 (bmo#1380284)
      Use-after-free while deleting attached editor DOM node
    * CVE-2017-7784 (bmo#1376087)
      Use-after-free with image observers
    * CVE-2017-7802 (bmo#1378147)
      Use-after-free resizing image elements
    * CVE-2017-7785 (bmo#1356985)
      Buffer overflow manipulating ARIA attributes in DOM
    * CVE-2017-7786 (bmo#1365189)
      Buffer overflow while painting non-displayable SVG
    * CVE-2017-7806 (bmo#1378113)
      Use-after-free in layer manager with SVG
    * CVE-2017-7753 (bmo#1353312)
      Out-of-bounds read with cached style data and pseudo-elements#
    * CVE-2017-7787 (bmo#1322896)
      Same-origin policy bypass with iframes through page reloads
    * CVE-2017-7807 (bmo#1376459)
      Domain hijacking through AppCache fallback
    * CVE-2017-7792 (bmo#1368652)
      Buffer overflow viewing certificates with an extremely long OID
    * CVE-2017-7804 (bmo#1372849)
      Memory protection bypass through WindowsDllDetourPatcher
    * CVE-2017-7791 (bmo#1365875)
      Spoofing following page navigation with data: protocol and modal alerts
    * CVE-2017-7808 (bmo#1367531)
      CSP information leak with frame-ancestors containing paths
    * CVE-2017-7782 (bmo#1344034)
      WindowsDllDetourPatcher allocates memory without DEP protections
    * CVE-2017-7781 (bmo#1352039)
      Elliptic curve point addition error when using mixed Jacobian-affine coordinates
    * CVE-2017-7794 (bmo#1374281)
      Linux file truncation via sandbox broker
    * CVE-2017-7803 (bmo#1377426)
      CSP containing 'sandbox' improperly applied
    * CVE-2017-7799 (bmo#1372509)
      Self-XSS XUL injection in about:webrtc
    * CVE-2017-7783 (bmo#1360842)
      DOS attack through long username in URL
    * CVE-2017-7788 (bmo#1073952)
      Sandboxed about:srcdoc iframes do not inherit CSP directives
    * CVE-2017-7789 (bmo#1074642)
      Failure to enable HSTS when two STS headers are sent for a connection
    * CVE-2017-7790 (bmo#1350460) (Windows-only)
      Windows crash reporter reads extra memory for some non-null-terminated registry values
    * CVE-2017-7796 (bmo#1234401) (Windows-only)
      Windows updater can delete any file named update.log
    * CVE-2017-7797 (bmo#1334776)
      Response header name interning leaks across origins
    * CVE-2017-7780
      Memory safety bugs fixed in Firefox 55
    * CVE-2017-7779
      Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
  - updated mozilla-kde.patch:
    * removed "downloadfinished" alert as Firefox reimplemented the
      whole thing (TODO: check if there is another function we should
      hook in)
* Tue Jul 04 2017 wr@rosenauer.org
  - update to Firefox 54.0.1
    * Fix a display issue of tab title (bmo#1357656)
    * Fix a display issue of opening new tab (bmo#1371995)
    * Fix a display issue when opening multiple tabs (bmo#1371962)
    * Fix a tab display issue when downloading files (bmo#1373109)
    * Fix a PDF printing issue (bmo#1366744)
    * Fix a Netflix issue on Linux (bmo#1375708)
* Thu Jun 15 2017 wr@rosenauer.org
  - update to Firefox 54.0
    * Clearer and more detailed information for download items in the
      download panel
    * Added Burmese (my) locale
    * Bookmarks created on mobile devices are now shown in
      "Mobile Bookmarks” folder in the drop down list from the toolbar
      and Bookmarks option in the menu bar in Desktop Firefox
    * added support for multiple content processes (e10s-multi)
  - requires NSPR 4.14 and NSS 3.30.2
  - requires rust 1.15.1
  - removed mozilla-shared-nss-db.patch as it seems to be a rather
    unused feature
* Thu Jun 01 2017 kah0922@gmail.com
  - remove -fno-inline-small-functions and explicitely optimize with
    - O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)
* Wed Apr 26 2017 wr@rosenauer.org
  - switch to Mozilla's geolocation service (boo#1026989)
  - removed mozilla-preferences.patch obsoleted by overriding via
    firefox.js
  - fixed KDE integration to avoid crash caused by filepicker
    (boo#1015998)
* Mon Apr 17 2017 wr@rosenauer.org
  - update to Firefox 53.0
    * requires NSS 3.29.5
    * Lightweight themes are now applied in private browsing windows
    * Reader Mode now displays estimated reading time for the page
    * Two new 'compact' themes available in Firefox, dark and light,
      based on the Firefox Developer Edition theme
    * Ended Firefox Linux support for processors older than Pentium 4
      and AMD Opteron
    * Refresh of the media controls user interface
    * Shortened titles on tabs are faded out instead of using ellipsis
      for improved readability
    * Media playback on new tabs is blocked until the tab is visible
    * Permission notifications have a cleaner design and cannot be
      easily missed
    MFSA 2017-10
    * CVE-2017-5456 (bmo#1344415)
      Sandbox escape allowing local file system access
    * CVE-2017-5442 (bmo#1347979)
      Use-after-free during style changes
    * CVE-2017-5443 (bmo#1342661)
      Out-of-bounds write during BinHex decoding
    * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
      bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
      Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
      Firefox ESR 52.1
    * CVE-2017-5464 (bmo#1347075)
      Memory corruption with accessibility and DOM manipulation
    * CVE-2017-5465 (bmo#1347617)
      Out-of-bounds read in ConvolvePixel
    * CVE-2017-5466 (bmo#1353975)
      Origin confusion when reloading isolated data:text/html URL
    * CVE-2017-5467 (bmo#1347262)
      Memory corruption when drawing Skia content
    * CVE-2017-5460 (bmo#1343642)
      Use-after-free in frame selection
    * CVE-2017-5461 (bmo#1344380)
      Out-of-bounds write in Base64 encoding in NSS
    * CVE-2017-5448 (bmo#1346648)
      Out-of-bounds write in ClearKeyDecryptor
    * CVE-2017-5449 (bmo#1340127)
      Crash during bidirectional unicode manipulation with animation
    * CVE-2017-5446 (bmo#1343505)
      Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
    * CVE-2017-5447 (bmo#1343552)
      Out-of-bounds read during glyph processing
    * CVE-2017-5444 (bmo#1344461)
      Buffer overflow while parsing application/http-index-format content
    * CVE-2017-5445 (bmo#1344467)
      Uninitialized values used while parsing application/http-index-format
      content
    * CVE-2017-5468 (bmo#1329521)
      Incorrect ownership model for Private Browsing information
    * CVE-2017-5469 (bmo#1292534)
      Potential Buffer overflow in flex-generated code
    * CVE-2017-5440 (bmo#1336832)
      Use-after-free in txExecutionState destructor during XSLT processing
    * CVE-2017-5441 (bmo#1343795)
      Use-after-free with selection during scroll events
    * CVE-2017-5439 (bmo#1336830)
      Use-after-free in nsTArray Length() during XSLT processing
    * CVE-2017-5438 (bmo#1336828)
      Use-after-free in nsAutoPtr during XSLT processing
    * CVE-2017-5437 (bmo#1343453)
      Vulnerabilities in Libevent library
    * CVE-2017-5436 (bmo#1345461)
      Out-of-bounds write with malicious font in Graphite 2
    * CVE-2017-5435 (bmo#1350683)
      Use-after-free during transaction processing in the editor
    * CVE-2017-5434 (bmo#1349946)
      Use-after-free during focus handling
    * CVE-2017-5433 (bmo#1347168)
      Use-after-free in SMIL animation functions
    * CVE-2017-5432 (bmo#1346654)
      Use-after-free in text input selection
    * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
      bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686,
      bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621,
      bmo#1349719, bmo#1353476)
      Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
    * CVE-2017-5459 (bmo#1333858)
      Buffer overflow in WebGL
    * CVE-2017-5458 (bmo#1229426)
      Drag and drop of javascript: URLs can allow for self-XSS
    * CVE-2017-5455 (bmo#1341191)
      Sandbox escape through internal feed reader APIs
    * CVE-2017-5454 (bmo#1349276)
      Sandbox escape allowing file system read access through file picker
    * CVE-2017-5451 (bmo#1273537)
      Addressbar spoofing with onblur event
    * CVE-2017-5453 (bmo#1321247)
      HTML injection into RSS Reader feed preview page through
      TITLE element
    * CVE-2017-5462 (bmo#1345089)
      DRBG flaw in NSS
  - removed browser(npapi) provides as these plugins are deprecated
  - switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for
    Leap 42
  - Gtk2 is not longer an option; switched to Gtk3
  - apply MOZ_USE_XINPUT2=1 for better touchpad and touchscreen support
    (boo#1032003)
* Mon Apr 03 2017 wr@rosenauer.org
  - update to Firefox 52.0.2
    * Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787)
    * Fix loading tab icons on session restore (bmo#1338009)
    * Fix a crash on startup on Linux (bmo#1345413)
    * Fix new installs erroneously not prompting to change the default
      browser setting (bmo#1343938)
* Mon Mar 20 2017 wr@rosenauer.org
  - disable rust usage for everything but x86(-64)
  - explicitely add libffi build requirement
* Fri Mar 17 2017 wr@rosenauer.org
  - update to Firefox 52.0.1 (boo#1029822)
    MFSA 2017-08
    CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)
* Thu Mar 09 2017 wr@rosenauer.org
  - reenable ALSA support which was removed by default upstream
* Sat Mar 04 2017 wr@rosenauer.org
  - update to Firefox 52.0 (boo#1028391)
    * requires NSS >= 3.28.3
    * Pages containing insecure password fields now display a warning
      directly within username and password fields.
    * Send and open a tab from one device to another with Sync
    * Removed NPAPI support for plugins other than Flash. Silverlight,
      Java, Acrobat and the like are no longer supported.
    * Removed Battery Status API to reduce fingerprinting of users by
      trackers
    * MFSA 2017-05
      CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
      (bmo#1334933)
      CVE-2017-5401: Memory Corruption when handling ErrorResult
      (bmo#1328861)
      CVE-2017-5402: Use-after-free working with events in FontFace
      objects (bmo#1334876)
      CVE-2017-5403: Use-after-free using addRange to add range to an
      incorrect root object (bmo#1340186)
      CVE-2017-5404: Use-after-free working with ranges in selections
      (bmo#1340138)
      CVE-2017-5406: Segmentation fault in Skia with canvas operations
      (bmo#1306890)
      CVE-2017-5407: Pixel and history stealing via floating-point
      timing side channel with SVG filters (bmo#1336622)
      CVE-2017-5410: Memory corruption during JavaScript garbage
      collection incremental sweeping (bmo#1330687)
      CVE-2017-5408: Cross-origin reading of video captions in violation
      of CORS (bmo#1313711)
      CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
      CVE-2017-5413: Segmentation fault during bidirectional operations
      (bmo#1337504)
      CVE-2017-5414: File picker can choose incorrect default directory
      (bmo#1319370)
      CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719)
      CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
      CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
      (bmo#791597)
      CVE-2017-5426: Gecko Media Plugin sandbox is not started if
      seccomp-bpf filter is running (bmo#1257361)
      CVE-2017-5427: Non-existent chrome.manifest file loaded during
      startup (bmo#1295542)
      CVE-2017-5418: Out of bounds read when parsing HTTP digest
      authorization responses (bmo#1338876)
      CVE-2017-5419: Repeated authentication prompts lead to DOS
      attack (bmo#1312243)
      CVE-2017-5420: Javascript: URLs can obfuscate addressbar
      location (bmo#1284395)
      CVE-2017-5405: FTP response codes can cause use of
      uninitialized values for ports (bmo#1336699)
      CVE-2017-5421: Print preview spoofing (bmo#1301876)
      CVE-2017-5422: DOS attack by using view-source: protocol
      repeatedly in one hyperlink (bmo#1295002)
      CVE-2017-5399: Memory safety bugs fixed in Firefox 52
      CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
      Firefox ESR 45.8
  - removed obsolete patches
    * mozilla-binutils-visibility.patch
    * mozilla-check_return.patch
    * mozilla-disable-skia-be.patch
    * mozilla-skia-overflow.patch
    * mozilla-skia-ppc-endianess.patch
  - rebased patches
  - enable rust usage for Tumbleweed
* Fri Jan 27 2017 astieger@suse.com
  - Mozilla Firefox 51.0.1:
    - Multiprocess incompatibility did not correctly register with
      some add-ons (bmo#1333423)
* Fri Jan 20 2017 wr@rosenauer.org
  - update to Firefox 51.0
    * requires NSPR >= 4.13.1, NSS >= 3.28.1
    * Added support for FLAC (Free Lossless Audio Codec) playback
    * Added support for WebGL 2
    * Added Georgian (ka) and Kabyle (kab) locales
    * Support saving passwords for forms without 'submit' events
    * Improved video performance for users without GPU acceleration
    * Zoom indicator is shown in the URL bar if the zoom level is not
      at default level
    * View passwords from the prompt before saving them
    * Remove Belarusian (be) locale
    * Use Skia for content rendering (Linux)
    * MFSA 2017-01
      CVE-2017-5375: Excessive JIT code allocation allows bypass of
      ASLR and DEP (bmo#1325200, boo#1021814)
      CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
      CVE-2017-5377: Memory corruption with transforms to create
      gradients in Skia (bmo#1306883, boo#1021826)
      CVE-2017-5378: Pointer and frame data leakage of Javascript objects
      (bmo#1312001, bmo#1330769, boo#1021818)
      CVE-2017-5379: Use-after-free in Web Animations
      (bmo#1309198,boo#1021827)
      CVE-2017-5380: Potential use-after-free during DOM manipulations
      (bmo#1322107, boo#1021819)
      CVE-2017-5390: Insecure communication methods in Developer Tools
      JSON viewer (bmo#1297361, boo#1021820)
      CVE-2017-5389: WebExtensions can install additional add-ons via
      modified host requests (bmo#1308688, boo#1021828)
      CVE-2017-5396: Use-after-free with Media Decoder
      (bmo#1329403, boo#1021821)
      CVE-2017-5381: Certificate Viewer exporting can be used to navigate
      and save to arbitrary filesystem locations
    (bmo#1017616, boo#1021830)
      CVE-2017-5382: Feed preview can expose privileged content errors
      and exceptions (bmo#1295322, boo#1021831)
      CVE-2017-5383: Location bar spoofing with unicode characters
      (bmo#1323338, bmo#1324716, boo#1021822)
      CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
      (bmo#1255474, boo#1021832)
      CVE-2017-5385: Data sent in multipart channels ignores referrer-policy
      response headers (bmo#1295945, boo#1021833)
      CVE-2017-5386: WebExtensions can use data: protocol to affect other
      extensions (bmo#1319070, boo#1021823)
      CVE-2017-5394: Android location bar spoofing using fullscreen and
      JavaScript events (bmo#1222798)
      CVE-2017-5391: Content about: pages can load privileged about: pages
      (bmo#1309310, boo#1021835)
      CVE-2017-5392: Weak references using multiple threads on weak proxy
      objects lead to unsafe memory usage (bmo#1293709)
    (Android only)
      CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for
      mozAddonManager (bmo#1309282, boo#1021837)
      CVE-2017-5395: Android location bar spoofing during scrolling
      (bmo#1293463) (Android only)
      CVE-2017-5387: Disclosure of local file existence through TRACK
      tag error messages (bmo#1295023, boo#1021839)
      CVE-2017-5388: WebRTC can be used to generate a large amount of
      UDP traffic for DDOS attacks
    (bmo#1281482, boo#1021840)
      CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841)
      CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and
      Firefox ESR 45.7 (boo#1021824)
  - switch Firefox to Gtk3 for Tumbleweed
  - removed obsolete patches
    * mozilla-flex_buffer_overrun.patch
  - updated RPM locale support tag
  - improve recognition of LANGUAGE env variable (boo#1017174)
  - add upstream patch to fix PPC64LE (bmo#1319389)
    (mozilla-skia-ppc-endianess.patch)
  - fix build without skia (big endian archs) (bmo#1319374)
    (mozilla-disable-skia-be.patch)
* Mon Dec 12 2016 wr@rosenauer.org
  - update to Firefox 50.1.0 (boo#1015422)
    * MFSA 2016-94
      CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628)
      CVE-2016-9899: Use-after-free while manipulating DOM events and
      audio elements (bmo#1317409)
      CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
      CVE-2016-9896: Use-after-free with WebVR (bmo#1315543)
      CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
      CVE-2016-9898: Use-after-free in Editor while manipulating
      DOM subtrees (bmo#1314442)
      CVE-2016-9900: Restricted external resources can be loaded by
      SVG images through data URLs (bmo#1319122)
      CVE-2016-9904: Cross-origin information leak in shared atoms
      (bmo#1317936)
      CVE-2016-9901: Data from Pocket server improperly sanitized
      before execution (bmo#1320057)
      CVE-2016-9902: Pocket extension does not validate the origin
      of events (bmo#1320039)
      CVE-2016-9903: XSS injection vulnerability in add-ons SDK
      (bmo#1315435)
      CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
      CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and
      Firefox ESR 45.6
* Fri Dec 09 2016 cgrobertson@novell.com
  - added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)
* Thu Dec 01 2016 wr@rosenauer.org
  - update to Firefox 50.0.2
    * Firefox crashes with 3rd party Chinese IME when using IME text
      (50.0.1)
    security fixes (in 50.0.1): (boo#1012807)
    * MFSA 2016-91
      CVE-2016-9078: data: URL can inherit wrong origin after an
      HTTP redirect (bmo#1317641)
    security fixes (in 50.0.2) (boo#1012964)
    * MFSA 2016-92
      CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066)
* Mon Nov 14 2016 wr@rosenauer.org
  - update to Firefox 50.0 (boo#1009026)
    * requires NSS 3.26.2
    new features
    * Updates to keyboard shortcuts
      Set a preference to have Ctrl+Tab cycle through tabs in recently
      used order
      View a page in Reader Mode by using Ctrl+Alt+R
    * Added option to Find in page that allows users to limit search to
      whole words only
    * Added download protection for a large number of executable file
      types on Windows, Mac and Linux
    * Fixed rendering of dashed and dotted borders with rounded corners
      (border-radius)
    * Added a built-in Emoji set for operating systems without native
      Emoji fonts (Windows 8.0 and lower and Linux)
    * Blocked versions of libavcodec older than 54.35.1
    * additional locale
    security fixes:
    * MFSA 2016-89
      CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
      (bmo#1292443)
      CVE-2016-5292: URL parsing causes crash (bmo#1288482)
      CVE-2016-5293: Write to arbitrary file with updater and moz
      maintenance service using updater.log hardlink
    (Windows only) (bmo#1246945)
      CVE-2016-5294: Arbitrary target directory for result files of
      update process (Windows only) (bmo#1246972)
      CVE-2016-5297: Incorrect argument length checking in Javascript
      (bmo#1303678)
      CVE-2016-9064: Addons update must verify IDs match between
      current and new versions (bmo#1303418)
      CVE-2016-9065: Firefox for Android location bar spoofing usingfullscreen
      (Android only) (bmo#1306696)
      CVE-2016-9066: Integer overflow leading to a buffer overflow in
      nsScriptLoadHandler (bmo#1299686)
      CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
      (bmo#1301777, bmo#1308922 (CVE-2016-9069))
      CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)
      CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
      (bmo#1300083) (Windows only)
      CVE-2016-9075: WebExtensions can access the mozAddonManager API
      and use it to gain elevated privileges (bmo#1295324)
      CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied
      to cross-origin images, allowing timing attacks on them
    (bmo#1298552)
      CVE-2016-5291: Same-origin policy violation using local HTML file
      and saved shortcut file (bmo#1292159)
      CVE-2016-5295: Mozilla Maintenance Service: Ability to read
      arbitrary files as SYSTEM (Windows only) (bmo#1247239)
      CVE-2016-5298: SSL indicator can mislead the user about the real
      URL visited (bmo#1227538) (Android only)
      CVE-2016-5299: Firefox AuthToken in broadcast protected with
      signature-level permission can be accessed by an
    application installed beforehand that defines the
    same permissions (bmo#1245791) (Android only)
      CVE-2016-9061: API Key (glocation) in broadcast protected with
      signature-level permission can be accessed by an
    application installed beforehand that defines the
    same permissions (Android only) (bmo#1245795)
      CVE-2016-9062: Private browsing browser traces (android) in
      browser.db and wal file (Android only) (bmo#1294438)
      CVE-2016-9070: Sidebar bookmark can have reference to chrome window
      (bmo#1281071)
      CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
      (bmo#1289273)
      CVE-2016-9074: Insufficient timing side-channel resistance in
      divSpoiler (bmo#1293334) (fixed via NSS 3.26.1)
      CVE-2016-9076: select dropdown menu can be used for URL bar
      spoofing on e10s (bmo#1276976)
      CVE-2016-9063: Possible integer overflow to fix inside XML_Parse
      in expat (bmo#1274777)
      CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
      (bmo#1285003)
      CVE-2016-5289: Memory safety bugs fixed in Firefox 50
      CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
  - make aarch64 build more similar to x86_64 build (remove conditionals
    that don't seem to be necessary anymore)
* Mon Oct 24 2016 astieger@suse.com
  - Mozilla Firefox 49.0.2:
    * CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
    * CVE-2016-5288: Web content can read cache entries (bsc#1006476)
    * Asynchronous rendering of the Flash plugins is now enabled by
      default
    * Change D3D9 default fallback preference to prevent graphical
      artifacts
    * Network issue prevents some users from seeing the Firefox UI on
      startup
    * Web compatibility issue with file uploads
    * Web compatibility issue with Array.prototype.values
    * Diagnostic information on timing for tab switching
    * Fix a Canvas filters graphics issue affecting HTML5 apps
* Wed Oct 12 2016 badshah400@gmail.com
  - Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0
    and fixes have been incorporated by upstream.
* Fri Sep 23 2016 astieger@suse.com
  - Mozilla Firefox 49.0.1:
    * Mitigate a startup crash issue caused by Websense - bmo#1304783
* Tue Sep 20 2016 wr@rosenauer.org
  - update to Firefox 49.0 (boo#999701)
    new features
    * Updated Firefox Login Manager to allow HTTPS pages to use saved
      HTTP logins.
    * Added features to Reader Mode that make it easier on the eyes and
      the ears
    * Improved video performance for users on systems that support
      SSE3 without hardware acceleration
    * Added context menu controls to HTML5 audio and video that let users
      loops files or play files at 1.25x speed
    * Improvements in about:memory reports for tracking font memory usage
    security related
    * MFSA 2016-85
      CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
      mozilla::net::IsValidReferrerPolicy
      CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
      nsCaseTransformTextRunFactory::TransformString
      CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
      PropertyProvider::GetSpacingInternal
      CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
      CVE-2016-5273 (bmo#1280387) - crash in
      mozilla::a11y::HyperTextAccessible::GetChildOffset
      CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
      mozilla::a11y::DocAccessible::ProcessInvalidationList
      CVE-2016-5274 (bmo#1282076) - use-after-free in
      nsFrameManager::CaptureFrameState
      CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
      CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
      mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
      CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
      nsBMPEncoder::AddImageFrame
      CVE-2016-5279 (bmo#1249522) - Full local path of files is available
      to web pages after drag and drop
      CVE-2016-5280 (bmo#1289970) - Use-after-free in
      mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
      CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength
      CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons
      from non-whitelisted schemes
      CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can
      reveal cross-origin data
      CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration
      CVE-2016-5256 - Memory safety bugs fixed in Firefox 49
      CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
  - removed obsolete patches:
    * mozilla-aarch64-48bit-va.patch
    * mozilla-exclude-nametablecpp.patch
    * mozilla-old_configure-bmo1282843.patch
  - added patch mozilla-skia-overflow.patch (bmo#1304114)
  - requires NSS 3.25
* Tue Aug 30 2016 astieger@suse.com
  - Mozilla Firefox 48.0.2:
    * Mitigate a startup crash issue caused on Windows (bmo#1291738)
* Sat Aug 20 2016 astieger@suse.com
  - Mozilla Firefox 48.0.1:
    * Fix an audio regression impacting some major websites
      (bmo#1295296)
    * Fix a top crash in the JavaScript engine (bmo#1290469)
    * Fix a startup crash issue caused by Websense (bmo#1291738)
    * Fix a different behavior with e10s / non-e10s on <select> and
      mouse events (bmo#1291078)
    * Fix a top crash caused by plugin issues (bmo#1264530)
    * Fix a shutdown issue (bmo#1276920)
    * Fix a crash in WebRTC
* Mon Aug 15 2016 wr@rosenauer.org
  - added upstream patch so system plugins/extensions are correctly
    loaded again on x86-64 (bmo#1282843)
    (mozilla-old_configure-bmo1282843.patch)
* Fri Aug 05 2016 pcerny@suse.com
  - Fix for possible buffer overrun (bsc#990856)
    CVE-2016-6354 (bmo#1292534)
    [mozilla-flex_buffer_overrun.patch]
* Wed Aug 03 2016 badshah400@gmail.com
  - Update mozilla-gtk3_20.patch to latest version from Fedora.
* Mon Aug 01 2016 wr@rosenauer.org
  - update to Firefox 48.0 (boo#991809)
    * requires NSS 3.24
    * Process separation (e10s) is enabled for some of you
    * Add-ons that have not been verified and signed by Mozilla will not load
    * WebRTC embetterments
    * The media parser has been redeveloped using the Rust programming
      language
    * better Canvas performance with speedy Skia support
    security fixes:
    * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836
      Miscellaneous memory safety hazards
    * MFSA 2016-63/CVE-2016-2830 (bmo#1255270)
      Favicon network connection can persist when page is closed
    * MFSA 2016-64/CVE-2016-2838 (bmo#1279814)
      Buffer overflow rendering SVG with bidirectional content
    * MFSA 2016-65/CVE-2016-2839 (bmo#1275339)
      Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
    * MFSA 2016-66/CVE-2016-5251 (bmo#1255570)
      Location bar spoofing via data URLs with malformed/invalid mediatypes
    * MFSA 2016-67/CVE-2016-5252 (bmo#1268854)
      Stack underflow during 2D graphics rendering
    * MFSA 2016-68/CVE-2016-0718 (bmo#1236923)
      Out-of-bounds read during XML parsing in Expat library
    * MFSA 2016-69/CVE-2016-5253 (bmo#1246944)
      Arbitrary file manipulation by local user through Mozilla updater
      and callback application path parameter (Windows-only)
    * MFSA 2016-70/CVE-2016-5254 (bmo#1266963)
      Use-after-free when using alt key and toplevel menus
    * MFSA 2016-71/CVE-2016-5255 (bmo#1212356)
      Crash in incremental garbage collection in JavaScript
    * MFSA 2016-72/CVE-2016-5258 (bmo#1279146)
      Use-after-free in DTLS during WebRTC session shutdown
    * MFSA 2016-73/CVE-2016-5259 (bmo#1282992)
      Use-after-free in service workers with nested sync events
    * MFSA 2016-74/CVE-2016-5260 (bmo#1280294)
      Form input type change from password to text can store plain
      text password in session restore file
    * MFSA 2016-75/CVE-2016-5261 (bmo#1287266)
      Integer overflow in WebSockets during data buffering
    * MFSA 2016-76/CVE-2016-5262 (bmo#1277475)
      Scripts on marquee tag can execute in sandboxed iframes
    * MFSA 2016-77/CVE-2016-2837 (bmo#1274637)
      Buffer overflow in ClearKey Content Decryption Module (CDM)
      during video playback
    * MFSA 2016-78/CVE-2016-5263 (bmo#1276897)
      Type confusion in display transformation
    * MFSA 2016-79/CVE-2016-5264 (bmo#1286183)
      Use-after-free when applying SVG effects
    * MFSA 2016-80/CVE-2016-5265 (bmo#1278013)
      Same-origin policy violation using local HTML file and saved shortcut file
    * MFSA 2016-81/CVE-2016-5266 (bmo#1226977)
      Information disclosure and local file manipulation through drag and drop
    * MFSA 2016-82/CVE-2016-5267 (bmo#1284372)
      Addressbar spoofing with right-to-left characters on Firefox for Android
      (Android only)
    * MFSA 2016-83/CVE-2016-5268 (bmo#1253673)
      Spoofing attack through text injection into internal error pages
    * MFSA 2016-84/CVE-2016-5250 (bmo#1254688)
      Information disclosure through Resource Timing API during page navigation
  - removed obsolete mozilla-gcc6.patch
* Fri Jul 29 2016 badshah400@gmail.com
  - Update description and screenshots in appdata.xml file.
* Sat Jul 23 2016 antoine.belvire@laposte.net
  - Fix Firefox crash on startup on i586 (boo#986541):
    * Add -fno-delete-null-pointer-checks and
    - fno-inline-small-functions to CFLAGS
* Tue Jul 19 2016 mailaender@opensuse.org
  - Update the appdata.xml file (replace Windows XP screenshot)
* Wed Jun 29 2016 astieger@suse.com
  - Mozilla Firefox 47.0.1:
    * Selenium WebDriver may cause Firefox to crash at startup
      (bmo#1280854)
* Wed Jun 15 2016 wr@rosenauer.org
  - mozilla-binutils-visibility.patch to fix build issues with
    gcc/binutils combination used in Leap 42.2 (boo#984637)
* Tue Jun 14 2016 badshah400@gmail.com
  - Update mozilla-gtk3_20.patch to latest version from Fedora.
* Mon Jun 13 2016 agraf@suse.com
  - Fix running on 48bit va aarch64 (bsc#984126)
    * add patch mozilla-aarch64-48bit-va.patch
* Mon Jun 13 2016 wr@rosenauer.org
  - fix XUL dialog button order under KDE session (boo#984403)
* Tue Jun 07 2016 wr@rosenauer.org
  - update to Firefox 47.0 (boo#983549)
    * Enable VP9 video codec for users with fast machines
    * Embedded YouTube videos now play with HTML5 video if Flash is
      not installed
    * View and search open tabs from your smartphone or another
      computer in a sidebar
    * Allow no-cache on back/forward navigations for https resources
    security fixes:
    * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
      (boo#983638)
      (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
      bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
      bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
      bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
      bmo#1269729, bmo#1273202, bmo#1273701)
      Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
    * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
      Buffer overflow parsing HTML5 fragments
    * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
      Use-after-free deleting tables from a contenteditable document
    * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
      Addressbar spoofing though the SELECT element
    * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
      Out-of-bounds write with WebGL shader
    * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
      Partial same-origin-policy through setting location.host
      through data URI
    * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
      Use-after-free when textures are used in WebGL operations
      after recycle pool destruction
    * MFSA 2016-57/CVE-2016-2829 (boo#983644) (bmo#1248329)
      Incorrect icon displayed on permissions notifications
    * MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933)
      Entering fullscreen and persistent pointerlock without user
      permission
    * MFSA 2016-59/CVE-2016-2832 (boo#983632) (bmo#1025267)
      Information disclosure of disabled plugins through CSS
      pseudo-classes
    * MFSA 2016-60/CVE-2016-2833 (boo#983640) (bmo#908933)
      Java applets bypass CSP protections
    * MFSA 2016-62/CVE-2016-2834 (boo#983639) (bmo#1206283,
      bmo#1221620, bmo#1241034, bmo#1241037)
      Network Security Services (NSS) vulnerabilities
      fixed by requiring NSS 3.23
    packaging changes:
    * cleanup configure options (boo#981695):
    - notably remove GStreamer support which is gone from FF
    * remove obsolete patches
    - mozilla-libproxy.patch
    - mozilla-repo.patch
* Wed May 25 2016 badshah400@gmail.com
  - The conditional testing for gcc was failing for different
    openSUSE versions, drop it and apply patches unconditionally.
* Mon May 23 2016 badshah400@gmail.com
  - Add patches to fix building with gcc6:
    + mozilla-gcc6.patch: fix building with gcc >= 6.1; patch
      taken from upstream:
      https://hg.mozilla.org/mozilla-central/rev/55212130f19d.
    + mozilla-exclude-nametablecpp.patch: Exclude NameTable.cpp
      from unified compilation because #include <cmath> in other
      source files causes gcc6 compilation failure; patch taken from
      upstream:
      https://hg.mozilla.org/mozilla-central/rev/9c57b7cacffc.
* Thu May 12 2016 dsterba@suse.cz
  - enable build with PIE and full relro on x86_64 (boo#980384)
* Wed May 04 2016 wr@rosenauer.org
  - update to Firefox 46.0.1
    Fixed:
    * Search plugin issue for various locales
    * Add-on signing certificate expiration
    * Service worker update issue
    * Build issue when jit is disabled
    * Limit Sync registration updates
  - removed now obsolete mozilla-jit_branch64.patch
* Tue May 03 2016 normand@linux.vnet.ibm.com
  - add mozilla-jit_branch64.patch to avoid PowerPC build failure
    (from bmo#1266366)
* Wed Apr 27 2016 badshah400@gmail.com
  - Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest
    version from Fedora).
* Wed Apr 27 2016 wr@rosenauer.org
  - update to Firefox 46.0 (boo#977333)
    * Improved security of the JavaScript Just In Time (JIT) Compiler
    * WebRTC fixes to improve performance and stability
    * Added support for document.elementsFromPoint
    * Added HKDF support for Web Crypto API
    * requires NSPR 4.12 and NSS 3.22.3
    * added patch to fix unchecked return value
      mozilla-check_return.patch
    * Gtk3 builds not supported at the moment
    security fixes:
    * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807
      (boo#977373, boo#977375, boo#977376)
      Miscellaneous memory safety hazards
    * MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377)
      Privilege escalation through file deletion by Maintenance Service updater
      (Windows only)
    * MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378)
      Content provider permission bypass allows malicious application
      to access data (Android only)
    * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812
      (bmo#1252330, bmo#1261776, boo#977379)
      Use-after-free and buffer overflow in Service Workers
    * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380)
      Disclosure of user actions through JavaScript with motion and
      orientation sensors (only affects mobile variants)
    * MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381)
      Buffer overflow in libstagefright with CENC offsets
    * MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382)
      CSP not applied to pages sent with multipart/x-mixed-replace
    * MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384)
      Elevation of privilege with chrome.tabs.update API in web extensions
    * MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386)
      Write to invalid HashMap entry through JavaScript.watch()
    * MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388)
      Firefox Health Reports could accept events from untrusted domains
* Thu Apr 21 2016 badshah400@gmail.com
  - Update mozilla-gtk3_20.patch to fix scrollbar appearance under
    gtk >= 3.20 (patch synced to Fedora's version).
* Tue Apr 12 2016 badshah400@gmail.com
  - Compile against gtk3 depending on whether the macro
    %firefox_use_gtk3 is defined or not (e.g., at the prjconf
    level); macro is undefined by default and so gtk2 is used as the
    default toolkit.
  - Add BuildRequires for additional packages needed when building
    against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0),
    pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0).
  - Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20;
    patch taken from Fedora (bmo#1230955).
* Mon Apr 11 2016 astieger@suse.com
  - Mozilla Firefox 45.0.2:
    * Fix an issue impacting the cookie header when third-party
      cookies are blocked (bmo#1257861)
    * Fix a web compatibility regression impacting the srcset
      attribute of the image tag (bmo#1259482)
    * Fix a crash impacting the video playback with Media Source
      Extension (bmo#1258562)
    * Fix a regression impacting some specific uploads (bmo#1255735)
    * Fix a regression with the copy and paste with some old versions
      of some Gecko applications like Thunderbird (bmo#1254980)
* Fri Mar 18 2016 astieger@suse.com
  - Mozilla Firefox 45.0.1:
    * Fix a regression causing search engine settings to be lost in
      some context (bmo#1254694)
    * Bring back non-standard jar: URIs to fix a regression in IBM
      iNotes (bmo#1255139)
    * XSLTProcessor.importStylesheet was failing when <import> was
      used (bmo#1249572)
    * Fix an issue which could cause the list of search provider to
      be empty (bmo#1255605)
    * Fix a regression when using the location bar (bmo#1254503)
    * Fix some loading issues when Accept third-party cookies: was
      set to Never (bmo#1254856)
    * Disabled Graphite font shaping library
* Sun Mar 06 2016 wr@rosenauer.org
  - update to Firefox 45.0 (boo#969894)
    * requires NSPR 4.12 / NSS 3.21.1
    * Instant browser tab sharing through Hello
    * Synced Tabs button in button bar
    * Tabs synced via Firefox Accounts from other devices are now shown
      in dropdown area of Awesome Bar when searching
    * Introduce a new preference (network.dns.blockDotOnion) to allow
      blocking .onion at the DNS level
    * Tab Groups (Panorama) feature removed
    * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
      Miscellaneous memory safety hazards
    * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
      Local file overwriting and potential privilege escalation through
      CSP reports
    * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
      CSP reports fail to strip location information for embedded iframe pages
    * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
      Linux video memory DOS with Intel drivers
    * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
      Memory leak in libstagefright when deleting an array during MP4
      processing
    * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
      Displayed page address can be overridden
    * MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
      Service Worker Manager out-of-bounds read in Service Worker Manager
    * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
      Use-after-free in HTML5 string parser
    * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
      Use-after-free in SetBody
    * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
      Use-after-free when using multiple WebRTC data channels
    * MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
      Memory corruption when modifying a file being read by FileReader
    * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
      Use-after-free during XML transformations
    * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
      Addressbar spoofing though history navigation and Location protocol
      property
    * MFSA 2016-29/CVE-2016-1967 (bmo#1246956)
      Same-origin policy violation using perfomance.getEntries and
      history navigation with session restore
    * MFSA 2016-30/CVE-2016-1968 (bmo#1246742)
      Buffer overflow in Brotli decompression
    * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
      Memory corruption with malicious NPAPI plugin
    * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/
      CVE-2016-1976/CVE-2016-1972
      WebRTC and LibVPX vulnerabilities found through code inspection
    * MFSA 2016-33/CVE-2016-1973 (bmo#1219339)
      Use-after-free in GetStaticInstance in WebRTC
    * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
      Out-of-bounds read in HTML parser following a failed allocation
    * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
      Buffer overflow during ASN.1 decoding in NSS
      (fixed by requiring 3.21.1)
    * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
      Use-after-free during processing of DER encoded keys in NSS
      (fixed by requiring 3.21.1)
    * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
      CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
      CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
      CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
      Font vulnerabilities in the Graphite 2 library
* Sat Mar 05 2016 olaf@aepfle.de
  - Remove B_CNT from symbols.zip filename to reduce build-compare noise
* Fri Feb 26 2016 astieger@suse.com
  - fix build problems on i586, caused by too large unified compile
    units - adding mozilla-reduce-files-per-UnifiedBindings.patch
* Thu Feb 11 2016 wr@rosenauer.org
  - update to Firefox 44.0.2
    * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438)
      Same-origin-policy violation using Service Workers with plugins
    * Fix issue which could lead to the removal of stored passwords
      under certain circumstances (bmo#1242176)
    * Allows spaces in cookie names (bmo#1244505)
    * Disable opus/vorbis audio with H.264 (bmo#1245696)
    * Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
    * Fix a crash in cache networking (bmo#1244076)
    * Fix using WebSockets in service worker controlled pages (bmo#1243942)
* Sat Jan 30 2016 dmueller@suse.com
  - build fixes for arm/aarch64:
    * disable webrtc for arm/aarch64
    * switch away from openGL-ES backend to default for arm/aarch64
    since it almost never builds
    * reenable neon
  - reenable webrtc for powerpc as it seems to build
* Sun Jan 24 2016 wr@rosenauer.org
  - update to Firefox 44.0
    * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633
      Miscellaneous memory safety hazards
    * MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634
      Out of Memory crash when parsing GIF format images
    * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635
      Buffer overflow in WebGL after out of memory allocation
    * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637
      Firefox allows for control characters to be set in cookie names
    * MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641
      Missing delay following user click events in protocol handler dialog
    * MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731
      Errors in mp_div and mp_exptmod cryptographic functions in NSS
      (fixed by requiring NSS 3.21)
    * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)
      Addressbar spoofing attacks boo#963643
    * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
      (bmo#1186621, bmo#1214782, bmo#1232096) boo#963644
      Unsafe memory manipulation found through code inspection
    * MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645
      Application Reputation service disabled in Firefox 43
    * requires NSPR 4.11
    * requires NSS 3.21
  - prepare mozilla-kde.patch for Gtk3 builds
  - rebased patches
* Mon Jan 11 2016 astieger@suse.com
  - Mozilla Firefox 43.0.4:
    * Re-enable SHA-1 certificates to prevent outdated
      man-in-the-middle security devices from interfering with
      properly secured SSL/TLS connections (bmo#1236975)
    * Fix for startup crash for users of a third party antivirus tool
      (bmo#1235537)
  - The following change was previously in the package as a patch:
    * Multi-user GNU/Linux download folders can be created
    (bmo#1233434), removed mozilla-bmo1233434.patch
* Tue Dec 29 2015 wr@rosenauer.org
  - update to Firefox 43.0.3
    * requires NSS 3.20.2 to fix
      MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
      MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
      server signature
    * various changes to support Windows update (SHA-1 vs. SHA-2)
    * workaround Youtube user agent detection issue (bmo#1233970)
  - fix file download regression for multi user systems
    (bmo#1233434) (mozilla-bmo1233434.patch)
  - explicitely requires libXcomposite-devel
* Sun Dec 13 2015 wr@rosenauer.org
  - update to Firefox 43.0 (bnc#959277)
    * Improved API support for m4v video playback
    * Users can opt-in to receive search suggestions from the Awesome Bar
    * WebRTC streaming on multiple monitors
    * User selectable second block list for Private Browsing's Tracking
      Protection
    security fixes:
    * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
      Miscellaneous memory safety hazards
    * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
      Crash with JavaScript variable assignment with unboxed objects
    * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
      Same-origin policy violation using perfomance.getEntries and
      history navigation
    * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
      Firefox allows for control characters to be set in cookies
    * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
      Use-after-free in WebRTC when datachannel is used after being
      destroyed
    * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
      Integer overflow allocating extremely large textures
    * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
      Cross-origin information leak through web workers error events
    * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
      Hash in data URI is incorrectly parsed
    * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
      DOS due to malformed frames in HTTP/2
    * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
      Linux file chooser crashes on malformed images due to flaws in
      Jasper library
    * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
      (bmo#1201183, bmo#1178033, bmo#1199400)
      Buffer overflows found through code inspection
    * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
      Underflow through code inspection
    * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
      Integer overflow in MP4 playback in 64-bit versions
    * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
      Integer underflow and buffer overflow processing MP4 metadata in
      libstagefright
    * MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
      Privilege escalation vulnerabilities in WebExtension APIs
    * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
      Cross-site reading attack through data and view-source URIs
  - rebased patches
* Sun Nov 15 2015 wr@rosenauer.org
  - Add desktop menu action for private browsing window to desktop
    file (boo#954747)
  - remove obsolete patch mozilla-bmo1005535.patch completely from
    source package to avoid automatic check failures
* Sat Oct 31 2015 wr@rosenauer.org
  - update to Firefox 42.0 (bnc#952810)
    * Private Browsing with Tracking Protection blocks certain Web
      elements that could be used to record your behavior across sites
    * Control Center that contains site security and privacy controls
    * Login Manager improvements
    * WebRTC improvements
    * Indicator added to tabs that play audio with one-click muting
    * Media Source Extension for HTML5 video available for all sites
    security fixes:
    * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
      Miscellaneous memory safety hazards
    * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
      Information disclosure through NTLM authentication
    * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
      CSP bypass due to permissive Reader mode whitelist
    * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
      Firefox for Android addressbar can be removed after fullscreen mode
    * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
      Reading sensitive profile files through local HTML file on Android
    * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
      disabling scripts in Add-on SDK panels has no effect
    * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
      Trailing whitespace in IP address hostnames can bypass same-origin policy
    * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
      Buffer overflow during image interactions in canvas
    * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
      Android intents can be used on Firefox for Android to open privileged files
    * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
      XSS attack through intents on Firefox for Android
    * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
      Crash when accessing HTML tables with accessibility tools on OS X
    * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
      CORS preflight is bypassed when non-standard Content-Type headers
      are received
    * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
      Memory corruption in libjar through zip files
    * MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
      Certain escaped characters in host of Location-header are being
      treated as non-escaped
    * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
      JavaScript garbage collection crash with Java applet
    * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
      (bmo#1188010, bmo#1204061, bmo#1204155)
      Vulnerabilities found through code inspection
    * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
      Mixed content WebSocket policy bypass through workers
    * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
      (bmo#1202868, bmo#1205157)
      NSS and NSPR memory corruption issues
      (fixed in mozilla-nspr and mozilla-nss packages)
  - requires NSPR >= 4.10.10 and NSS >= 3.19.4
  - removed obsolete patches
    * mozilla-arm-disable-edsp.patch
    * mozilla-icu-strncat.patch
    * mozilla-skia-be-le.patch
    * toolkit-download-folder.patch
  - fixed build with enable-libproxy (bmo#1220399)
    * mozilla-libproxy.patch
* Thu Oct 15 2015 wr@rosenauer.org
  - update to Firefox 41.0.2 (bnc#950686)
    * MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669)
      Cross-origin restriction bypass using Fetch
  - added explicit appdata provides (bnc#949983)
* Sun Oct 04 2015 wr@rosenauer.org
  - do not build with --enable-stdcxx-compat
    (this starts to fail build on various toolchain combinations
    and is not required for openSUSE builds in general
* Thu Oct 01 2015 wr@rosenauer.org
  - update to Firefox 41.0.1
    * Fix a startup crash related to Yandex toolbar and Adblock Plus
      (bmo#1209124)
    * Fix potential hangs with Flash plugins (bmo#1185639)
    * Fix a regression in the bookmark creation (bmo#1206376)
    * Fix a startup crash with some Intel Media Accelerator 3150
      graphic cards (bmo#1207665)
    * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)
* Sat Sep 19 2015 wr@rosenauer.org
  - update to Firefox 41.0 (bnc#947003)
    * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
      Miscellaneous memory safety hazards
    * MFSA 2015-97/CVE-2015-4503 (bmo#994337)
      Memory leak in mozTCPSocket to servers
    * MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
      Out of bounds read in QCMS library with ICC V4 profile attributes
    * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
      Site attribute spoofing on Android by pasting URL with unknown scheme
    * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
      Arbitrary file manipulation by local user through Mozilla updater
    * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
      Buffer overflow in libvpx while parsing vp9 format video
    * MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
      Crash when using debugger with SavedStacks in JavaScript
    * MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
      URL spoofing in reader mode
    * MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
      Use-after-free with shared workers and IndexedDB
    * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
      Buffer overflow while decoding WebM video
    * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
      Use-after-free while manipulating HTML media content
    * MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
      Out-of-bounds read during 2D canvas display on Linux 16-bit
      color depth systems
    * MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
      Scripted proxies can access inner window
    * MFSA 2015-109/CVE-2015-4516 (bmo#904886)
      JavaScript immutable property enforcement can be bypassed
    * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
      Dragging and dropping images exposes final URL after redirects
    * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
      Errors in the handling of CORS preflight request headers
    * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
      CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
      CVE-2015-7180
      Vulnerabilities found through code inspection
    * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
      bmo#1190526) (Windows only)
      Memory safety errors in libGLES in the ANGLE graphics library
    * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
      Information disclosure via the High Resolution Time API
  - rebased patches
  - removed obsolete patches
    * mozilla-arm64-libjpeg-turbo.patch
* Thu Aug 27 2015 wr@rosenauer.org
  - update to Firefox 40.0.3 (bnc#943550)
    * Disable the asynchronous plugin initialization (bmo#1198590)
    * Fix a segmentation fault in the GStreamer support (bmo#1145230)
    * Fix a regression with some Japanese fonts used in the <input>
      field (bmo#1194055)
    * On some sites, the selection in a select combox box using the
      mouse could be broken (bmo#1194733)
    security fixes
    * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
      Use-after-free when resizing canvas element during restyling
    * MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
      Add-on notification bypass through data URLs
* Fri Aug 07 2015 wr@rosenauer.org
  - update to Firefox 40.0 (bnc#940806)
    * Added protection against unwanted software downloads
    * Suggested Tiles show sites of interest, based on categories
      from your recent browsing history
    * Hello allows adding a link to conversations to provide context
      on what the conversation will be about
    * New style for add-on manager based on the in-content
      preferences style
    * Improved scrolling, graphics, and video playback performance
      with off main thread compositing (GNU/Linux only)
    * Graphic blocklist mechanism improved: Firefox version ranges
      can be specified, limiting the number of devices blocked
    security fixes:
    * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
      Miscellaneous memory safety hazards
    * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
      Out-of-bounds read with malformed MP3 file
    * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
      Use-after-free in MediaStream playback
    * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
      Redefinition of non-configurable JavaScript object properties
    * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
      Overflow issues in libstagefright
    * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
      Arbitrary file overwriting through Mozilla Maintenance Service
      with hard links (only affected Windows)
    * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
      Out-of-bounds write with Updater and malicious MAR file
      (does not affect openSUSE RPM packages which do not ship the
      updater)
    * MFSA 2015-86/CVE-2015-4483 (bmo#1148732)
      Feed protocol with POST bypasses mixed content protections
    * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
      Crash when using shared memory in JavaScript
    * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
      Heap overflow in gdk-pixbuf when scaling bitmap images
    * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
      Buffer overflows on Libvpx when decoding WebM video
    * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
      Vulnerabilities found through code inspection
    * MFSA 2015-91/CVE-2015-4490 (bmo#1086999)
      Mozilla Content Security Policy allows for asterisk wildcards
      in violation of CSP specification
    * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
      Use-after-free in XMLHttpRequest with shared workers
  - added mozilla-no-stdcxx-check.patch
  - removed obsolete patches
    * mozilla-add-glibcxx_use_cxx11_abi.patch
    * firefox-multilocale-chrome.patch
  - rebased patches
  - requires version 40 of the branding package
  - removed browser/searchplugins/ location as it's not valid anymore
* Fri Aug 07 2015 wr@rosenauer.org
  - security update to Firefox 39.0.3 (bnc#940918)
    * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
      Same origin violation and local file stealing via PDF reader
* Wed Jul 01 2015 wr@rosenauer.org
  - update to Firefox 39.0 (bnc#935979)
    * Share Hello URLs with social networks
    * Support for 'switch' role in ARIA 1.1 (web accessibility)
    * SafeBrowsing malware detection lookups enabled for downloads
      (Mac OS X and Linux)
    * Support for new Unicode 8.0 skin tone emoji
    * Removed support for insecure SSLv3 for network communications
    * Disable use of RC4 except for temporarily whitelisted hosts
    * NPAPI Plug-in performance improved via asynchronous initialization
    security fixes:
    * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726
      Miscellaneous memory safety hazards
    * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
      Local files or privileged URLs in pages can be opened into new tabs
    * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
      Type confusion in Indexed Database Manager
    * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
      Out-of-bound read while computing an oscillator rendering range in Web Audio
    * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
      Use-after-free in Content Policy due to microtask execution error
    * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
      ECDSA signature validation fails to handle some signatures correctly
      (this fix is shipped by NSS 3.19.1 externally)
    * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
      Use-after-free in workers while using XMLHttpRequest
    * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
      CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
      Vulnerabilities found through code inspection
    * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
      Key pinning is ignored when overridable errors are encountered
    * MFSA 2015-68/CVE-2015-2742 (bmo#1138669)
      OS X crash reports may contain entered key press information
      (not relevant under Linux)
    * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
      Privilege escalation in PDF.js
    * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
      NSS accepts export-length DHE keys with regular DHE cipher suites
      (this fix is shipped by NSS 3.19.1 externally)
    * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
      NSS incorrectly permits skipping of ServerKeyExchange
      (this fix is shipped by NSS 3.19.1 externally)
  - dropped mozilla-prefer_plugin_pref.patch as this feature is
    likely not worth maintaining further
  - rebased patches
  - require NSS 3.19.2
* Thu Jun 18 2015 schwab@suse.de
  - mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
* Sun Jun 07 2015 wr@rosenauer.org
  - update to Firefox 38.0.6
    * fixes bmo#1171730 which is not really relevant to oS builds
  - fix KDE regression from 38.0.5 builds (bsc#933439)
* Sat May 23 2015 wr@rosenauer.org
  - update to Firefox 38.0.5
    * Keep track of articles and videos with Pocket
    * Clean formatting for articles and blog posts with Reader View
    * Share the active tab or window in a Hello conversation
  - add changes file as source for SRPM (bsc#932142)
* Fri May 15 2015 normand@linux.vnet.ibm.com
  - add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from
    https://bugzilla.mozilla.org/show_bug.cgi?id=1153109
* Fri May 15 2015 wr@rosenauer.org
  - update to Firefox 38.0.1
    stability and regression fixes
    * Systems with first generation NVidia Optimus graphics cards
      may crash on start-up
    * Users who import cookies from Google Chrome can end up with
      broken websites
    * Large animated images may fail to play and may stop other
      images from loading
* Sun May 10 2015 wr@rosenauer.org
  - update to Firefox 38.0 (bnc#930622)
    * New tab-based preferences
    * Ruby annotation support
    * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
    security fixes:
    * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
      Miscellaneous memory safety hazards
    * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
      Buffer overflow parsing H.264 video with Linux Gstreamer
    * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
      Buffer overflow with SVG content and CSS
    * MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
      Referrer policy ignored when links opened by middle-click and
      context menu
    * MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
      Out-of-bounds read and write in asm.js validation
    * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
      Use-after-free during text processing with vertical text enabled
    * MFSA 2015-53/CVE-2015-2715 (bmo#988698)
      Use-after-free due to Media Decoder Thread creation during shutdown
    * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
      Buffer overflow when parsing compressed XML
    * MFSA 2015-55/CVE-2015-2717 (bmo#1154683)
      Buffer overflow and out-of-bounds read while parsing MP4 video
      metadata
    * MFSA 2015-56/CVE-2015-2718 (bmo#1146724)
      Untrusted site hosting trusted page can intercept webchannel
      responses
    * MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
      Privilege escalation through IPC channel messages
  - requires NSS 3.18.1
  - removed obsolete patches:
    * mozilla-skia-bmo1136958.patch
  - remove gnomevfs build options as it is removed from sources
  - rebased patches
* Fri Apr 17 2015 wr@rosenauer.org
  - update to Firefox 37.0.2 (bnc#928116)
    * MFSA 2015-45/CVE-2015-2706 (bmo#1141081)
      Memory corruption during failed plugin initialization
* Fri Apr 03 2015 wr@rosenauer.org
  - update to Firefox 37.0.1 (bnc#926166)
    * MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only)
      Loading privileged content through Reader mode
    * MFSA 2015-44/CVE-2015-0799 (bmo#1148328)
      Certificate verification bypass through the HTTP/2 Alt-Svc header
* Sat Mar 28 2015 wr@rosenauer.org
  - update to Firefox 37.0 (bnc#925368)
    * Heartbeat user rating system
    * Yandex set as default search provider for the Turkish locale
    * Bing search now uses HTTPS for secure searching
    * Improved protection against site impersonation via OneCRL
      centralized certificate revocation
    * Opportunistically encrypt HTTP traffic where the server supports
      HTTP/2 AltSvc
    * some more behaviour changes for TLS
    security fixes:
    * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
      Miscellaneous memory safety hazards
    * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
      Use-after-free when using the Fluendo MP3 GStreamer plugin
    * MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
      Add-on lightweight theme installation approval bypassed through
      MITM attack
    * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
      resource:// documents can load privileged pages
    * MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
      Out of bounds read in QCMS library
    * MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
      Cursor clickjacking with flash and images (OS X only)
    * MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
      Incorrect memory management for simple-type arrays in WebRTC
    * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
      CORS requests should not follow 30x redirections after preflight
    * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
      Memory corruption crashes in Off Main Thread Compositing
    * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)
      Use-after-free due to type confusion flaws
    * MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
      Same-origin bypass through anchor navigation
    * MFSA-2015-41/CVE-2015-0800/CVE-2012-2808
      PRNG weakness allows for DNS poisoning on Android (only)
    * MFSA-2015-42/CVE-2015-0802 (bmo#1124898)
      Windows can retain access to privileged content on navigation
      to unprivileged pages
  - removed obsolete patches
    * mozilla-bmo1088588.patch
    * mozilla-bmo1108834.patch
  - requires NSPR 4.10.8
* Tue Mar 24 2015 dvaleev@suse.com
  - Fix builds with skia on Power
    mozilla-skia-be-le.patch (patch from #bmo1136958)
    mozilla-bmo1108834.patch
    mozilla-bmo1005535.patch
* Sat Mar 21 2015 wr@rosenauer.org
  - update to Firefox 36.0.4 (bnc#923534)
    * MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
      Privilege escalation through SVG navigation
    * MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
      Code execution through incorrect JavaScript bounds checking
      elimination
* Fri Mar 20 2015 dimstar@opensuse.org
  - Copy the icons to /usr/share/icons instead of symlinking them:
    in preparation for containerized apps (e.g. xdg-app) as well as
    AppStream metadata extraction, there are a couple locations that
    need to be real files for system integration (.desktop files,
    icons, mime-type info).
* Sat Mar 07 2015 wr@rosenauer.org
  - update to Firefox 36.0.1
    Bugfixes:
    * Disable the usage of the ANY DNS query type (bmo#1093983)
    * Hello may become inactive until restart (bmo#1137469)
    * Print preferences may not be preserved (bmo#1136855)
    * Hello contact tabs may not be visible (bmo#1137141)
    * Accept hostnames that include an underscore character ("_")
      (bmo#1136616)
    * WebGL may use significant memory with Canvas2d (bmo#1137251)
    * Option -remote has been restored (bmo#1080319)
  - added mozilla-skia-bmo1136958.patch to fix build issues for
    ARM and PPC
* Fri Feb 20 2015 wr@rosenauer.org
  - update to Firefox 36.0 (bnc#917597)
    * mozilla-xremote-client was removed
    * added libclearkey.so media plugin
    * Pinned tiles on the new tab page can be synced
    * Support for the full HTTP/2 protocol. HTTP/2 enables a faster,
      more scalable, and more responsive web.
    * Locale added: Uzbek (uz)
    security fixes:
    * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
      Miscellaneous memory safety hazards
    * MFSA 2015-12/CVE-2015-0833 (bmo#945192)
      Invoking Mozilla updater will load locally stored DLL files
      (Windows only)
    * MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
      Appended period to hostnames can bypass HPKP and HSTS protections
    * MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
      Malicious WebGL content crash when writing strings
    * MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
      TLS TURN and STUN connections silently fail to simple TCP connections
    * MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
      Use-after-free in IndexedDB
    * MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
      Buffer overflow in libstagefright during MP4 video playback
    * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
      Double-free when using non-default memory allocators with a
      zero-length XHR
    * MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
      Out-of-bounds read and write while rendering SVG content
    * MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
      Buffer overflow during CSS restyling
    * MFSA 2015-21/CVE-2015-0825 (bmo#1092370)
      Buffer underflow during MP3 playback
    * MFSA 2015-22/CVE-2015-0824 (bmo#1095925)
      Crash using DrawTarget in Cairo graphics library
    * MFSA 2015-23/CVE-2015-0823 (bmo#1098497)
      Use-after-free in Developer Console date with OpenType Sanitiser
    * MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
      Reading of local files through manipulation of form autocomplete
    * MFSA 2015-25/CVE-2015-0821 (bmo#1111960)
      Local files or privileged URLs in pages can be opened into new tabs
    * MFSA 2015-26/CVE-2015-0819 (bmo#1079554)
      UI Tour whitelisted sites in background tab can spoof foreground
      tabs
    * MFSA 2015-27CVE-2015-0820 (bmo#1125398)
      Caja Compiler JavaScript sandbox bypass
  - rebased patches
  - requires NSS 3.17.4
* Sat Jan 31 2015 wr@rosenauer.org
  - update to Firefox 35.0.1
    * With the Enhanced Steam extension, Firefox could crash (bmo#1123732)
    * Kerberos authentication did not work with alias (bmo#1108971)
    * SVG / CSS animation had a regression causing rendering issues on
      websites like openstreemap.org (bmo#1083079)
    * On Godaddy webmail, Firefox could crash (bmo#1113121)
    * document.baseURI did not get updated to document.location after
      base tag was removed from DOM for site with a CSP (bmo#1121857)
    * With a Right-to-left (RTL) version of Firefox, the text selection
      could be broken (bmo#1104036)
    * CSP had a change in behavior with regard to case sensitivity
      resources loading (bmo#1122445)
* Sat Jan 10 2015 wr@rosenauer.org
  - update to Firefox 35.0 (bnc#910669)
    notable features:
    * Firefox Hello with new rooms-based conversations model
    * Implemented HTTP Public Key Pinning Extension (for enhanced
      authentication of encrypted connections)
    security fixes:
    * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
      Miscellaneous memory safety hazards
    * MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
      Uninitialized memory use during bitmap rendering
    * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
      sendBeacon requests lack an Origin header
    * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
      Cookie injection through Proxy Authenticate responses
    * MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
      Read of uninitialized memory in Web Audio
    * MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
      Read-after-free in WebRTC
    * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
      Gecko Media Plugin sandbox escape
    * MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
      Delegated OCSP responder certificates failure with
      id-pkix-ocsp-nocheck extension
    * MFSA 2015-09/CVE-2014-8636 (bmo#987794)
      XrayWrapper bypass through DOM objects
  - rebased patches
  - dropped explicit support for everything older than 12.3
    (including SLES11)
    * merge firefox-kde.patch and firefox-kde-114.patch
    * dropped mozilla-sle11.patch
  - reworked specfile to build conditionally based on release channel
    either Firefox or Firefox Developer Edition
  - added mozilla-openaes-decl.patch to fix implicit declarations
  - obsolete tracker-miner-firefox < 0.15 because it leads to startup
    crashes (bnc#908892)
* Sat Dec 13 2014 Led <ledest@gmail.com>
  - fix bashism in mozilla.sh script
* Sat Nov 29 2014 wr@rosenauer.org
  - update to Firefox 34.0.5 (bnc#908009)
    * Default search engine changed to Yahoo! for North America
    * Default search engine changed to Yandex for Belarusian, Kazakh,
      and Russian locales
    * Improved search bar (en-US only)
    * Firefox Hello real-time communication client
    * Easily switch themes/personas directly in the Customizing mode
    * Implementation of HTTP/2 (draft14) and ALPN
    * Disabled SSLv3
    * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
      Miscellaneous memory safety hazards
    * MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
      XBL bindings accessible via improper CSS declarations
    * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
      XMLHttpRequest crashes with some input streams
    * MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
      CSP leaks redirect data via violation reports
    * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
      Use-after-free during HTML5 parsing
    * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
      Buffer overflow while parsing media content
    * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
      Bad casting from the BasicThebesLayer to BasicContainerLayer
  - rebased patches
  - limit linker memory usage for %ix86
  - rebased patches
* Fri Nov 07 2014 wr@rosenauer.org
  - update to Firefox 33.1
    * Adding DuckDuckGo as a search option (upstream)
    * Forget Button added
    * Enhanced Tiles
    * Privacy tour introduced
  - fix typo in GStreamer Recommends
* Tue Nov 04 2014 guillaume@opensuse.org
  - Disable elf-hack for aarch64
  - Enable EGL for aarch64
  - Limit RAM usage during link for %arm
  - Fix _constraints for ARM
* Mon Nov 03 2014 dmueller@suse.com
  - use proper macros for ARM
* Mon Nov 03 2014 josua.mayer97@gmail.com
  - use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too
    to fix compiling.
  - pass '-Wl,--no-keep-memory' to linker to reduce required memory during
    linking on arm.
* Thu Oct 30 2014 wr@rosenauer.org
  - update to Firefox 33.0.2
    * Fix a startup crash with some combination of hardware and drivers
    33.0.1
    * Firefox displays a black screen at start-up with certain
      graphics drivers
  - adjusted _constraints for ARM
* Tue Oct 28 2014 josua.mayer97@gmail.com
  - added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588)
* Sat Oct 25 2014 wr@rosenauer.org
  - define /usr/share/myspell as additional dictionary location
    and remove add-plugins.sh finally (bnc#900639)
* Sun Oct 19 2014 vindex17@outlook.it
  - use Firefox default optimization flags instead of -Os
  - specfile cleanup
* Wed Oct 15 2014 wr@rosenauer.org
  - fix build for all ppc by not enabling elf-hack
    (bnc#901213)

Files

/usr/bin/firefox
/usr/lib/firefox
/usr/lib/firefox/application.ini
/usr/lib/firefox/browser
/usr/lib/firefox/browser/blocklist.xml
/usr/lib/firefox/browser/chrome
/usr/lib/firefox/browser/chrome.manifest
/usr/lib/firefox/browser/chrome/icons
/usr/lib/firefox/browser/chrome/icons/default
/usr/lib/firefox/browser/chrome/icons/default/default128.png
/usr/lib/firefox/browser/chrome/icons/default/default16.png
/usr/lib/firefox/browser/chrome/icons/default/default22.png
/usr/lib/firefox/browser/chrome/icons/default/default24.png
/usr/lib/firefox/browser/chrome/icons/default/default256.png
/usr/lib/firefox/browser/chrome/icons/default/default32.png
/usr/lib/firefox/browser/chrome/icons/default/default48.png
/usr/lib/firefox/browser/chrome/icons/default/default64.png
/usr/lib/firefox/browser/defaults
/usr/lib/firefox/browser/defaults/preferences
/usr/lib/firefox/browser/defaults/preferences/firefox.js
/usr/lib/firefox/browser/defaults/preferences/kde.js
/usr/lib/firefox/browser/extensions
/usr/lib/firefox/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
/usr/lib/firefox/browser/features
/usr/lib/firefox/browser/features/activity-stream@mozilla.org.xpi
/usr/lib/firefox/browser/features/aushelper@mozilla.org.xpi
/usr/lib/firefox/browser/features/firefox@getpocket.com.xpi
/usr/lib/firefox/browser/features/followonsearch@mozilla.com.xpi
/usr/lib/firefox/browser/features/formautofill@mozilla.org.xpi
/usr/lib/firefox/browser/features/jaws-esr@mozilla.org.xpi
/usr/lib/firefox/browser/features/onboarding@mozilla.org.xpi
/usr/lib/firefox/browser/features/screenshots@mozilla.org.xpi
/usr/lib/firefox/browser/features/webcompat@mozilla.org.xpi
/usr/lib/firefox/browser/omni.ja
/usr/lib/firefox/chrome.manifest
/usr/lib/firefox/defaults
/usr/lib/firefox/defaults/pref
/usr/lib/firefox/defaults/pref/channel-prefs.js
/usr/lib/firefox/defaults/pref/spellcheck.js
/usr/lib/firefox/dependentlibs.list
/usr/lib/firefox/dictionaries
/usr/lib/firefox/distribution
/usr/lib/firefox/distribution/extensions
/usr/lib/firefox/firefox
/usr/lib/firefox/firefox-bin
/usr/lib/firefox/firefox.sh
/usr/lib/firefox/fonts
/usr/lib/firefox/fonts/EmojiOneMozilla.ttf
/usr/lib/firefox/gmp-clearkey
/usr/lib/firefox/gmp-clearkey/0.1
/usr/lib/firefox/gmp-clearkey/0.1/libclearkey.so
/usr/lib/firefox/gmp-clearkey/0.1/manifest.json
/usr/lib/firefox/gtk2
/usr/lib/firefox/gtk2/libmozgtk.so
/usr/lib/firefox/liblgpllibs.so
/usr/lib/firefox/libmozavcodec.so
/usr/lib/firefox/libmozavutil.so
/usr/lib/firefox/libmozgtk.so
/usr/lib/firefox/libmozsqlite3.so
/usr/lib/firefox/libxul.so
/usr/lib/firefox/omni.ja
/usr/lib/firefox/pingsender
/usr/lib/firefox/platform.ini
/usr/lib/firefox/plugin-container
/usr/lib/mozilla
/usr/lib/mozilla/extensions
/usr/lib/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
/usr/share/appdata
/usr/share/appdata/firefox.appdata.xml
/usr/share/applications/firefox.desktop
/usr/share/icons/hicolor
/usr/share/icons/hicolor/128x128
/usr/share/icons/hicolor/128x128/apps
/usr/share/icons/hicolor/128x128/apps/firefox.png
/usr/share/icons/hicolor/16x16
/usr/share/icons/hicolor/16x16/apps
/usr/share/icons/hicolor/16x16/apps/firefox.png
/usr/share/icons/hicolor/22x22
/usr/share/icons/hicolor/22x22/apps
/usr/share/icons/hicolor/22x22/apps/firefox.png
/usr/share/icons/hicolor/24x24
/usr/share/icons/hicolor/24x24/apps
/usr/share/icons/hicolor/24x24/apps/firefox.png
/usr/share/icons/hicolor/256x256
/usr/share/icons/hicolor/256x256/apps
/usr/share/icons/hicolor/256x256/apps/firefox.png
/usr/share/icons/hicolor/32x32
/usr/share/icons/hicolor/32x32/apps
/usr/share/icons/hicolor/32x32/apps/firefox.png
/usr/share/icons/hicolor/48x48
/usr/share/icons/hicolor/48x48/apps
/usr/share/icons/hicolor/48x48/apps/firefox.png
/usr/share/icons/hicolor/64x64
/usr/share/icons/hicolor/64x64/apps
/usr/share/icons/hicolor/64x64/apps/firefox.png
/usr/share/man/man1/firefox.1.gz
/usr/share/mime/packages/firefox.xml
/usr/share/mozilla
/usr/share/mozilla/extensions
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
/usr/share/pixmaps/firefox-gnome.png
/usr/share/pixmaps/firefox.png


Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Dec 16 00:49:44 2019