New Tumbleweed snapshot 20171009 released!

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

New Tumbleweed snapshot 20171009 released!

Dominique Leuenberger

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20171009

When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.

Packages changed:
  MozillaFirefox (52.3.0 -> 56.0)
  MozillaThunderbird (52.3.0 -> 52.4.0)
  bluedevil5 (5.10.5 -> 5.11.0)
  breeze (5.10.5 -> 5.11.0)
  breeze-gtk (5.10.5 -> 5.11.0)
  breeze4-style (5.10.5 -> 5.11.0)
  clamav
  dracut
  drkonqi5 (5.10.5 -> 5.11.0)
  file
  graphviz
  graphviz-addons
  kactivitymanagerd (5.10.5 -> 5.11.0)
  kcm_sddm (5.10.5 -> 5.11.0)
  kde-cli-tools5 (5.10.5 -> 5.11.0)
  kde-gtk-config5 (5.10.5 -> 5.11.0)
  kde-user-manager (5.10.5 -> 5.11.0)
  kernel-source (4.13.4 -> 4.13.5)
  kgamma5 (5.10.5 -> 5.11.0)
  khotkeys5 (5.10.5 -> 5.11.0)
  kinfocenter5 (5.10.5 -> 5.11.0)
  kmenuedit5 (5.10.5 -> 5.11.0)
  kscreen5 (5.10.5 -> 5.11.0)
  kscreenlocker (5.10.5 -> 5.11.0)
  ksshaskpass5 (5.10.5 -> 5.11.0)
  ksysguard5 (5.10.5 -> 5.11.0)
  kwin5 (5.10.5 -> 5.11.0)
  libkdecoration2 (5.10.5 -> 5.11.0)
  libkscreen2 (5.10.5 -> 5.11.0)
  libksysguard5 (5.10.5 -> 5.11.0)
  linphone
  milou5 (5.10.5 -> 5.11.0)
  oxygen5 (5.10.5 -> 5.11.0)
  perl-Class-Multimethods (1.70 -> 1.701)
  perl-DBD-CSV (0.48 -> 0.49)
  perl-Log-Dispatch (2.66 -> 2.67)
  plasma-nm5 (5.10.5 -> 5.11.0)
  plasma5-addons (5.10.5 -> 5.11.0)
  plasma5-desktop (5.10.5 -> 5.11.0)
  plasma5-integration (5.10.5 -> 5.11.0)
  plasma5-openSUSE
  plasma5-pa (5.10.5 -> 5.11.0)
  plasma5-workspace (5.10.5 -> 5.11.0)
  polkit-kde-agent-5 (5.10.5 -> 5.11.0)
  powerdevil5 (5.10.5 -> 5.11.0)
  systemsettings5 (5.10.5 -> 5.11.0)
  timezone
  timezone-java
  xdg-desktop-portal-kde (5.10.5 -> 5.11.0)

=== Details ===

==== MozillaFirefox ====
Version update (52.3.0 -> 56.0)
Subpackages: MozillaFirefox-translations-common

- Correct plugin directory for aarch64 (boo#1061207). The wrapper
  script was not detecting aarch64 as a 64 bit architecture, thus
  used /usr/lib/browser-plugins/.
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
  pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
  pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
  pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
  looks for.
- update to Firefox 56.0 (boo#1060445)
  * Firefox Screenshots
  * Find Options/Preferences more quickly with new search function
  * Media is no longer auto-played when opened in a background tab
  * Enable CSS Grid Layout View
  MFSA 2017-21
  * CVE-2017-7793 (bmo#1371889)
    Use-after-free with Fetch API
  * CVE-2017-7817 (bmo#1356596) (Android-only)
    Firefox for Android address bar spoofing through fullscreen mode
  * CVE-2017-7818 (bmo#1363723)
    Use-after-free during ARIA array manipulation
  * CVE-2017-7819 (bmo#1380292)
    Use-after-free while resizing images in design mode
  * CVE-2017-7824 (bmo#1398381)
    Buffer overflow when drawing and validating elements with ANGLE
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
    Use-after-free in TLS 1.2 generating handshake hashes
  * CVE-2017-7812 (bmo#1379842)
    Drag and drop of malicious page content to the tab bar can open locally stored files
  * CVE-2017-7814 (bmo#1376036)
    Blob and data URLs bypass phishing and malware protection warnings
  * CVE-2017-7813 (bmo#1383951)
    Integer truncation in the JavaScript parser
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
  * CVE-2017-7815 (bmo#1368981)
    Spoofing attack with modal dialogs on non-e10s installations
  * CVE-2017-7816 (bmo#1380597)
    WebExtensions can load about: URLs in extension UI
  * CVE-2017-7821 (bmo#1346515)
    WebExtensions can download and open non-executable files without user interaction
  * CVE-2017-7823 (bmo#1396320)
    CSP sandbox directive did not create a unique origin
  * CVE-2017-7822 (bmo#1368859)
    WebCrypto allows AES-GCM with 0-length IV
  * CVE-2017-7820 (bmo#1378207)
    Xray wrapper bypass with new tab and web console
  * CVE-2017-7811
    Memory safety bugs fixed in Firefox 56
  * CVE-2017-7810
    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
- requires NSPR 4.16 and NSS 3.32.1
- rebased patches
- Add alsa-devel BuildRequires: we care for ALSA support to be
  built and thus need to ensure we get the dependencies in place.
  In the past, alsa-devel was pulled in by accident: we
  buildrequire libgnome-devel. This required esound-devel and that
  in turn pulled in alsa-devel for us. libgnome is being fixed to
  no longer require esound-devel.
- update to Firefox 55.0.3
  * Fix an issue with addons when using a path containing non-ascii
    characters (bmo#1389160)
  * Fix file uploads to some websites, including YouTube (bmo#1383518)
- fix Google API key build integration
- add mozilla-ucontext.patch to fix Tumbleweed build
- do not enable XINPUT2 for now (boo#1053959)
- update to Firefox 55.0.1
  * Fix a regression the tab restoration process (bmo#1388160)
  * Fix a problem causing What's new pages not to be displayed (bmo#1386224)
  * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370)
  * Disable the predictor prefetch (bmo#1388160)
- update to Firefox 55.0 (boo#1052829)
  * Browsing sessions with a high number of tabs are now restored
    in an instant
  * Sidebar (bookmarks, history, synced tabs) can now be moved to
    the right edge of the window
  * Fine-tune your browser performance from the Preferences/Options page.
  * Make screenshots of webpages, and save them locally or upload
    them to the cloud. This feature will undergo A/B testing and
    will not be visible for some users.
  * Added Belarusian (be) locale
  * Simplify print jobs from within print preview
  * Use virtual reality devices with the web with the introduction
    of WebVR
  * Search suggestions are now enabled by default for users who
    haven't explicitly opted-out
  * Search with any installed search engine directly from the
    location bar
  * IMPORTANT: Breaking profile changes - do not downgrade Firefox
    and use a profile that has been opened with Firefox 55+.
  * The Adobe Flash plugin is now click-to-activate by default and
    only allowed on http:// and https:// URL schemes. This change
    will be rolled out progressively and so will not be visible to
    all users immediately. For more information see the Firefox
    plugin roadmap
  * Modernized application update UI to be less intrusive and more
    aligned with the rest of the browser. Only users who have not
    restarted their browser 8 days after downloading an update or
    users who opted out of automatic updates will see this change.
  * Insecure sites can no longer access the Geolocation APIs to get
    access to your physical location
  * requires NSPR 4.15 and NSS 3.31
  MFSA 2017-18
  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
    XUL injection in the style editor in devtools
  * CVE-2017-7800 (bmo#1374047)
    Use-after-free in WebSockets during disconnection
  * CVE-2017-7801 (bmo#1371259)
    Use-after-free with marquee during window resizing
  * CVE-2017-7809 (bmo#1380284)
    Use-after-free while deleting attached editor DOM node
  * CVE-2017-7784 (bmo#1376087)
    Use-after-free with image observers
  * CVE-2017-7802 (bmo#1378147)
    Use-after-free resizing image elements
  * CVE-2017-7785 (bmo#1356985)
    Buffer overflow manipulating ARIA attributes in DOM
  * CVE-2017-7786 (bmo#1365189)
    Buffer overflow while painting non-displayable SVG
  * CVE-2017-7806 (bmo#1378113)
    Use-after-free in layer manager with SVG
  * CVE-2017-7753 (bmo#1353312)
    Out-of-bounds read with cached style data and pseudo-elements#
  * CVE-2017-7787 (bmo#1322896)
    Same-origin policy bypass with iframes through page reloads
  * CVE-2017-7807 (bmo#1376459)
    Domain hijacking through AppCache fallback
  * CVE-2017-7792 (bmo#1368652)
    Buffer overflow viewing certificates with an extremely long OID
  * CVE-2017-7804 (bmo#1372849)
    Memory protection bypass through WindowsDllDetourPatcher
  * CVE-2017-7791 (bmo#1365875)
    Spoofing following page navigation with data: protocol and modal alerts
  * CVE-2017-7808 (bmo#1367531)
    CSP information leak with frame-ancestors containing paths
  * CVE-2017-7782 (bmo#1344034)
    WindowsDllDetourPatcher allocates memory without DEP protections
  * CVE-2017-7781 (bmo#1352039)
    Elliptic curve point addition error when using mixed Jacobian-affine coordinates
  * CVE-2017-7794 (bmo#1374281)
    Linux file truncation via sandbox broker
  * CVE-2017-7803 (bmo#1377426)
    CSP containing 'sandbox' improperly applied
  * CVE-2017-7799 (bmo#1372509)
    Self-XSS XUL injection in about:webrtc
  * CVE-2017-7783 (bmo#1360842)
    DOS attack through long username in URL
  * CVE-2017-7788 (bmo#1073952)
    Sandboxed about:srcdoc iframes do not inherit CSP directives
  * CVE-2017-7789 (bmo#1074642)
    Failure to enable HSTS when two STS headers are sent for a connection
  * CVE-2017-7790 (bmo#1350460) (Windows-only)
    Windows crash reporter reads extra memory for some non-null-terminated registry values
  * CVE-2017-7796 (bmo#1234401) (Windows-only)
    Windows updater can delete any file named update.log
  * CVE-2017-7797 (bmo#1334776)
    Response header name interning leaks across origins
  * CVE-2017-7780
    Memory safety bugs fixed in Firefox 55
  * CVE-2017-7779
    Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
- updated mozilla-kde.patch:
  * removed "downloadfinished" alert as Firefox reimplemented the
    whole thing (TODO: check if there is another function we should
    hook in)
- update to Firefox 54.0.1
  * Fix a display issue of tab title (bmo#1357656)
  * Fix a display issue of opening new tab (bmo#1371995)
  * Fix a display issue when opening multiple tabs (bmo#1371962)
  * Fix a tab display issue when downloading files (bmo#1373109)
  * Fix a PDF printing issue (bmo#1366744)
  * Fix a Netflix issue on Linux (bmo#1375708)
- update to Firefox 54.0
  * Clearer and more detailed information for download items in the
    download panel
  * Added Burmese (my) locale
  * Bookmarks created on mobile devices are now shown in
    "Mobile Bookmarks? folder in the drop down list from the toolbar
    and Bookmarks option in the menu bar in Desktop Firefox
  * added support for multiple content processes (e10s-multi)
- requires NSPR 4.14 and NSS 3.30.2
- requires rust 1.15.1
- removed mozilla-shared-nss-db.patch as it seems to be a rather
  unused feature
- remove -fno-inline-small-functions and explicitely optimize with
  - O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)
- switch to Mozilla's geolocation service (boo#1026989)
- removed mozilla-preferences.patch obsoleted by overriding via
  firefox.js
- fixed KDE integration to avoid crash caused by filepicker
  (boo#1015998)
- update to Firefox 53.0
  * requires NSS 3.29.5
  * Lightweight themes are now applied in private browsing windows
  * Reader Mode now displays estimated reading time for the page
  * Two new 'compact' themes available in Firefox, dark and light,
    based on the Firefox Developer Edition theme
  * Ended Firefox Linux support for processors older than Pentium 4
    and AMD Opteron
  * Refresh of the media controls user interface
  * Shortened titles on tabs are faded out instead of using ellipsis
    for improved readability
  * Media playback on new tabs is blocked until the tab is visible
  * Permission notifications have a cleaner design and cannot be
    easily missed
  MFSA 2017-10
  * CVE-2017-5456 (bmo#1344415)
    Sandbox escape allowing local file system access
  * CVE-2017-5442 (bmo#1347979)
    Use-after-free during style changes
  * CVE-2017-5443 (bmo#1342661)
    Out-of-bounds write during BinHex decoding
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
    bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
    Firefox ESR 52.1
  * CVE-2017-5464 (bmo#1347075)
    Memory corruption with accessibility and DOM manipulation
  * CVE-2017-5465 (bmo#1347617)
    Out-of-bounds read in ConvolvePixel
  * CVE-2017-5466 (bmo#1353975)
    Origin confusion when reloading isolated data:text/html URL
  * CVE-2017-5467 (bmo#1347262)
    Memory corruption when drawing Skia content
  * CVE-2017-5460 (bmo#1343642)
    Use-after-free in frame selection
  * CVE-2017-5461 (bmo#1344380)
    Out-of-bounds write in Base64 encoding in NSS
  * CVE-2017-5448 (bmo#1346648)
    Out-of-bounds write in ClearKeyDecryptor
  * CVE-2017-5449 (bmo#1340127)
    Crash during bidirectional unicode manipulation with animation
  * CVE-2017-5446 (bmo#1343505)
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
  * CVE-2017-5447 (bmo#1343552)
    Out-of-bounds read during glyph processing
  * CVE-2017-5444 (bmo#1344461)
    Buffer overflow while parsing application/http-index-format content
  * CVE-2017-5445 (bmo#1344467)
    Uninitialized values used while parsing application/http-index-format
    content
  * CVE-2017-5468 (bmo#1329521)
    Incorrect ownership model for Private Browsing information
  * CVE-2017-5469 (bmo#1292534)
    Potential Buffer overflow in flex-generated code
  * CVE-2017-5440 (bmo#1336832)
    Use-after-free in txExecutionState destructor during XSLT processing
  * CVE-2017-5441 (bmo#1343795)
    Use-after-free with selection during scroll events
  * CVE-2017-5439 (bmo#1336830)
    Use-after-free in nsTArray Length() during XSLT processing
  * CVE-2017-5438 (bmo#1336828)
    Use-after-free in nsAutoPtr during XSLT processing
  * CVE-2017-5437 (bmo#1343453)
    Vulnerabilities in Libevent library
  * CVE-2017-5436 (bmo#1345461)
    Out-of-bounds write with malicious font in Graphite 2
  * CVE-2017-5435 (bmo#1350683)
    Use-after-free during transaction processing in the editor
  * CVE-2017-5434 (bmo#1349946)
    Use-after-free during focus handling
  * CVE-2017-5433 (bmo#1347168)
    Use-after-free in SMIL animation functions
  * CVE-2017-5432 (bmo#1346654)
    Use-after-free in text input selection
  * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
    bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686,
    bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621,
    bmo#1349719, bmo#1353476)
    Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
  * CVE-2017-5459 (bmo#1333858)
    Buffer overflow in WebGL
  * CVE-2017-5458 (bmo#1229426)
    Drag and drop of javascript: URLs can allow for self-XSS
  * CVE-2017-5455 (bmo#1341191)
    Sandbox escape through internal feed reader APIs
  * CVE-2017-5454 (bmo#1349276)
    Sandbox escape allowing file system read access through file picker
  * CVE-2017-5451 (bmo#1273537)
    Addressbar spoofing with onblur event
  * CVE-2017-5453 (bmo#1321247)
    HTML injection into RSS Reader feed preview page through
    TITLE element
  * CVE-2017-5462 (bmo#1345089)
    DRBG flaw in NSS
- removed browser(npapi) provides as these plugins are deprecated
- switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for
  Leap 42
- Gtk2 is not longer an option; switched to Gtk3
- apply MOZ_USE_XINPUT2=1 for better touchpad and touchscreen support
  (boo#1032003)
- update to Firefox 52.0.2
  * Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787)
  * Fix loading tab icons on session restore (bmo#1338009)
  * Fix a crash on startup on Linux (bmo#1345413)
  * Fix new installs erroneously not prompting to change the default
    browser setting (bmo#1343938)
- disable rust usage for everything but x86(-64)
- explicitely add libffi build requirement
- update to Firefox 52.0.1 (boo#1029822)
  MFSA 2017-08
  CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)
- reenable ALSA support which was removed by default upstream
- update to Firefox 52.0 (boo#1028391)
  * requires NSS >= 3.28.3
  * Pages containing insecure password fields now display a warning
    directly within username and password fields.
  * Send and open a tab from one device to another with Sync
  * Removed NPAPI support for plugins other than Flash. Silverlight,
    Java, Acrobat and the like are no longer supported.
  * Removed Battery Status API to reduce fingerprinting of users by
    trackers
  * MFSA 2017-05
    CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
    (bmo#1334933)
    CVE-2017-5401: Memory Corruption when handling ErrorResult
    (bmo#1328861)
    CVE-2017-5402: Use-after-free working with events in FontFace
    objects (bmo#1334876)
    CVE-2017-5403: Use-after-free using addRange to add range to an
    incorrect root object (bmo#1340186)
    CVE-2017-5404: Use-after-free working with ranges in selections
    (bmo#1340138)
    CVE-2017-5406: Segmentation fault in Skia with canvas operations
    (bmo#1306890)
    CVE-2017-5407: Pixel and history stealing via floating-point
    timing side channel with SVG filters (bmo#1336622)
    CVE-2017-5410: Memory corruption during JavaScript garbage
    collection incremental sweeping (bmo#1330687)
    CVE-2017-5408: Cross-origin reading of video captions in violation
    of CORS (bmo#1313711)
    CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
    CVE-2017-5413: Segmentation fault during bidirectional operations
    (bmo#1337504)
    CVE-2017-5414: File picker can choose incorrect default directory
    (bmo#1319370)
    CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719)
    CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
    CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
    (bmo#791597)
    CVE-2017-5426: Gecko Media Plugin sandbox is not started if
    seccomp-bpf filter is running (bmo#1257361)
    CVE-2017-5427: Non-existent chrome.manifest file loaded during
    startup (bmo#1295542)
    CVE-2017-5418: Out of bounds read when parsing HTTP digest
    authorization responses (bmo#1338876)
    CVE-2017-5419: Repeated authentication prompts lead to DOS
    attack (bmo#1312243)
    CVE-2017-5420: Javascript: URLs can obfuscate addressbar
    location (bmo#1284395)
    CVE-2017-5405: FTP response codes can cause use of
    uninitialized values for ports (bmo#1336699)
    CVE-2017-5421: Print preview spoofing (bmo#1301876)
    CVE-2017-5422: DOS attack by using view-source: protocol
    repeatedly in one hyperlink (bmo#1295002)
    CVE-2017-5399: Memory safety bugs fixed in Firefox 52
    CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
    Firefox ESR 45.8
- removed obsolete patches
  * mozilla-binutils-visibility.patch
  * mozilla-check_return.patch
  * mozilla-disable-skia-be.patch
  * mozilla-skia-overflow.patch
  * mozilla-skia-ppc-endianess.patch
- rebased patches
- enable rust usage for Tumbleweed
- Mozilla Firefox 51.0.1:
  - Multiprocess incompatibility did not correctly register with
    some add-ons (bmo#1333423)
- update to Firefox 51.0
  * requires NSPR >= 4.13.1, NSS >= 3.28.1
  * Added support for FLAC (Free Lossless Audio Codec) playback
  * Added support for WebGL 2
  * Added Georgian (ka) and Kabyle (kab) locales
  * Support saving passwords for forms without 'submit' events
  * Improved video performance for users without GPU acceleration
  * Zoom indicator is shown in the URL bar if the zoom level is not
    at default level
  * View passwords from the prompt before saving them
  * Remove Belarusian (be) locale
  * Use Skia for content rendering (Linux)
  * MFSA 2017-01
    CVE-2017-5375: Excessive JIT code allocation allows bypass of
    ASLR and DEP (bmo#1325200, boo#1021814)
    CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
    CVE-2017-5377: Memory corruption with transforms to create
    gradients in Skia (bmo#1306883, boo#1021826)
    CVE-2017-5378: Pointer and frame data leakage of Javascript objects
    (bmo#1312001, bmo#1330769, boo#1021818)
    CVE-2017-5379: Use-after-free in Web Animations
    (bmo#1309198,boo#1021827)
    CVE-2017-5380: Potential use-after-free during DOM manipulations
    (bmo#1322107, boo#1021819)
    CVE-2017-5390: Insecure communication methods in Developer Tools
    JSON viewer (bmo#1297361, boo#1021820)
    CVE-2017-5389: WebExtensions can install additional add-ons via
    modified host requests (bmo#1308688, boo#1021828)
    CVE-2017-5396: Use-after-free with Media Decoder
    (bmo#1329403, boo#1021821)
    CVE-2017-5381: Certificate Viewer exporting can be used to navigate
    and save to arbitrary filesystem locations
  (bmo#1017616, boo#1021830)
    CVE-2017-5382: Feed preview can expose privileged content errors
    and exceptions (bmo#1295322, boo#1021831)
    CVE-2017-5383: Location bar spoofing with unicode characters
    (bmo#1323338, bmo#1324716, boo#1021822)
    CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
    (bmo#1255474, boo#1021832)
    CVE-2017-5385: Data sent in multipart channels ignores referrer-policy
    response headers (bmo#1295945, boo#1021833)
    CVE-2017-5386: WebExtensions can use data: protocol to affect other
    extensions (bmo#1319070, boo#1021823)
    CVE-2017-5394: Android location bar spoofing using fullscreen and
    JavaScript events (bmo#1222798)
    CVE-2017-5391: Content about: pages can load privileged about: pages
    (bmo#1309310, boo#1021835)
    CVE-2017-5392: Weak references using multiple threads on weak proxy
    objects lead to unsafe memory usage (bmo#1293709)
  (Android only)
    CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for
    mozAddonManager (bmo#1309282, boo#1021837)
    CVE-2017-5395: Android location bar spoofing during scrolling
    (bmo#1293463) (Android only)
    CVE-2017-5387: Disclosure of local file existence through TRACK
    tag error messages (bmo#1295023, boo#1021839)
    CVE-2017-5388: WebRTC can be used to generate a large amount of
    UDP traffic for DDOS attacks
  (bmo#1281482, boo#1021840)
    CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841)
    CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and
    Firefox ESR 45.7 (boo#1021824)
- switch Firefox to Gtk3 for Tumbleweed
- removed obsolete patches
  * mozilla-flex_buffer_overrun.patch
- updated RPM locale support tag
- improve recognition of LANGUAGE env variable (boo#1017174)
- add upstream patch to fix PPC64LE (bmo#1319389)
  (mozilla-skia-ppc-endianess.patch)
- fix build without skia (big endian archs) (bmo#1319374)
  (mozilla-disable-skia-be.patch)
- update to Firefox 50.1.0 (boo#1015422)
  * MFSA 2016-94
    CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628)
    CVE-2016-9899: Use-after-free while manipulating DOM events and
    audio elements (bmo#1317409)
    CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
    CVE-2016-9896: Use-after-free with WebVR (bmo#1315543)
    CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
    CVE-2016-9898: Use-after-free in Editor while manipulating
    DOM subtrees (bmo#1314442)
    CVE-2016-9900: Restricted external resources can be loaded by
    SVG images through data URLs (bmo#1319122)
    CVE-2016-9904: Cross-origin information leak in shared atoms
    (bmo#1317936)
    CVE-2016-9901: Data from Pocket server improperly sanitized
    before execution (bmo#1320057)
    CVE-2016-9902: Pocket extension does not validate the origin
    of events (bmo#1320039)
    CVE-2016-9903: XSS injection vulnerability in add-ons SDK
    (bmo#1315435)
    CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
    CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and
    Firefox ESR 45.6
- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)
- update to Firefox 50.0.2
  * Firefox crashes with 3rd party Chinese IME when using IME text
    (50.0.1)
  security fixes (in 50.0.1): (boo#1012807)
  * MFSA 2016-91
    CVE-2016-9078: data: URL can inherit wrong origin after an
    HTTP redirect (bmo#1317641)
  security fixes (in 50.0.2) (boo#1012964)
  * MFSA 2016-92
    CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066)
- update to Firefox 50.0 (boo#1009026)
  * requires NSS 3.26.2
  new features
  * Updates to keyboard shortcuts
    Set a preference to have Ctrl+Tab cycle through tabs in recently
    used order
    View a page in Reader Mode by using Ctrl+Alt+R
  * Added option to Find in page that allows users to limit search to
    whole words only
  * Added download protection for a large number of executable file
    types on Windows, Mac and Linux
  * Fixed rendering of dashed and dotted borders with rounded corners
    (border-radius)
  * Added a built-in Emoji set for operating systems without native
    Emoji fonts (Windows 8.0 and lower and Linux)
  * Blocked versions of libavcodec older than 54.35.1
  * additional locale
  security fixes:
  * MFSA 2016-89
    CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
    (bmo#1292443)
    CVE-2016-5292: URL parsing causes crash (bmo#1288482)
    CVE-2016-5293: Write to arbitrary file with updater and moz
    maintenance service using updater.log hardlink
  (Windows only) (bmo#1246945)
    CVE-2016-5294: Arbitrary target directory for result files of
    update process (Windows only) (bmo#1246972)
    CVE-2016-5297: Incorrect argument length checking in Javascript
    (bmo#1303678)
    CVE-2016-9064: Addons update must verify IDs match between
    current and new versions (bmo#1303418)
    CVE-2016-9065: Firefox for Android location bar spoofing usingfullscreen
    (Android only) (bmo#1306696)
    CVE-2016-9066: Integer overflow leading to a buffer overflow in
    nsScriptLoadHandler (bmo#1299686)
    CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
    (bmo#1301777, bmo#1308922 (CVE-2016-9069))
    CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)
    CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
    (bmo#1300083) (Windows only)
    CVE-2016-9075: WebExtensions can access the mozAddonManager API
    and use it to gain elevated privileges (bmo#1295324)
    CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied
    to cross-origin images, allowing timing attacks on them
  (bmo#1298552)
    CVE-2016-5291: Same-origin policy violation using local HTML file
    and saved shortcut file (bmo#1292159)
    CVE-2016-5295: Mozilla Maintenance Service: Ability to read
    arbitrary files as SYSTEM (Windows only) (bmo#1247239)
    CVE-2016-5298: SSL indicator can mislead the user about the real
    URL visited (bmo#1227538) (Android only)
    CVE-2016-5299: Firefox AuthToken in broadcast protected with
    signature-level permission can be accessed by an
  application installed beforehand that defines the
  same permissions (bmo#1245791) (Android only)
    CVE-2016-9061: API Key (glocation) in broadcast protected with
    signature-level permission can be accessed by an
  application installed beforehand that defines the
  same permissions (Android only) (bmo#1245795)
    CVE-2016-9062: Private browsing browser traces (android) in
    browser.db and wal file (Android only) (bmo#1294438)
    CVE-2016-9070: Sidebar bookmark can have reference to chrome window
    (bmo#1281071)
    CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
    (bmo#1289273)
    CVE-2016-9074: Insufficient timing side-channel resistance in
    divSpoiler (bmo#1293334) (fixed via NSS 3.26.1)
    CVE-2016-9076: select dropdown menu can be used for URL bar
    spoofing on e10s (bmo#1276976)
    CVE-2016-9063: Possible integer overflow to fix inside XML_Parse
    in expat (bmo#1274777)
    CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
    (bmo#1285003)
    CVE-2016-5289: Memory safety bugs fixed in Firefox 50
    CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
- make aarch64 build more similar to x86_64 build (remove conditionals
  that don't seem to be necessary anymore)
- Mozilla Firefox 49.0.2:
  * CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
  * CVE-2016-5288: Web content can read cache entries (bsc#1006476)
  * Asynchronous rendering of the Flash plugins is now enabled by
    default
  * Change D3D9 default fallback preference to prevent graphical
    artifacts
  * Network issue prevents some users from seeing the Firefox UI on
    startup
  * Web compatibility issue with file uploads
  * Web compatibility issue with Array.prototype.values
  * Diagnostic information on timing for tab switching
  * Fix a Canvas filters graphics issue affecting HTML5 apps
- Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0
  and fixes have been incorporated by upstream.
- Mozilla Firefox 49.0.1:
  * Mitigate a startup crash issue caused by Websense - bmo#1304783
- update to Firefox 49.0 (boo#999701)
  new features
  * Updated Firefox Login Manager to allow HTTPS pages to use saved
    HTTP logins.
  * Added features to Reader Mode that make it easier on the eyes and
    the ears
  * Improved video performance for users on systems that support
    SSE3 without hardware acceleration
  * Added context menu controls to HTML5 audio and video that let users
    loops files or play files at 1.25x speed
  * Improvements in about:memory reports for tracking font memory usage
  security related
  * MFSA 2016-85
    CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
    mozilla::net::IsValidReferrerPolicy
    CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
    nsCaseTransformTextRunFactory::TransformString
    CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
    PropertyProvider::GetSpacingInternal
    CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
    CVE-2016-5273 (bmo#1280387) - crash in
    mozilla::a11y::HyperTextAccessible::GetChildOffset
    CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
    mozilla::a11y::DocAccessible::ProcessInvalidationList
    CVE-2016-5274 (bmo#1282076) - use-after-free in
    nsFrameManager::CaptureFrameState
    CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
    CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
    mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
    CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
    nsBMPEncoder::AddImageFrame
    CVE-2016-5279 (bmo#1249522) - Full local path of files is available
    to web pages after drag and drop
    CVE-2016-5280 (bmo#1289970) - Use-after-free in
    mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
    CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength
    CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons
    from non-whitelisted schemes
    CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can
    reveal cross-origin data
    CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration
    CVE-2016-5256 - Memory safety bugs fixed in Firefox 49
    CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
- removed obsolete patches:
  * mozilla-aarch64-48bit-va.patch
  * mozilla-exclude-nametablecpp.patch
  * mozilla-old_configure-bmo1282843.patch
- added patch mozilla-skia-overflow.patch (bmo#1304114)
- requires NSS 3.25
- Mozilla Firefox 48.0.2:
  * Mitigate a startup crash issue caused on Windows (bmo#1291738)
- Mozilla Firefox 48.0.1:
  * Fix an audio regression impacting some major websites
    (bmo#1295296)
  * Fix a top crash in the JavaScript engine (bmo#1290469)
  * Fix a startup crash issue caused by Websense (bmo#1291738)
  * Fix a different behavior with e10s / non-e10s on <select> and
    mouse events (bmo#1291078)
  * Fix a top crash caused by plugin issues (bmo#1264530)
  * Fix a shutdown issue (bmo#1276920)
  * Fix a crash in WebRTC
- added upstream patch so system plugins/extensions are correctly
  loaded again on x86-64 (bmo#1282843)
  (mozilla-old_configure-bmo1282843.patch)
- Fix for possible buffer overrun (bsc#990856)
  CVE-2016-6354 (bmo#1292534)
  [mozilla-flex_buffer_overrun.patch]
- Update mozilla-gtk3_20.patch to latest version from Fedora.
- update to Firefox 48.0 (boo#991809)
  * requires NSS 3.24
  * Process separation (e10s) is enabled for some of you
  * Add-ons that have not been verified and signed by Mozilla will not load
  * WebRTC embetterments
  * The media parser has been redeveloped using the Rust programming
    language
  * better Canvas performance with speedy Skia support
  security fixes:
  * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836
    Miscellaneous memory safety hazards
  * MFSA 2016-63/CVE-2016-2830 (bmo#1255270)
    Favicon network connection can persist when page is closed
  * MFSA 2016-64/CVE-2016-2838 (bmo#1279814)
    Buffer overflow rendering SVG with bidirectional content
  * MFSA 2016-65/CVE-2016-2839 (bmo#1275339)
    Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
  * MFSA 2016-66/CVE-2016-5251 (bmo#1255570)
    Location bar spoofing via data URLs with malformed/invalid mediatypes
  * MFSA 2016-67/CVE-2016-5252 (bmo#1268854)
    Stack underflow during 2D graphics rendering
  * MFSA 2016-68/CVE-2016-0718 (bmo#1236923)
    Out-of-bounds read during XML parsing in Expat library
  * MFSA 2016-69/CVE-2016-5253 (bmo#1246944)
    Arbitrary file manipulation by local user through Mozilla updater
    and callback application path parameter (Windows-only)
  * MFSA 2016-70/CVE-2016-5254 (bmo#1266963)
    Use-after-free when using alt key and toplevel menus
  * MFSA 2016-71/CVE-2016-5255 (bmo#1212356)
    Crash in incremental garbage collection in JavaScript
  * MFSA 2016-72/CVE-2016-5258 (bmo#1279146)
    Use-after-free in DTLS during WebRTC session shutdown
  * MFSA 2016-73/CVE-2016-5259 (bmo#1282992)
    Use-after-free in service workers with nested sync events
  * MFSA 2016-74/CVE-2016-5260 (bmo#1280294)
    Form input type change from password to text can store plain
    text password in session restore file
  * MFSA 2016-75/CVE-2016-5261 (bmo#1287266)
    Integer overflow in WebSockets during data buffering
  * MFSA 2016-76/CVE-2016-5262 (bmo#1277475)
    Scripts on marquee tag can execute in sandboxed iframes
  * MFSA 2016-77/CVE-2016-2837 (bmo#1274637)
    Buffer overflow in ClearKey Content Decryption Module (CDM)
    during video playback
  * MFSA 2016-78/CVE-2016-5263 (bmo#1276897)
    Type confusion in display transformation
  * MFSA 2016-79/CVE-2016-5264 (bmo#1286183)
    Use-after-free when applying SVG effects
  * MFSA 2016-80/CVE-2016-5265 (bmo#1278013)
    Same-origin policy violation using local HTML file and saved shortcut file
  * MFSA 2016-81/CVE-2016-5266 (bmo#1226977)
    Information disclosure and local file manipulation through drag and drop
  * MFSA 2016-82/CVE-2016-5267 (bmo#1284372)
    Addressbar spoofing with right-to-left characters on Firefox for Android
    (Android only)
  * MFSA 2016-83/CVE-2016-5268 (bmo#1253673)
    Spoofing attack through text injection into internal error pages
  * MFSA 2016-84/CVE-2016-5250 (bmo#1254688)
    Information disclosure through Resource Timing API during page navigation
- removed obsolete mozilla-gcc6.patch
- Update description and screenshots in appdata.xml file.
- Fix Firefox crash on startup on i586 (boo#986541):
  * Add -fno-delete-null-pointer-checks and
  - fno-inline-small-functions to CFLAGS
- Update the appdata.xml file (replace Windows XP screenshot)
- Mozilla Firefox 47.0.1:
  * Selenium WebDriver may cause Firefox to crash at startup
    (bmo#1280854)
- mozilla-binutils-visibility.patch to fix build issues with
  gcc/binutils combination used in Leap 42.2 (boo#984637)
- Update mozilla-gtk3_20.patch to latest version from Fedora.
- Fix running on 48bit va aarch64 (bsc#984126)
  * add patch mozilla-aarch64-48bit-va.patch
- fix XUL dialog button order under KDE session (boo#984403)
- update to Firefox 47.0 (boo#983549)
  * Enable VP9 video codec for users with fast machines
  * Embedded YouTube videos now play with HTML5 video if Flash is
    not installed
  * View and search open tabs from your smartphone or another
    computer in a sidebar
  * Allow no-cache on back/forward navigations for https resources
  security fixes:
  * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
    (boo#983638)
    (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
    bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
    bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
    bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
    bmo#1269729, bmo#1273202, bmo#1273701)
    Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
  * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
    Buffer overflow parsing HTML5 fragments
  * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
    Use-after-free deleting tables from a contenteditable document
  * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
    Addressbar spoofing though the SELECT element
  * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
    Out-of-bounds write with WebGL shader
  * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
    Partial same-origin-policy through setting location.host
    through data URI
  * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
    Use-after-free when textures are used in WebGL operations
    after recycle pool destruction
  * MFSA 2016-57/CVE-2016-2829 (boo#983644) (bmo#1248329)
    Incorrect icon displayed on permissions notifications
  * MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933)
    Entering fullscreen and persistent pointerlock without user
    permission
  * MFSA 2016-59/CVE-2016-2832 (boo#983632) (bmo#1025267)
    Information disclosure of disabled plugins through CSS
    pseudo-classes
  * MFSA 2016-60/CVE-2016-2833 (boo#983640) (bmo#908933)
    Java applets bypass CSP protections
  * MFSA 2016-62/CVE-2016-2834 (boo#983639) (bmo#1206283,
    bmo#1221620, bmo#1241034, bmo#1241037)
    Network Security Services (NSS) vulnerabilities
    fixed by requiring NSS 3.23
  packaging changes:
  * cleanup configure options (boo#981695):
  - notably remove GStreamer support which is gone from FF
  * remove obsolete patches
  - mozilla-libproxy.patch
  - mozilla-repo.patch
- The conditional testing for gcc was failing for different
  openSUSE versions, drop it and apply patches unconditionally.
- Add patches to fix building with gcc6:
  + mozilla-gcc6.patch: fix building with gcc >= 6.1; patch
    taken from upstream:
    https://hg.mozilla.org/mozilla-central/rev/55212130f19d.
  + mozilla-exclude-nametablecpp.patch: Exclude NameTable.cpp
    from unified compilation because #include <cmath> in other
    source files causes gcc6 compilation failure; patch taken from
    upstream:
    https://hg.mozilla.org/mozilla-central/rev/9c57b7cacffc.
- enable build with PIE and full relro on x86_64 (boo#980384)
- update to Firefox 46.0.1
  Fixed:
  * Search plugin issue for various locales
  * Add-on signing certificate expiration
  * Service worker update issue
  * Build issue when jit is disabled
  * Limit Sync registration updates
- removed now obsolete mozilla-jit_branch64.patch
- add mozilla-jit_branch64.patch to avoid PowerPC build failure
  (from bmo#1266366)
- Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest
  version from Fedora).
- update to Firefox 46.0 (boo#977333)
  * Improved security of the JavaScript Just In Time (JIT) Compiler
  * WebRTC fixes to improve performance and stability
  * Added support for document.elementsFromPoint
  * Added HKDF support for Web Crypto API
  * requires NSPR 4.12 and NSS 3.22.3
  * added patch to fix unchecked return value
    mozilla-check_return.patch
  * Gtk3 builds not supported at the moment
  security fixes:
  * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807
    (boo#977373, boo#977375, boo#977376)
    Miscellaneous memory safety hazards
  * MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377)
    Privilege escalation through file deletion by Maintenance Service updater
    (Windows only)
  * MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378)
    Content provider permission bypass allows malicious application
    to access data (Android only)
  * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812
    (bmo#1252330, bmo#1261776, boo#977379)
    Use-after-free and buffer overflow in Service Workers
  * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380)
    Disclosure of user actions through JavaScript with motion and
    orientation sensors (only affects mobile variants)
  * MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381)
    Buffer overflow in libstagefright with CENC offsets
  * MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382)
    CSP not applied to pages sent with multipart/x-mixed-replace
  * MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384)
    Elevation of privilege with chrome.tabs.update API in web extensions
  * MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386)
    Write to invalid HashMap entry through JavaScript.watch()
  * MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388)
    Firefox Health Reports could accept events from untrusted domains
- Update mozilla-gtk3_20.patch to fix scrollbar appearance under
  gtk >= 3.20 (patch synced to Fedora's version).
- Compile against gtk3 depending on whether the macro
  %firefox_use_gtk3 is defined or not (e.g., at the prjconf
  level); macro is undefined by default and so gtk2 is used as the
  default toolkit.
- Add BuildRequires for additional packages needed when building
  against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0),
  pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0).
- Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20;
  patch taken from Fedora (bmo#1230955).
- Mozilla Firefox 45.0.2:
  * Fix an issue impacting the cookie header when third-party
    cookies are blocked (bmo#1257861)
  * Fix a web compatibility regression impacting the srcset
    attribute of the image tag (bmo#1259482)
  * Fix a crash impacting the video playback with Media Source
    Extension (bmo#1258562)
  * Fix a regression impacting some specific uploads (bmo#1255735)
  * Fix a regression with the copy and paste with some old versions
    of some Gecko applications like Thunderbird (bmo#1254980)
- Mozilla Firefox 45.0.1:
  * Fix a regression causing search engine settings to be lost in
    some context (bmo#1254694)
  * Bring back non-standard jar: URIs to fix a regression in IBM
    iNotes (bmo#1255139)
  * XSLTProcessor.importStylesheet was failing when <import> was
    used (bmo#1249572)
  * Fix an issue which could cause the list of search provider to
    be empty (bmo#1255605)
  * Fix a regression when using the location bar (bmo#1254503)
  * Fix some loading issues when Accept third-party cookies: was
    set to Never (bmo#1254856)
  * Disabled Graphite font shaping library
- update to Firefox 45.0 (boo#969894)
  * requires NSPR 4.12 / NSS 3.21.1
  * Instant browser tab sharing through Hello
  * Synced Tabs button in button bar
  * Tabs synced via Firefox Accounts from other devices are now shown
    in dropdown area of Awesome Bar when searching
  * Introduce a new preference (network.dns.blockDotOnion) to allow
    blocking .onion at the DNS level
  * Tab Groups (Panorama) feature removed
  * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
    Miscellaneous memory safety hazards
  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
    Local file overwriting and potential privilege escalation through
    CSP reports
  * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
    CSP reports fail to strip location information for embedded iframe pages
  * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
    Linux video memory DOS with Intel drivers
  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
    Memory leak in libstagefright when deleting an array during MP4
    processing
  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
    Displayed page address can be overridden
  * MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
    Service Worker Manager out-of-bounds read in Service Worker Manager
  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
    Use-after-free in HTML5 string parser
  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
    Use-after-free in SetBody
  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
    Use-after-free when using multiple WebRTC data channels
  * MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
    Memory corruption when modifying a file being read by FileReader
  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
    Use-after-free during XML transformations
  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
    Addressbar spoofing though history navigation and Location protocol
    property
  * MFSA 2016-29/CVE-2016-1967 (bmo#1246956)
    Same-origin policy violation using perfomance.getEntries and
    history navigation with session restore
  * MFSA 2016-30/CVE-2016-1968 (bmo#1246742)
    Buffer overflow in Brotli decompression
  * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
    Memory corruption with malicious NPAPI plugin
  * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/
    CVE-2016-1976/CVE-2016-1972
    WebRTC and LibVPX vulnerabilities found through code inspection
  * MFSA 2016-33/CVE-2016-1973 (bmo#1219339)
    Use-after-free in GetStaticInstance in WebRTC
  * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
    Out-of-bounds read in HTML parser following a failed allocation
  * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
    Buffer overflow during ASN.1 decoding in NSS
    (fixed by requiring 3.21.1)
  * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
    Use-after-free during processing of DER encoded keys in NSS
    (fixed by requiring 3.21.1)
  * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
    CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
    CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
    CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
    Font vulnerabilities in the Graphite 2 library
- Remove B_CNT from symbols.zip filename to reduce build-compare noise
- fix build problems on i586, caused by too large unified compile
  units - adding mozilla-reduce-files-per-UnifiedBindings.patch
- update to Firefox 44.0.2
  * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438)
    Same-origin-policy violation using Service Workers with plugins
  * Fix issue which could lead to the removal of stored passwords
    under certain circumstances (bmo#1242176)
  * Allows spaces in cookie names (bmo#1244505)
  * Disable opus/vorbis audio with H.264 (bmo#1245696)
  * Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
  * Fix a crash in cache networking (bmo#1244076)
  * Fix using WebSockets in service worker controlled pages (bmo#1243942)
- build fixes for arm/aarch64:
  * disable webrtc for arm/aarch64
  * switch away from openGL-ES backend to default for arm/aarch64
  since it almost never builds
  * reenable neon
- reenable webrtc for powerpc as it seems to build
- update to Firefox 44.0
  * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633
    Miscellaneous memory safety hazards
  * MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634
    Out of Memory crash when parsing GIF format images
  * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635
    Buffer overflow in WebGL after out of memory allocation
  * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637
    Firefox allows for control characters to be set in cookie names
  * MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641
    Missing delay following user click events in protocol handler dialog
  * MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731
    Errors in mp_div and mp_exptmod cryptographic functions in NSS
    (fixed by requiring NSS 3.21)
  * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)
    Addressbar spoofing attacks boo#963643
  * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
    (bmo#1186621, bmo#1214782, bmo#1232096) boo#963644
    Unsafe memory manipulation found through code inspection
  * MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645
    Application Reputation service disabled in Firefox 43
  * requires NSPR 4.11
  * requires NSS 3.21
- prepare mozilla-kde.patch for Gtk3 builds
- rebased patches
- Mozilla Firefox 43.0.4:
  * Re-enable SHA-1 certificates to prevent outdated
    man-in-the-middle security devices from interfering with
    properly secured SSL/TLS connections (bmo#1236975)
  * Fix for startup crash for users of a third party antivirus tool
    (bmo#1235537)
- The following change was previously in the package as a patch:
  * Multi-user GNU/Linux download folders can be created
  (bmo#1233434), removed mozilla-bmo1233434.patch
- update to Firefox 43.0.3
  * requires NSS 3.20.2 to fix
    MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
    MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
    server signature
  * various changes to support Windows update (SHA-1 vs. SHA-2)
  * workaround Youtube user agent detection issue (bmo#1233970)
- fix file download regression for multi user systems
  (bmo#1233434) (mozilla-bmo1233434.patch)
- explicitely requires libXcomposite-devel
- update to Firefox 43.0 (bnc#959277)
  * Improved API support for m4v video playback
  * Users can opt-in to receive search suggestions from the Awesome Bar
  * WebRTC streaming on multiple monitors
  * User selectable second block list for Private Browsing's Tracking
    Protection
  security fixes:
  * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
    Miscellaneous memory safety hazards
  * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
    Crash with JavaScript variable assignment with unboxed objects
  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
    Same-origin policy violation using perfomance.getEntries and
    history navigation
  * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
    Firefox allows for control characters to be set in cookies
  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
    Use-after-free in WebRTC when datachannel is used after being
    destroyed
  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
    Integer overflow allocating extremely large textures
  * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
    Cross-origin information leak through web workers error events
  * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
    Hash in data URI is incorrectly parsed
  * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
    DOS due to malformed frames in HTTP/2
  * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
    Linux file chooser crashes on malformed images due to flaws in
    Jasper library
  * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
    (bmo#1201183, bmo#1178033, bmo#1199400)
    Buffer overflows found through code inspection
  * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
    Underflow through code inspection
  * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
    Integer overflow in MP4 playback in 64-bit versions
  * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
    Integer underflow and buffer overflow processing MP4 metadata in
    libstagefright
  * MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
    Privilege escalation vulnerabilities in WebExtension APIs
  * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
    Cross-site reading attack through data and view-source URIs
- rebased patches
- Add desktop menu action for private browsing window to desktop
  file (boo#954747)
- remove obsolete patch mozilla-bmo1005535.patch completely from
  source package to avoid automatic check failures
- update to Firefox 42.0 (bnc#952810)
  * Private Browsing with Tracking Protection blocks certain Web
    elements that could be used to record your behavior across sites
  * Control Center that contains site security and privacy controls
  * Login Manager improvements
  * WebRTC improvements
  * Indicator added to tabs that play audio with one-click muting
  * Media Source Extension for HTML5 video available for all sites
  security fixes:
  * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
    Miscellaneous memory safety hazards
  * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
    Information disclosure through NTLM authentication
  * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
    CSP bypass due to permissive Reader mode whitelist
  * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
    Firefox for Android addressbar can be removed after fullscreen mode
  * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
    Reading sensitive profile files through local HTML file on Android
  * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
    disabling scripts in Add-on SDK panels has no effect
  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
    Trailing whitespace in IP address hostnames can bypass same-origin policy
  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
    Buffer overflow during image interactions in canvas
  * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
    Android intents can be used on Firefox for Android to open privileged files
  * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
    XSS attack through intents on Firefox for Android
  * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
    Crash when accessing HTML tables with accessibility tools on OS X
  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
    CORS preflight is bypassed when non-standard Content-Type headers
    are received
  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
    Memory corruption in libjar through zip files
  * MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
    Certain escaped characters in host of Location-header are being
    treated as non-escaped
  * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
    JavaScript garbage collection crash with Java applet
  * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
    (bmo#1188010, bmo#1204061, bmo#1204155)
    Vulnerabilities found through code inspection
  * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
    Mixed content WebSocket policy bypass through workers
  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
    (bmo#1202868, bmo#1205157)
    NSS and NSPR memory corruption issues
    (fixed in mozilla-nspr and mozilla-nss packages)
- requires NSPR >= 4.10.10 and NSS >= 3.19.4
- removed obsolete patches
  * mozilla-arm-disable-edsp.patch
  * mozilla-icu-strncat.patch
  * mozilla-skia-be-le.patch
  * toolkit-download-folder.patch
- fixed build with enable-libproxy (bmo#1220399)
  * mozilla-libproxy.patch
- update to Firefox 41.0.2 (bnc#950686)
  * MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669)
    Cross-origin restriction bypass using Fetch
- added explicit appdata provides (bnc#949983)
- do not build with --enable-stdcxx-compat
  (this starts to fail build on various toolchain combinations
  and is not required for openSUSE builds in general
- update to Firefox 41.0.1
  * Fix a startup crash related to Yandex toolbar and Adblock Plus
    (bmo#1209124)
  * Fix potential hangs with Flash plugins (bmo#1185639)
  * Fix a regression in the bookmark creation (bmo#1206376)
  * Fix a startup crash with some Intel Media Accelerator 3150
    graphic cards (bmo#1207665)
  * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)
- update to Firefox 41.0 (bnc#947003)
  * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
    Miscellaneous memory safety hazards
  * MFSA 2015-97/CVE-2015-4503 (bmo#994337)
    Memory leak in mozTCPSocket to servers
  * MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
    Out of bounds read in QCMS library with ICC V4 profile attributes
  * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
    Site attribute spoofing on Android by pasting URL with unknown scheme
  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
    Arbitrary file manipulation by local user through Mozilla updater
  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
    Buffer overflow in libvpx while parsing vp9 format video
  * MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
    Crash when using debugger with SavedStacks in JavaScript
  * MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
    URL spoofing in reader mode
  * MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
    Use-after-free with shared workers and IndexedDB
  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
    Buffer overflow while decoding WebM video
  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
    Use-after-free while manipulating HTML media content
  * MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
    Out-of-bounds read during 2D canvas display on Linux 16-bit
    color depth systems
  * MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
    Scripted proxies can access inner window
  * MFSA 2015-109/CVE-2015-4516 (bmo#904886)
    JavaScript immutable property enforcement can be bypassed
  * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
    Dragging and dropping images exposes final URL after redirects
  * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
    Errors in the handling of CORS preflight request headers
  * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
    CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
    CVE-2015-7180
    Vulnerabilities found through code inspection
  * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
    bmo#1190526) (Windows only)
    Memory safety errors in libGLES in the ANGLE graphics library
  * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
    Information disclosure via the High Resolution Time API
- rebased patches
- removed obsolete patches
  * mozilla-arm64-libjpeg-turbo.patch
- update to Firefox 40.0.3 (bnc#943550)
  * Disable the asynchronous plugin initialization (bmo#1198590)
  * Fix a segmentation fault in the GStreamer support (bmo#1145230)
  * Fix a regression with some Japanese fonts used in the <input>
    field (bmo#1194055)
  * On some sites, the selection in a select combox box using the
    mouse could be broken (bmo#1194733)
  security fixes
  * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
    Use-after-free when resizing canvas element during restyling
  * MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
    Add-on notification bypass through data URLs
- update to Firefox 40.0 (bnc#940806)
  * Added protection against unwanted software downloads
  * Suggested Tiles show sites of interest, based on categories
    from your recent browsing history
  * Hello allows adding a link to conversations to provide context
    on what the conversation will be about
  * New style for add-on manager based on the in-content
    preferences style
  * Improved scrolling, graphics, and video playback performance
    with off main thread compositing (GNU/Linux only)
  * Graphic blocklist mechanism improved: Firefox version ranges
    can be specified, limiting the number of devices blocked
  security fixes:
  * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
    Miscellaneous memory safety hazards
  * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
    Out-of-bounds read with malformed MP3 file
  * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
    Use-after-free in MediaStream playback
  * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
    Redefinition of non-configurable JavaScript object properties
  * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
    Overflow issues in libstagefright
  * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
    Arbitrary file overwriting through Mozilla Maintenance Service
    with hard links (only affected Windows)
  * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
    Out-of-bounds write with Updater and malicious MAR file
    (does not affect openSUSE RPM packages which do not ship the
    updater)
  * MFSA 2015-86/CVE-2015-4483 (bmo#1148732)
    Feed protocol with POST bypasses mixed content protections
  * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
    Crash when using shared memory in JavaScript
  * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
    Heap overflow in gdk-pixbuf when scaling bitmap images
  * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
    Buffer overflows on Libvpx when decoding WebM video
  * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
    Vulnerabilities found through code inspection
  * MFSA 2015-91/CVE-2015-4490 (bmo#1086999)
    Mozilla Content Security Policy allows for asterisk wildcards
    in violation of CSP specification
  * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
    Use-after-free in XMLHttpRequest with shared workers
- added mozilla-no-stdcxx-check.patch
- removed obsolete patches
  * mozilla-add-glibcxx_use_cxx11_abi.patch
  * firefox-multilocale-chrome.patch
- rebased patches
- requires version 40 of the branding package
- removed browser/searchplugins/ location as it's not valid anymore
- security update to Firefox 39.0.3 (bnc#940918)
  * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
    Same origin violation and local file stealing via PDF reader
- update to Firefox 39.0 (bnc#935979)
  * Share Hello URLs with social networks
  * Support for 'switch' role in ARIA 1.1 (web accessibility)
  * SafeBrowsing malware detection lookups enabled for downloads
    (Mac OS X and Linux)
  * Support for new Unicode 8.0 skin tone emoji
  * Removed support for insecure SSLv3 for network communications
  * Disable use of RC4 except for temporarily whitelisted hosts
  * NPAPI Plug-in performance improved via asynchronous initialization
  security fixes:
  * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726
    Miscellaneous memory safety hazards
  * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
    Local files or privileged URLs in pages can be opened into new tabs
  * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
    Type confusion in Indexed Database Manager
  * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
    Out-of-bound read while computing an oscillator rendering range in Web Audio
  * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
    Use-after-free in Content Policy due to microtask execution error
  * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
    ECDSA signature validation fails to handle some signatures correctly
    (this fix is shipped by NSS 3.19.1 externally)
  * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
    Use-after-free in workers while using XMLHttpRequest
  * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
    CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
    Vulnerabilities found through code inspection
  * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
    Key pinning is ignored when overridable errors are encountered
  * MFSA 2015-68/CVE-2015-2742 (bmo#1138669)
    OS X crash reports may contain entered key press information
    (not relevant under Linux)
  * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
    Privilege escalation in PDF.js
  * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
    NSS accepts export-length DHE keys with regular DHE cipher suites
    (this fix is shipped by NSS 3.19.1 externally)
  * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
    NSS incorrectly permits skipping of ServerKeyExchange
    (this fix is shipped by NSS 3.19.1 externally)
- dropped mozilla-prefer_plugin_pref.patch as this feature is
  likely not worth maintaining further
- rebased patches
- require NSS 3.19.2
- mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
- update to Firefox 38.0.6
  * fixes bmo#1171730 which is not really relevant to oS builds
- fix KDE regression from 38.0.5 builds (bsc#933439)
- update to Firefox 38.0.5
  * Keep track of articles and videos with Pocket
  * Clean formatting for articles and blog posts with Reader View
  * Share the active tab or window in a Hello conversation
- add changes file as source for SRPM (bsc#932142)
- add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from
  https://bugzilla.mozilla.org/show_bug.cgi?id=1153109
- update to Firefox 38.0.1
  stability and regression fixes
  * Systems with first generation NVidia Optimus graphics cards
    may crash on start-up
  * Users who import cookies from Google Chrome can end up with
    broken websites
  * Large animated images may fail to play and may stop other
    images from loading
- update to Firefox 38.0 (bnc#930622)
  * New tab-based preferences
  * Ruby annotation support
  * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
  security fixes:
  * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
    Miscellaneous memory safety hazards
  * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
    Buffer overflow parsing H.264 video with Linux Gstreamer
  * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
    Buffer overflow with SVG content and CSS
  * MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
    Referrer policy ignored when links opened by middle-click and
    context menu
  * MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
    Out-of-bounds read and write in asm.js validation
  * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
    Use-after-free during text processing with vertical text enabled
  * MFSA 2015-53/CVE-2015-2715 (bmo#988698)
    Use-after-free due to Media Decoder Thread creation during shutdown
  * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
    Buffer overflow when parsing compressed XML
  * MFSA 2015-55/CVE-2015-2717 (bmo#1154683)
    Buffer overflow and out-of-bounds read while parsing MP4 video
    metadata
  * MFSA 2015-56/CVE-2015-2718 (bmo#1146724)
    Untrusted site hosting trusted page can intercept webchannel
    responses
  * MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
    Privilege escalation through IPC channel messages
- requires NSS 3.18.1
- removed obsolete patches:
  * mozilla-skia-bmo1136958.patch
- remove gnomevfs build options as it is removed from sources
- rebased patches
- update to Firefox 37.0.2 (bnc#928116)
  * MFSA 2015-45/CVE-2015-2706 (bmo#1141081)
    Memory corruption during failed plugin initialization
- update to Firefox 37.0.1 (bnc#926166)
  * MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only)
    Loading privileged content through Reader mode
  * MFSA 2015-44/CVE-2015-0799 (bmo#1148328)
    Certificate verification bypass through the HTTP/2 Alt-Svc header
- update to Firefox 37.0 (bnc#925368)
  * Heartbeat user rating system
  * Yandex set as default search provider for the Turkish locale
  * Bing search now uses HTTPS for secure searching
  * Improved protection against site impersonation via OneCRL
    centralized certificate revocation
  * Opportunistically encrypt HTTP traffic where the server supports
    HTTP/2 AltSvc
  * some more behaviour changes for TLS
  security fixes:
  * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
    Miscellaneous memory safety hazards
  * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
    Use-after-free when using the Fluendo MP3 GStreamer plugin
  * MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
    Add-on lightweight theme installation approval bypassed through
    MITM attack
  * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
    resource:// documents can load privileged pages
  * MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
    Out of bounds read in QCMS library
  * MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
    Cursor clickjacking with flash and images (OS X only)
  * MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
    Incorrect memory management for simple-type arrays in WebRTC
  * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
    CORS requests should not follow 30x redirections after preflight
  * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
    Memory corruption crashes in Off Main Thread Compositing
  * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)
    Use-after-free due to type confusion flaws
  * MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
    Same-origin bypass through anchor navigation
  * MFSA-2015-41/CVE-2015-0800/CVE-2012-2808
    PRNG weakness allows for DNS poisoning on Android (only)
  * MFSA-2015-42/CVE-2015-0802 (bmo#1124898)
    Windows can retain access to privileged content on navigation
    to unprivileged pages
- removed obsolete patches
  * mozilla-bmo1088588.patch
  * mozilla-bmo1108834.patch
- requires NSPR 4.10.8
- Fix builds with skia on Power
  mozilla-skia-be-le.patch (patch from #bmo1136958)
  mozilla-bmo1108834.patch
  mozilla-bmo1005535.patch
- update to Firefox 36.0.4 (bnc#923534)
  * MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
    Privilege escalation through SVG navigation
  * MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
    Code execution through incorrect JavaScript bounds checking
    elimination
- Copy the icons to /usr/share/icons instead of symlinking them:
  in preparation for containerized apps (e.g. xdg-app) as well as
  AppStream metadata extraction, there are a couple locations that
  need to be real files for system integration (.desktop files,
  icons, mime-type info).
- update to Firefox 36.0.1
  Bugfixes:
  * Disable the usage of the ANY DNS query type (bmo#1093983)
  * Hello may become inactive until restart (bmo#1137469)
  * Print preferences may not be preserved (bmo#1136855)
  * Hello contact tabs may not be visible (bmo#1137141)
  * Accept hostnames that include an underscore character ("_")
    (bmo#1136616)
  * WebGL may use significant memory with Canvas2d (bmo#1137251)
  * Option -remote has been restored (bmo#1080319)
- added mozilla-skia-bmo1136958.patch to fix build issues for
  ARM and PPC
- update to Firefox 36.0 (bnc#917597)
  * mozilla-xremote-client was removed
  * added libclearkey.so media plugin
  * Pinned tiles on the new tab page can be synced
  * Support for the full HTTP/2 protocol. HTTP/2 enables a faster,
    more scalable, and more responsive web.
  * Locale added: Uzbek (uz)
  security fixes:
  * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
    Miscellaneous memory safety hazards
  * MFSA 2015-12/CVE-2015-0833 (bmo#945192)
    Invoking Mozilla updater will load locally stored DLL files
    (Windows only)
  * MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
    Appended period to hostnames can bypass HPKP and HSTS protections
  * MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
    Malicious WebGL content crash when writing strings
  * MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
    TLS TURN and STUN connections silently fail to simple TCP connections
  * MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
    Use-after-free in IndexedDB
  * MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
    Buffer overflow in libstagefright during MP4 video playback
  * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
    Double-free when using non-default memory allocators with a
    zero-length XHR
  * MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
    Out-of-bounds read and write while rendering SVG content
  * MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
    Buffer overflow during CSS restyling
  * MFSA 2015-21/CVE-2015-0825 (bmo#1092370)
    Buffer underflow during MP3 playback
  * MFSA 2015-22/CVE-2015-0824 (bmo#1095925)
    Crash using DrawTarget in Cairo graphics library
  * MFSA 2015-23/CVE-2015-0823 (bmo#1098497)
    Use-after-free in Developer Console date with OpenType Sanitiser
  * MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
    Reading of local files through manipulation of form autocomplete
  * MFSA 2015-25/CVE-2015-0821 (bmo#1111960)
    Local files or privileged URLs in pages can be opened into new tabs
  * MFSA 2015-26/CVE-2015-0819 (bmo#1079554)
    UI Tour whitelisted sites in background tab can spoof foreground
    tabs
  * MFSA 2015-27CVE-2015-0820 (bmo#1125398)
    Caja Compiler JavaScript sandbox bypass
- rebased patches
- requires NSS 3.17.4
- update to Firefox 35.0.1
  * With the Enhanced Steam extension, Firefox could crash (bmo#1123732)
  * Kerberos authentication did not work with alias (bmo#1108971)
  * SVG / CSS animation had a regression causing rendering issues on
    websites like openstreemap.org (bmo#1083079)
  * On Godaddy webmail, Firefox could crash (bmo#1113121)
  * document.baseURI did not get updated to document.location after
    base tag was removed from DOM for site with a CSP (bmo#1121857)
  * With a Right-to-left (RTL) version of Firefox, the text selection
    could be broken (bmo#1104036)
  * CSP had a change in behavior with regard to case sensitivity
    resources loading (bmo#1122445)
- update to Firefox 35.0 (bnc#910669)
  notable features:
  * Firefox Hello with new rooms-based conversations model
  * Implemented HTTP Public Key Pinning Extension (for enhanced
    authentication of encrypted connections)
  security fixes:
  * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
    Miscellaneous memory safety hazards
  * MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
    Uninitialized memory use during bitmap rendering
  * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
    sendBeacon requests lack an Origin header
  * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
    Cookie injection through Proxy Authenticate responses
  * MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
    Read of uninitialized memory in Web Audio
  * MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
    Read-after-free in WebRTC
  * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
    Gecko Media Plugin sandbox escape
  * MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
    Delegated OCSP responder certificates failure with
    id-pkix-ocsp-nocheck extension
  * MFSA 2015-09/CVE-2014-8636 (bmo#987794)
    XrayWrapper bypass through DOM objects
- rebased patches
- dropped explicit support for everything older than 12.3
  (including SLES11)
  * merge firefox-kde.patch and firefox-kde-114.patch
  * dropped mozilla-sle11.patch
- reworked specfile to build conditionally based on release channel
  either Firefox or Firefox Developer Edition
- added mozilla-openaes-decl.patch to fix implicit declarations
- obsolete tracker-miner-firefox < 0.15 because it leads to startup
  crashes (bnc#908892)
- fix bashism in mozilla.sh script
- update to Firefox 34.0.5 (bnc#908009)
  * Default search engine changed to Yahoo! for North America
  * Default search engine changed to Yandex for Belarusian, Kazakh,
    and Russian locales
  * Improved search bar (en-US only)
  * Firefox Hello real-time communication client
  * Easily switch themes/personas directly in the Customizing mode
  * Implementation of HTTP/2 (draft14) and ALPN
  * Disabled SSLv3
  * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
    Miscellaneous memory safety hazards
  * MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
    XBL bindings accessible via improper CSS declarations
  * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
    XMLHttpRequest crashes with some input streams
  * MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
    CSP leaks redirect data via violation reports
  * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
    Use-after-free during HTML5 parsing
  * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
    Buffer overflow while parsing media content
  * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
    Bad casting from the BasicThebesLayer to BasicContainerLayer
- rebased patches
- limit linker memory usage for %ix86
- rebased patches
- update to Firefox 33.1
  * Adding DuckDuckGo as a search option (upstream)
  * Forget Button added
  * Enhanced Tiles
  * Privacy tour introduced
- fix typo in GStreamer Recommends
- Disable elf-hack for aarch64
- Enable EGL for aarch64
- Limit RAM usage during link for %arm
- Fix _constraints for ARM
- use proper macros for ARM
- use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too
  to fix compiling.
- pass '-Wl,--no-keep-memory' to linker to reduce required memory during
  linking on arm.
- update to Firefox 33.0.2
  * Fix a startup crash with some combination of hardware and drivers
  33.0.1
  * Firefox displays a black screen at start-up with certain
    graphics drivers
- adjusted _constraints for ARM
- added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588)
- define /usr/share/myspell as additional dictionary location
  and remove add-plugins.sh finally (bnc#900639)
- use Firefox default optimization flags instead of -Os
- specfile cleanup
- fix build for all ppc by not enabling elf-hack
  (bnc#901213)
- update to Firefox 33.0 (bnc#900941)
  New features:
  * OpenH264 support (sandboxed)
  * Enhanced Tiles
  * Improved search experience through the location bar
  * Slimmer and faster JavaScript strings
  * New CSP (Content Security Policy) backend
  * Support for connecting to HTTP proxy over HTTPS
  * Improved reliability of the session restoration
  * Proprietary window.crypto properties/functions removed
  Security:
  * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575
    Miscellaneous memory safety hazards
  * MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
    Buffer overflow during CSS manipulation
  * MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
    Web Audio memory corruption issues with custom waveforms
  * MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
    Out-of-bounds write with WebM video
  * MFSA 2014-78/CVE-2014-1580 (bmo#1063733)
    Further uninitialized memory use during GIF rendering
  * MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
    Use-after-free interacting with text directionality
  * MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190)
    Key pinning bypasses
  * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
    Inconsistent video sharing within iframe
  * MFSA 2014-82/CVE-2014-1583 (bmo#1015540)
    Accessing cross-origin objects via the Alarms API
    (only relevant for installed web apps)
- requires NSPR 4.10.7
- requires NSS 3.17.1
- removed obsolete patches:
  * mozilla-ppc.patch
  * mozilla-libproxy-compat.patch
- added basic appdata information
- update to Firefox 32.0.2
  * just a version bump for our builds
  * fixed the in application update process for certain environments
    (in application update is not enabled in openSUSE and Linux
    is unaffected in any case)
- build with --disable-optimize for 13.1 and above for i586 to
  workaround miscompilations (bnc#896624)
- use some more build flags to align with upstream
- update to Firefox 32.0.1
  * fixed stability issues for computers with multiple graphics cards
  * mixed content icon may be incorrectly displayed instead of lock
    icon for SSL sites in 32.0 (
  * WebRTC: setRemoteDescription() silently fails if no success
    callback is specified (bmo#1063971)
- update to Firefox 32.0 (bnc#894370)
  * MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562
    Miscellaneous memory safety hazards
  * MFSA 2014-68/CVE-2014-1563 (bmo#1018524)
    Use-after-free during DOM interactions with SVG
  * MFSA 2014-69/CVE-2014-1564 (bmo#1045977)
    Uninitialized memory use during GIF rendering
  * MFSA 2014-70/CVE-2014-1565 (bmo#1047831)
    Out-of-bounds read in Web Audio audio timeline
  * MFSA 2014-72/CVE-2014-1567 (bmo#1037641)
    Use-after-free setting text directionality
- rebased patches
- requires NSS 3.16.4
- removed upstreamed patch
  * mozilla-aarch64-bmo-810631.patch
- adapted _constraints, used more than 3900MB on s390x during
  last build
- update to Firefox 31.0 (bnc#887746)
  * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548
    Miscellaneous memory safety hazards
  * MFSA 2014-57/CVE-2014-1549 (bmo#1020205)
    Buffer overflow during Web Audio buffering for playback
  * MFSA 2014-58/CVE-2014-1550 (bmo#1020411)
    Use-after-free in Web Audio due to incorrect control message ordering
  * MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375)
    Toolbar dialog customization event spoofing
  * MFSA 2014-61/CVE-2014-1555 (bmo#1023121)
    Use-after-free with FireOnStateChange event
  * MFSA 2014-62/CVE-2014-1556 (bmo#1028891)
    Exploitable WebGL crash with Cesium JavaScript library
  * MFSA 2014-63/CVE-2014-1544 (bmo#963150)
    Use-after-free while when manipulating certificates in the trusted cache
    (solved with NSS 3.16.2 requirement)
  * MFSA 2014-64/CVE-2014-1557 (bmo#913805)
    Crash in Skia library when scaling high quality images
  * MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560
    (bmo#1015973, bmo#1026022, bmo#997795)
    Certificate parsing broken by non-standard character encoding
  * MFSA 2014-66/CVE-2014-1552 (bmo#985135)
    IFRAME sandbox same-origin access through redirect
- use EGL on ARM
- rebased patches
- requires NSS 3.16.2
- requires python-devel (not only python)
- update to Firefox 30.0 (bnc#881874)
  * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
    (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
    bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
    bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
    bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
    bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
    bmo#1009952, bmo#1011007)
    Miscellaneous memory safety hazards (rv:30.0)
  * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
    (bmo#989994, bmo#999274, bmo#1005584)
    Use-after-free and out of bounds issues found using Address
    Sanitizer
  * MFSA 2014-50/CVE-2014-1539 (bmo#995603)
    Clickjacking through cursor invisability after Flash interaction
  * MFSA 2014-51/CVE-2014-1540 (bmo#978862)
    Use-after-free in Event Listener Manager
  * MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
    Use-after-free with SMIL Animation Controller
  * MFSA 2014-53/CVE-2014-1542 (bmo#991533)
    Buffer overflow in Web Audio Speex resampler
  * MFSA 2014-54/CVE-2014-1543 (bmo#1011859)
    Buffer overflow in Gamepad API
  * MFSA 2014-55/CVE-2014-1545 (bmo#1018783)
    Out of bounds write in NSPR
- rebased patches
- removed obsolete patches
  * firefox-browser-css.patch
  * mozilla-aarch64-bmo-962488.patch
  * mozilla-aarch64-bmo-963023.patch
  * mozilla-aarch64-bmo-963024.patch
  * mozilla-aarch64-bmo-963027.patch
  * mozilla-ppc64-xpcom.patch
  * mozilla-ppc64le-javascript.patch
  * mozilla-ppc64le-libffi.patch
  * mozilla-ppc64le-mfbt.patch
  * mozilla-ppc64le-webrtc.patch
  * mozilla-ppc64le-xpcom.patch
  * mozilla-ppc64le-build.patch
- requires NSPR 4.10.6
- enabled GStreamer 1.0 usage for 13.2 and above
- update to Firefox 29.0.1
  * Seer disabled by default (bmo#1005958)
  * Session Restore failed with a corrupted sessionstore.js file
    (bmo#1001167)
  * pdf.js printing white page (bmo#1003707, bnc#876833)
- general.useragent.locale gets overwritten with en-US while it
  should be using the active langpack's setting
- update to Firefox 29.0 (bnc#875378)
  * MFSA 2014-34/CVE-2014-1518/CVE-2014-1519
    Miscellaneous memory safety hazards
  * MFSA 2014-36/CVE-2014-1522 (bmo#995289)
    Web Audio memory corruption issues
  * MFSA 2014-37/CVE-2014-1523 (bmo#969226)
    Out of bounds read while decoding JPG images
  * MFSA 2014-38/CVE-2014-1524 (bmo#989183)
    Buffer overflow when using non-XBL object as XBL
  * MFSA 2014-39/CVE-2014-1525 (bmo#989210)
    Use-after-free in the Text Track Manager for HTML video
  * MFSA 2014-41/CVE-2014-1528 (bmo#963962)
    Out-of-bounds write in Cairo
  * MFSA 2014-42/CVE-2014-1529 (bmo#987003)
    Privilege escalation through Web Notification API
  * MFSA 2014-43/CVE-2014-1530 (bmo#895557)
    Cross-site scripting (XSS) using history navigations
  * MFSA 2014-44/CVE-2014-1531 (bmo#987140)
    Use-after-free in imgLoader while resizing images
  * MFSA 2014-45/CVE-2014-1492 (bmo#903885)
    Incorrect IDNA domain name matching for wildcard certificates
    (fixed by NSS 3.16)
  * MFSA 2014-46/CVE-2014-1532 (bmo#966006)
    Use-after-free in nsHostResolver
  * MFSA 2014-47/CVE-2014-1526 (bmo#988106)
    Debugger can bypass XrayWrappers with JavaScript
- rebased patches
- removed obsolete patches
  * firefox-browser-css.patch
  * mozilla-aarch64-599882cfb998.diff
  * mozilla-aarch64-bmo-963028.patch
  * mozilla-aarch64-bmo-963029.patch
  * mozilla-aarch64-bmo-963030.patch
  * mozilla-aarch64-bmo-963031.patch
- requires NSS 3.16
- added mozilla-icu-strncat.patch to fix post build checks
- add mozilla-aarch64-599882cfb998.patch,
    mozilla-aarch64-bmo-810631.patch,
    mozilla-aarch64-bmo-962488.patch,
    mozilla-aarch64-bmo-963030.patch,
    mozilla-aarch64-bmo-963027.patch,
    mozilla-aarch64-bmo-963028.patch,
    mozilla-aarch64-bmo-963029.patch,
    mozilla-aarch64-bmo-963023.patch,
    mozilla-aarch64-bmo-963024.patch,
    mozilla-aarch64-bmo-963031.patch: AArch64 porting
- Add patch for bmo#973977
  * mozilla-ppc64-xpcom.patch
- Refresh mozilla-ppc64le-xpcom.patch patch
- Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system
- update to Firefox 28.0 (bnc#868603)
  * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
    Miscellaneous memory safety hazards
  * MFSA 2014-17/CVE-2014-1497 (bmo#966311)
    Out of bounds read during WAV file decoding
  * MFSA 2014-18/CVE-2014-1498 (bmo#935618)
    crypto.generateCRMFRequest does not validate type of key
  * MFSA 2014-19/CVE-2014-1499 (bmo#961512)
    Spoofing attack on WebRTC permission prompt
  * MFSA 2014-20/CVE-2014-1500 (bmo#956524)
    onbeforeunload and Javascript navigation DOS
  * MFSA 2014-22/CVE-2014-1502 (bmo#972622)
    WebGL content injection from one domain to rendering in another
  * MFSA 2014-23/CVE-2014-1504 (bmo#911547)
    Content Security Policy for data: documents not preserved by
    session restore
  * MFSA 2014-26/CVE-2014-1508 (bmo#963198)
    Information disclosure through polygon rendering in MathML
  * MFSA 2014-27/CVE-2014-1509 (bmo#966021)
    Memory corruption in Cairo during PDF font rendering
  * MFSA 2014-28/CVE-2014-1505 (bmo#941887)
    SVG filters information disclosure through feDisplacementMap
  * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
    Privilege escalation using WebIDL-implemented APIs
  * MFSA 2014-30/CVE-2014-1512 (bmo#982957)
    Use-after-free in TypeObject
  * MFSA 2014-31/CVE-2014-1513 (bmo#982974)
    Out-of-bounds read/write through neutering ArrayBuffer objects
  * MFSA 2014-32/CVE-2014-1514 (bmo#983344)
    Out-of-bounds write through TypedArrayObject after neutering
- requires NSPR 4.10.3 and NSS 3.15.5
- new build dependency (and recommends):
  * libpulse
- update of PowerPC 64 patches (bmo#976648) ([hidden email])
- rebased patches
- update to Firefox 27.0.1
  * Fixed stability issues with Greasemonkey and other JS that used
    ClearTimeoutOrInterval
  * JS math correctness issue (bmo#941381)
- incorporate Google API key for geolocation (bnc#864170)
- updated list of "other" locales in RPM requirements
- update to Firefox 27.0 (bnc#861847)
  * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
    Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
  * MFSA 2014-02/CVE-2014-1479 (bmo#911864)
    Clone protected content with XBL scopes
  * MFSA 2014-03/CVE-2014-1480 (bmo#916726)
    UI selection timeout missing on download prompts
  * MFSA 2014-04/CVE-2014-1482 (bmo#943803)
    Incorrect use of discarded images by RasterImage
  * MFSA 2014-05/CVE-2014-1483 (bmo#950427)
    Information disclosure with *FromPoint on iframes
  * MFSA 2014-06/CVE-2014-1484 (bmo#953993)
    Profile path leaks to Android system log
  * MFSA 2014-07/CVE-2014-1485 (bmo#910139)
    XSLT stylesheets treated as styles in Content Security Policy
  * MFSA 2014-08/CVE-2014-1486 (bmo#942164)
    Use-after-free with imgRequestProxy and image proccessing
  * MFSA 2014-09/CVE-2014-1487 (bmo#947592)
    Cross-origin information leak through web workers
  * MFSA 2014-10/CVE-2014-1489 (bmo#959531)
    Firefox default start page UI content invokable by script
  * MFSA 2014-11/CVE-2014-1488 (bmo#950604)
    Crash when using web workers with asm.js
  * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
    (bmo#934545, bmo#930874, bmo#930857)
    NSS ticket handling issues
  * MFSA 2014-13/CVE-2014-1481(bmo#936056)
    Inconsistent JavaScript handling of access to Window objects
- requires NSS 3.15.4 or higher
- rebased/reworked patches
- removed obsolete mozilla-bug929439.patch
- Add support for powerpc64le-linux.
  * mozilla-ppc64le.patch: general support
  * mozilla-libffi-ppc64le.patch: libffi backport
  * mozilla-xpcom-ppc64le.patch: port xpcom
- Add build fix from mainline.
  * mozilla-bug929439.patch
- update to Firefox 26.0 (bnc#854367, bnc#854370)
  * rebased patches
  * requires NSPR 4.10.2 and NSS 3.15.3.1
  * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
    Miscellaneous memory safety hazards
  * MFSA 2013-105/CVE-2013-5611 (bmo#771294)
    Application Installation doorhanger persists on navigation
  * MFSA 2013-106/CVE-2013-5612 (bmo#871161)
    Character encoding cross-origin XSS attack
  * MFSA 2013-107/CVE-2013-5614 (bmo#886262)
    Sandbox restrictions not applied to nested object elements
  * MFSA 2013-108/CVE-2013-5616 (bmo#938341)
    Use-after-free in event listeners
  * MFSA 2013-109/CVE-2013-5618 (bmo#926361)
    Use-after-free during Table Editing
  * MFSA 2013-110/CVE-2013-5619 (bmo#917841)
    Potential overflow in JavaScript binary search algorithms
  * MFSA 2013-111/CVE-2013-6671 (bmo#930281)
    Segmentation violation when replacing ordered list elements
  * MFSA 2013-112/CVE-2013-6672 (bmo#894736)
    Linux clipboard information disclosure though selection paste
  * MFSA 2013-113/CVE-2013-6673 (bmo#970380)
    Trust settings for built-in roots ignored during EV certificate
    validation
  * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
    Use-after-free in synthetic mouse movement
  * MFSA 2013-115/CVE-2013-5615 (bmo#929261)
    GetElementIC typed array stubs can be generated outside observed
    typesets
  * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
    JPEG information leak
  * MFSA 2013-117 (bmo#946351)
    Mis-issued ANSSI/DCSSI certificate
    (fixed via NSS 3.15.3.1)
- removed gecko.js preference file as GStreamer is enabled by
  default now
- update to Firefox 25.0 (bnc#847708)
  * rebased patches
  * requires NSS 3.15.2 or above
  * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
    Miscellaneous memory safety hazards
  * MFSA 2013-94/CVE-2013-5593 (bmo#868327)
    Spoofing addressbar through SELECT element
  * MFSA 2013-95/CVE-2013-5604 (bmo#914017)
    Access violation with XSLT and uninitialized data
  * MFSA 2013-96/CVE-2013-5595 (bmo#916580)
    Improperly initialized memory and overflows in some JavaScript
    functions
  * MFSA 2013-97/CVE-2013-5596 (bmo#910881)
    Writing to cycle collected object during image decoding
  * MFSA 2013-98/CVE-2013-5597 (bmo#918864)
    Use-after-free when updating offline cache
  * MFSA 2013-99/CVE-2013-5598 (bmo#920515)
    Security bypass of PDF.js checks using iframes
  * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
    (bmo#915210, bmo#915576, bmo#916685)
    Miscellaneous use-after-free issues found through ASAN fuzzing
  * MFSA 2013-101/CVE-2013-5602 (bmo#897678)
    Memory corruption in workers
  * MFSA 2013-102/CVE-2013-5603 (bmo#916404)
    Use-after-free in HTML document templates
- as GStreamer is not automatically required anymore but loaded
  dynamically if available, require it explicitely
- recommend optional GStreamer plugins for comprehensive media
  support
- move greek to the translations-common package (bnc#840551)
- update to Firefox 24.0 (bnc#840485)
  * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
    Miscellaneous memory safety hazards
  * MFSA 2013-77/CVE-2013-1720 (bmo#888820)
    Improper state in HTML5 Tree Builder with templates
  * MFSA 2013-78/CVE-2013-1721 (bmo#890277)
    Integer overflow in ANGLE library
  * MFSA 2013-79/CVE-2013-1722 (bmo#893308)
    Use-after-free in Animation Manager during stylesheet cloning
  * MFSA 2013-80/CVE-2013-1723 (bmo#891292)
    NativeKey continues handling key messages after widget is destroyed
  * MFSA 2013-81/CVE-2013-1724 (bmo#894137)
    Use-after-free with select element
  * MFSA 2013-82/CVE-2013-1725 (bmo#876762)
    Calling scope for new Javascript objects can lead to memory corruption
  * MFSA 2013-85/CVE-2013-1728 (bmo#883686)
    Uninitialized data in IonMonkey
  * MFSA 2013-88/CVE-2013-1730 (bmo#851353)
    Compartment mismatch re-attaching XBL-backed nodes
  * MFSA 2013-89/CVE-2013-1732 (bmo#883514)
    Buffer overflow with multi-column, lists, and floats
  * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
    Memory corruption involving scrolling
  * MFSA 2013-91/CVE-2013-1737 (bmo#907727)
    User-defined properties on DOM proxies get the wrong "this" object
  * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
    GC hazard with default compartments and frame chain restoration
- enable gstreamer explicitely via pref (gecko.js)
- require NSS 3.15.1
- update to Firefox 23.0.1
  * Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls
    (bmo#901527)
- update to Firefox 23.0 (bnc#833389)
  * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702
    Miscellaneous memory safety hazards
  * MFSA 2013-64/CVE-2013-1704 (bmo#883313)
    Use after free mutating DOM during SetBody
  * MFSA 2013-65/CVE-2013-1705 (bmo#882865)
    Buffer underflow when generating CRMF requests
  * MFSA 2013-67/CVE-2013-1708 (bmo#879924)
    Crash during WAV audio file decoding
  * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
    Document URI misrepresentation and masquerading
  * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
    CRMF requests allow for code execution and XSS attacks
  * MFSA 2013-70/CVE-2013-1711 (bmo#843829)
    Bypass of XrayWrappers using XBL Scopes
  * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
    Wrong principal used for validating URI for some Javascript
    components
  * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
    Same-origin bypass with web workers and XMLHttpRequest
  * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
    Local Java applets may read contents of local file system
- requires NSPR 4.10 and NSS 3.15
- fix build on ARM (/-g/ matches /-grecord-switches/)
- update to Firefox 22.0 (bnc#825935)
  * removed obsolete patches
    + mozilla-qcms-ppc.patch
    + mozilla-gstreamer-760140.patch
  * GStreamer support does not build on 12.1 anymore (build only
    on 12.2 and later)
  * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683
    Miscellaneous memory safety hazards
  * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
    Memory corruption found using Address Sanitizer
  * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
    Privileged content access and execution via XBL
  * MFSA 2013-52/CVE-2013-1688 (bmo#873966)
    Arbitrary code execution within Profiler
  * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
    Execution of unmapped memory through onreadystatechange event
  * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
    Data in the body of XHR HEAD requests leads to CSRF attacks
  * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
    SVG filters can lead to information disclosure
  * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
    PreserveWrapper has inconsistent behavior
  * MFSA 2013-57/CVE-2013-1695 (bmo#849791)
    Sandbox restrictions not applied to nested frame elements
  * MFSA 2013-58/CVE-2013-1696 (bmo#761667)
    X-Frame-Options ignored when using server push with multi-part
    responses
  * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
    XrayWrappers can be bypassed to run user defined methods in a
    privileged context
  * MFSA 2013-60/CVE-2013-1698 (bmo#876044)
    getUserMedia permission dialog incorrectly displays location
  * MFSA 2013-61/CVE-2013-1699 (bmo#840882)
    Homograph domain spoofing in .com, .net and .name
- Fix qcms altivec include (mozilla-qcms-ppc.patch)
- update to Firefox 21.0 (bnc#819204)
  * removed upstreamed patch firefox-712763.patch
  * removed disabled mozilla-disable-neon-option.patch
  * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669
    Miscellaneous memory safety hazards
  * MFSA 2013-42/CVE-2013-1670 (bmo#853709)
    Privileged access for content level constructor
  * MFSA 2013-43/CVE-2013-1671 (bmo#842255)
    File input control has access to full path
  * MFSA 2013-46/CVE-2013-1674 (bmo#860971)
    Use-after-free with video and onresize event
  * MFSA 2013-47/CVE-2013-1675 (bmo#866825)
    Uninitialized functions in DOMSVGZoomEvent
  * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/
    CVE-2013-1679/CVE-2013-1680/CVE-2013-1681
    Memory corruption found using Address Sanitizer
- revert to use GStreamer 0.10 on 12.3 (bnc#814101)
  (remove mozilla-gstreamer-1.patch)
- Explicitly disable WebRTC support on non-x86, the configure script
  disables it only half-heartedly
- update to Firefox 20.0 (bnc#813026)
  * requires NSPR 4.9.5 and NSS 3.14.3
  * mozilla-webrtc-ppc.patch included upstream
  * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
    Miscellaneous memory safety hazards
  * MFSA 2013-31/CVE-2013-0800 (bmo#825721)
    Out-of-bounds write in Cairo library
  * MFSA 2013-35/CVE-2013-0796 (bmo#827106)
    WebGL crash with Mesa graphics driver on Linux
  * MFSA 2013-36/CVE-2013-0795 (bmo#825697)
    Bypass of SOW protections allows cloning of protected nodes
  * MFSA 2013-37/CVE-2013-0794 (bmo#626775)
    Bypass of tab-modal dialog origin disclosure
  * MFSA 2013-38/CVE-2013-0793 (bmo#803870)
    Cross-site scripting (XSS) using timed history navigations
  * MFSA 2013-39/CVE-2013-0792 (bmo#722831)
    Memory corruption while rendering grayscale PNG images
- use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch)
- build fixes for armv7hl:
  * disable debug build as armv7hl does not have enough memory
  * disable webrtc on armv7hl as it is non-compiling
- update to Firefox 19.0.2 (bnc#808243)
  * MFSA 2013-29/CVE-2013-0787 (bmo#848644)
    Use-after-free in HTML Editor
- update to Firefox 19.0.1
  * blocklist updates
- update to Firefox 19.0 (bnc#804248)
  * MFSA 2013-21/CVE-2013-0783/2013-0784
    Miscellaneous memory safety hazards
  * MFSA 2013-22/CVE-2013-0772 (bmo#801366)
    Out-of-bounds read in image rendering
  * MFSA 2013-23/CVE-2013-0765 (bmo#830614)
    Wrapped WebIDL objects can be wrapped again
  * MFSA 2013-24/CVE-2013-0773 (bmo#809652)
    Web content bypass of COW and SOW security wrappers
  * MFSA 2013-25/CVE-2013-0774 (bmo#827193)
    Privacy leak in JavaScript Workers
  * MFSA 2013-26/CVE-2013-0775 (bmo#831095)
    Use-after-free in nsImageLoadingContent
  * MFSA 2013-27/CVE-2013-0776 (bmo#796475)
    Phishing on HTTPS connection through malicious proxy
  * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
    CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
    Use-after-free, out of bounds read, and buffer overflow issues
    found using Address Sanitizer
- removed obsolete patches
  * mozilla-webrtc.patch
  * mozilla-gstreamer-803287.patch
- added patch to fix session restore window order (bmo#712763)
- update to Firefox 18.0.2
  * blocklist and CTP updates
  * fixes in JS engine
- update to Firefox 18.0.1
  * blocklist updates
  * backed out bmo#677092 (removed patch)
  * fixed problems involving HTTP proxy transactions
- Fix WebRTC to build on powerpc
- update to Firefox 18.0 (bnc#796895)
  * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
    Miscellaneous memory safety hazards
  * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
    CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
    Use-after-free and buffer overflow issues found using Address Sanitizer
  * MFSA 2013-03/CVE-2013-0768 (bmo#815795)
    Buffer Overflow in Canvas
  * MFSA 2013-04/CVE-2012-0759 (bmo#802026)
    URL spoofing in addressbar during page loads
  * MFSA 2013-05/CVE-2013-0744 (bmo#814713)
    Use-after-free when displaying table with many columns and column groups
  * MFSA 2013-06/CVE-2013-0751 (bmo#790454)
    Touch events are shared across iframes
  * MFSA 2013-07/CVE-2013-0764 (bmo#804237)
    Crash due to handling of SSL on threads
  * MFSA 2013-08/CVE-2013-0745 (bmo#794158)
    AutoWrapperChanger fails to keep objects alive during garbage collection
  * MFSA 2013-09/CVE-2013-0746 (bmo#816842)
    Compartment mismatch with quickstubs returned values
  * MFSA 2013-10/CVE-2013-0747 (bmo#733305)
    Event manipulation in plugin handler to bypass same-origin policy
  * MFSA 2013-11/CVE-2013-0748 (bmo#806031)
    Address space layout leaked in XBL objects
  * MFSA 2013-12/CVE-2013-0750 (bmo#805121)
    Buffer overflow in Javascript string concatenation
  * MFSA 2013-13/CVE-2013-0752 (bmo#805024)
    Memory corruption in XBL with XML bindings containing SVG
  * MFSA 2013-14/CVE-2013-0757 (bmo#813901)
    Chrome Object Wrapper (COW) bypass through changing prototype
  * MFSA 2013-15/CVE-2013-0758 (bmo#813906)
    Privilege escalation through plugin objects
  * MFSA 2013-16/CVE-2013-0753 (bmo#814001)
    Use-after-free in serializeToStream
  * MFSA 2013-17/CVE-2013-0754 (bmo#814026)
    Use-after-free in ListenerManager
  * MFSA 2013-18/CVE-2013-0755 (bmo#814027)
    Use-after-free in Vibrate
  * MFSA 2013-19/CVE-2013-0756 (bmo#814029)
    Use-after-free in Javascript Proxy objects
- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)
- removed obsolete SLE11 patches (mozilla-gcc43*)
- reenable WebRTC
- added mozilla-libproxy-compat.patch for libproxy API compat
  on openSUSE 11.2 and earlier
- backed out restartless language packs as it broke multi-locale
  setup (bmo#677092, bmo#818468)
- update to Firefox 17.0.1
  * revert some useragent changes introduced in 17.0
  * leaving private browsing with social enabled doesn't reset all
    social components (bmo#815042)
- fix KDE integration for file dialogs
- update to Firefox 17.0 (bnc#790140)
  * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
    Miscellaneous memory safety hazards
  * MFSA 2012-92/CVE-2012-4202 (bmo#758200)
    Buffer overflow while rendering GIF images
  * MFSA 2012-93/CVE-2012-4201 (bmo#747607)
    evalInSanbox location context incorrectly applied
  * MFSA 2012-94/CVE-2012-5836 (bmo#792857)
    Crash when combining SVG text on path with CSS
  * MFSA 2012-95/CVE-2012-4203 (bmo#765628)
    Javascript: URLs run in privileged context on New Tab page
  * MFSA 2012-96/CVE-2012-4204 (bmo#778603)
    Memory corruption in str_unescape
  * MFSA 2012-97/CVE-2012-4205 (bmo#779821)
    XMLHttpRequest inherits incorrect principal within sandbox
  * MFSA 2012-99/CVE-2012-4208 (bmo#798264)
    XrayWrappers exposes chrome-only properties when not in chrome
    compartment
  * MFSA 2012-100/CVE-2012-5841 (bmo#805807)
    Improper security filtering for cross-origin wrappers
  * MFSA 2012-101/CVE-2012-4207 (bmo#801681)
    Improper character decoding in HZ-GB-2312 charset
  * MFSA 2012-102/CVE-2012-5837 (bmo#800363)
    Script entered into Developer Toolbar runs with chrome privileges
  * MFSA 2012-103/CVE-2012-4209 (bmo#792405)
    Frames can shadow top.location
  * MFSA 2012-104/CVE-2012-4210 (bmo#796866)
    CSS and HTML injection through Style Inspector
  * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
    CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
    CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
    Use-after-free and buffer overflow issues found using Address
    Sanitizer
  * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
    Use-after-free, buffer overflow, and memory corruption issues
    found using Address Sanitizer
- rebased patches
- disabled WebRTC since build is broken (bmo#776877)
- build on SLE11
  * mozilla-gcc43-enums.patch
  * mozilla-gcc43-template_hacks.patch
  * mozilla-gcc43-templates_instantiation.patch
- update to Firefox 16.0.2 (bnc#786522)
  * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196
    (bmo#800666, bmo#793121, bmo#802557)
    Fixes for Location object issues
- bring back Obsoletes for libproxy's mozjs plugin for distributions
  before 12.2 to avoid crashes
- update to Firefox 16.0.1 (bnc#783533)
  * MFSA 2012-88/CVE-2012-4191 (bmo#798045)
    Miscellaneous memory safety hazards
  * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
    defaultValue security checks not applied
- update to Firefox 16.0 (bnc#783533)
  * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
    Miscellaneous memory safety hazards
  * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
    select element persistance allows for attacks
  * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
    Continued access to initial origin after setting document.domain
  * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
    Some DOMWindowUtils methods bypass security checks
  * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
    DOS and crash with full screen and history navigation
  * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
    Crash with invalid cast when using instanceof operator
  * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
    GetProperty function can bypass security checks
  * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
    top object and location property accessible by plugins
  * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
    Chrome Object Wrapper (COW) does not disallow acces to privileged
    functions or properties
  * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
    Spoofing and script injection through location.hash
  * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
    CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
    Use-after-free, buffer overflow, and out of bounds read issues
    found using Address Sanitizer
  * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
    CVE-2012-4188
    Heap memory corruption issues found using Address Sanitizer
  * MFSA 2012-87/CVE-2012-3990 (bmo#787704)
    Use-after-free in the IME State Manager
- requires NSPR 4.9.2
- improve GStreamer integration (bmo#760140)
- removed upstreamed mozilla-crashreporter-restart-args.patch
- webapprt now included
- use kmozillahelper's new REVEAL command (bnc#777415)
  (requires mozilla-kde4-integration >= 0.6.4)
- updated translations-other with new languages
- update to Firefox 15.0.1 (bnc#779936)
  * Sites visited while in Private Browsing mode could be found
    through manual browser cache inspection (bmo#787743)
- update to Firefox 15.0 (bnc#777588)
  * MFSA 2012-57/CVE-2012-1970
    Miscellaneous memory safety hazards
  * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
    CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
    CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
    Use-after-free issues found using Address Sanitizer
  * MFSA 2012-59/CVE-2012-1956 (bmo#756719)
    Location object can be shadowed using Object.defineProperty
  * MFSA 2012-60/CVE-2012-3965 (bmo#769108)
    Escalation of privilege through about:newtab
  * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
    Memory corruption with bitmap format images with negative height
  * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
    WebGL use-after-free and memory corruption
  * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
    SVG buffer overflow and use-after-free issues
  * MFSA 2012-64/CVE-2012-3971
    Graphite 2 memory corruption
  * MFSA 2012-65/CVE-2012-3972 (bmo#746855)
    Out-of-bounds read in format-number in XSLT
  * MFSA 2012-66/CVE-2012-3973 (bmo#757128)
    HTTPMonitor extension allows for remote debugging without explicit
    activation
  * MFSA 2012-68/CVE-2012-3975 (bmo#770684)
    DOMParser loads linked resources in extensions when parsing
    text/html
  * MFSA 2012-69/CVE-2012-3976 (bmo#768568)
    Incorrect site SSL certificate data display
  * MFSA 2012-70/CVE-2012-3978 (bmo#770429)
    Location object security checks bypassed by chrome code
  * MFSA 2012-72/CVE-2012-3980 (bmo#771859)
    Web console eval capable of executing chrome-privileged code
- fix HTML5 video crash with GStreamer enabled (bmo#761030)
- GStreamer is only used for MP4 (no WebM, OGG)
- updated filelist
- moved browser specific preferences to correct location
- Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16)
- update to 14.0.1 (bnc#771583)
  * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
    Miscellaneous memory safety hazards
  * MFSA 2012-43/CVE-2012-1950
    Incorrect URL displayed in addressbar through drag and drop
  * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
    Gecko memory corruption
  * MFSA 2012-45/CVE-2012-1955 (bmo#757376)
    Spoofing issue with location
  * MFSA 2012-46/CVE-2012-1966 (bmo#734076)
    XSS through data: URLs
  * MFSA 2012-47/CVE-2012-1957 (bmo#750096)
    Improper filtering of javascript in HTML feed-view
  * MFSA 2012-48/CVE-2012-1958 (bmo#750820)
    use-after-free in nsGlobalWindow::PageHidden
  * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
    Same-compartment Security Wrappers can be bypassed
  * MFSA 2012-50/CVE-2012-1960 (bmo#761014)
    Out of bounds read in QCMS
  * MFSA 2012-51/CVE-2012-1961 (bmo#761655)
    X-Frame-Options header ignored when duplicated
  * MFSA 2012-52/CVE-2012-1962 (bmo#764296)
    JSDependentString::undepend string conversion results in memory
    corruption
  * MFSA 2012-53/CVE-2012-1963 (bmo#767778)
    Content Security Policy 1.0 implementation errors cause data
    leakage
  * MFSA 2012-55/CVE-2012-1965 (bmo#758990)
    feed: URLs with an innerURI inherit security context of page
  * MFSA 2012-56/CVE-2012-1967 (bmo#758344)
    Code execution through javascript: URLs
- license change from tri license to MPL-2.0
- fix crashreporter restart option (bmo#762780)
- require NSS 3.13.5
- remove mozjs pacrunner obsoletes again for now
- adopted mozilla-prefer_plugin_pref.patch
- PPC fixes:
  * reenabled mozilla-yarr-pcre.patch to fix build for PPC
  * add patches for bmo#750620 and bmo#746112
  * fix xpcshell segfault on ppc
- update to Firefox 13.0.1
  * bugfix release
- obsolete libproxy's mozjs pacrunner (bnc#759123)
- update to Firefox 13.0 (bnc#765204)
  * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
    Miscellaneous memory safety hazards
  * MFSA 2012-36/CVE-2012-1944 (bmo#751422)
    Content Security Policy inline-script bypass
  * MFSA 2012-37/CVE-2012-1945 (bmo#670514)
    Information disclosure though Windows file shares and shortcut
    files
  * MFSA 2012-38/CVE-2012-1946 (bmo#750109)
    Use-after-free while replacing/inserting a node in a document
  * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
    Buffer overflow and use-after-free issues found using Address
    Sanitizer
- require NSS 3.13.4
  * MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- fix sound notifications when filename/path contains a whitespace
  (bmo#749739)
- fix build on arm
- reenabled crashreporter for Factory/12.2
  (fix in mozilla-gcc47.patch)
- update to Firefox 12.0 (bnc#758408)
  * rebased patches
  * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
    Miscellaneous memory safety hazards
  * MFSA 2012-22/CVE-2012-0469 (bmo#738985)
    use-after-free in IDBKeyRange
  * MFSA 2012-23/CVE-2012-0470 (bmo#734288)
    Invalid frees causes heap corruption in gfxImageSurface
  * MFSA 2012-24/CVE-2012-0471 (bmo#715319)
    Potential XSS via multibyte content processing errors
  * MFSA 2012-25/CVE-2012-0472 (bmo#744480)
    Potential memory corruption during font rendering using cairo-dwrite
  * MFSA 2012-26/CVE-2012-0473 (bmo#743475)
    WebGL.drawElements may read illegal video memory due to
    FindMaxUshortElement error
  * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
    Page load short-circuit can lead to XSS
  * MFSA 2012-28/CVE-2012-0475 (bmo#694576)
    Ambiguous IPv6 in Origin headers may bypass webserver access
    restrictions
  * MFSA 2012-29/CVE-2012-0477 (bmo#718573)
    Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
  * MFSA 2012-30/CVE-2012-0478 (bmo#727547)
    Crash with WebGL content using textImage2D
  * MFSA 2012-31/CVE-2011-3062 (bmo#739925)
    Off-by-one error in OpenType Sanitizer
  * MFSA 2012-32/CVE-2011-1187 (bmo#624621)
    HTTP Redirections and remote content can be read by javascript errors
  * MFSA 2012-33/CVE-2012-0479 (bmo#714631)
    Potential site identity spoofing when loading RSS and Atom feeds
- added mozilla-libnotify.patch to allow fallback from libnotify
  to xul based events if no notification-daemon is running
- gcc 4.7 fixes
  * mozilla-gcc47.patch
  * disabled crashreporter temporarily for Factory
- recommend libcanberra0 for proper sound notifications
- update to Firefox 11.0 (bnc#750044)
  * MFSA 2012-13/CVE-2012-0455 (bmo#704354)
    XSS with Drag and Drop and Javascript: URL
  * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
    SVG issues found with Address Sanitizer
  * MFSA 2012-15/CVE-2012-0451 (bmo#717511)
    XSS with multiple Content Security Policy headers
  * MFSA 2012-16/CVE-2012-0458
    Escalation of privilege with Javascript: URL as home page
  * MFSA 2012-17/CVE-2012-0459 (bmo#723446)
    Crash when accessing keyframe cssText after dynamic modification
  * MFSA 2012-18/CVE-2012-0460 (bmo#727303)
    window.fullScreen writeable by untrusted content
  * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
    CVE-2012-0463
    Miscellaneous memory safety hazards
- ported and reenabled KDE integration (bnc#746591)
- explicitely build-require X libs
- add Provides: browser(npapi) FATE#313084
- better plugin directory resolution (bnc#747320)
- update to Firefox 10.0.2 (bnc#747328)
  * CVE-2011-3026 (bmo#727401)
    libpng: integer overflow leading to heap-buffer overflow
- update to Firefox 10.0.1 (bnc#746616)
  * MFSA 2012-10/CVE-2012-0452 (bmo#724284)
    use after free in nsXBLDocumentInfo::ReadPrototypeBindings
- Use YARR interpreter instead of PCRE on platforms where YARR JIT
  is not supported, since PCRE doesnt build (bmo#691898)
- fix ppc64 build (bmo#703534)
- update to Firefox 10.0 (bnc#744275)
  * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
    Miscellaneous memory safety hazards
  * MFSA 2012-03/CVE-2012-0445 (bmo#701071)
    <iframe> element exposed across domains via name attribute
  * MFSA 2012-04/CVE-2011-3659 (bmo#708198)
    Child nodes from nsDOMAttribute still accessible after removal
    of nodes
  * MFSA 2012-05/CVE-2012-0446 (bmo#705651)
    Frame scripts calling into untrusted objects bypass security
    checks
  * MFSA 2012-06/CVE-2012-0447 (bmo#710079)
    Uninitialized memory appended when encoding icon images may
    cause information disclosure
  * MFSA 2012-07/CVE-2012-0444 (bmo#719612)
    Potential Memory Corruption When Decoding Ogg Vorbis files
  * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
    Crash with malformed embedded XSLT stylesheets
- KDE integration has been disabled since it needs refactoring
- removed obsolete ppc64 patch
- Disable neon for arm as it doesn't build correctly
- update to Firefox 9.0.1
  * (strongparent) parentNode of element gets lost (bmo#335998)
- fix arm build, don't package crashreporter there
- update to Firefox 9 (bnc#737533)
  * MFSA 2011-53/CVE-2011-3660
    Miscellaneous memory safety hazards (rv:9.0)
  * MFSA 2011-54/CVE-2011-3661 (bmo#691299)
    Potentially exploitable crash in the YARR regular expression
    library
  * MFSA 2011-55/CVE-2011-3658 (bmo#708186)
    nsSVGValue out-of-bounds access
  * MFSA 2011-56/CVE-2011-3663 (bmo#704482)
    Key detection without JavaScript via SVG animation
  * MFSA 2011-58/VE-2011-3665 (bmo#701259)
    Crash scaling <video> to extreme sizes
- Fix accessibility under GNOME 3 (bnc#732898)
- fix ppc64 build
- update to Firefox 8 (bnc#728520)
  * MFSA 2011-47/CVE-2011-3648 (bmo#690225)
    Potential XSS against sites using Shift-JIS
  * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
    Miscellaneous memory safety hazards
  * MFSA 2011-49/CVE-2011-3650 (bmo#674776)
    Memory corruption while profiling using Firebug
  * MFSA 2011-52/CVE-2011-3655 (bmo#672182)
    Code execution via NoWaiverWrapper
- rebased patches
- enable telemetry prompt
- update to minor release 7.0.1
  * fixed staged addon updates
- set intl.locale.matchOS=true in the base package as it causes
  too much confusion when it's only available with branding-openSUSE
- update to Firefox 7 (bnc#720264)
  including
  * Improve Responsiveness with Memory Reductions
  * Instant Sync
  * WebSocket protocol 8
  * MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997
    Miscellaneous memory safety hazards
  * MFSA 2011-39/CVE-2011-3000 (bmo#655389)
    Defense against multiple Location headers due to CRLF Injection
  * MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
    Code installation through holding down Enter
  * MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335)
    Potentially exploitable WebGL crashes
  * MFSA 2011-42/CVE-2011-3232 (bmo#653672)
    Potentially exploitable crash in the YARR regular expression
    library
  * MFSA 2011-43/CVE-2011-3004 (bmo#653926)
    loadSubScript unwraps XPCNativeWrapper scope parameter
  * MFSA 2011-44/CVE-2011-3005 (bmo#675747)
    Use after free reading OGG headers
  * MFSA 2011-45
    Inferring keystrokes from motion data
- removed obsolete mozilla-cairo-lcd.patch
- rebased patches
- removed XLIB_SKIP_ARGB_VISUALS=1 from environment in
  mozilla.sh.in (bnc#680758)
- fixed loading of kde.js under KDE (bnc#718311)
- add dbus-1-glib-devel to BuildRequires (not pulled in
  automatically anymore on 12.1)
- increase minversions for NSPR and NSS
- recreated source archive to get correct source-stamp.txt
- security update to 6.0.2 (bnc#714931)
  * Complete blocking of certificates issued by DigiNotar
    (bmo#683449)
- security update to 6.0.1 (bnc#714931)
  * MFSA 2011-34
    Protection against fraudulent DigiNotar certificates
    (bmo#682927)
- update to 6.0 (bnc#712224)
  included security fixes MFSA 2011-29
  * CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985
    Miscellaneous memory safety hazards
  * CVE-2011-2993 (bmo#657267)
    Unsigned scripts can call script inside signed JAR
  * CVE-2011-2988 (bmo#665934)
    Heap overflow in ANGLE library
  * CVE-2011-0084 (bmo#648094)
    Crash in SVGTextElement.getCharNumAtPosition()
  * CVE-2011-2990
    Credential leakage using Content Security Policy reports
  * CVE-2011-2986 (bmo#655836)
    Cross-origin data theft using canvas and Windows D2D
- removed obsolete curl header dependency (mozilla-curl.patch)
- update to 6.0b3
  * removed obsolete patches
  - firefox-shellservice.patch
  - mozilla-gio.patch
  - mozilla-ppc-ipc.patch
  - firefox-linkorder.patch
  - firefox-no-sync-l10n.patch
- recognize linux3 as platform for symbolstore.py
- Add x-scheme-handler/ftp to the MimeType key in the .desktop, to
  let desktops know that Firefox can deal with ftp: URIs.
- create upstream branding package again (supposedly empty)
  (bnc#703401)
- fix build on SLE11 (changes do not affect/are not applied for
  later versions)
- enable startup notification (bnc#701465)
- update to 5.0 final
- included fixes for security issues: (bnc#701296, bnc#700578)
  * MFSA 2011-19/CVE-2011-2374 CVE-2011-2375
    Miscellaneous memory safety hazards
  * MFSA 2011-20/CVE-2011-2373 (bmo#617247)
    Use-after-free vulnerability when viewing XUL document with
    script disabled
  * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
    Memory corruption due to multipart/x-mixed-replace images
  * MFSA 2011-22/CVE-2011-2371 (bmo#664009)
    Integer overflow and arbitrary code execution in
    Array.reduceRight()
  * MFSA 2011-25/CVE-2011-2366
    Stealing of cross-domain images using WebGL textures
  * MFSA 2011-26/CVE-2011-2367 CVE-2011-2368
    Multiple WebGL crashes
  * MFSA 2011-27/CVE-2011-2369 (bmo#650001)
    XSS encoding hazard with inline SVG
  * MFSA 2011-28/CVE-2011-2370 (bmo#645699)
    Non-whitelisted site can trigger xpinstall
- update to 5.0b7
  * updated supported locales
- do not build dump_syms static (not needed for us)
  - > fix build for openSUSE 12.1 and above
- update to 5.0b6
- include proper revision information into the build
- speedier find-external-requires.sh
- update to 5.0b3
- transformed to standalone Firefox (not xulrunner based)
  (with new Firefox rapid release cycle it makes no sense anymore)
  * imported all relevant xulrunner patches
- do not compile in build timestamp
- security update to 4.0.1 (bnc#689281)
  * MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0079
    CVE-2011-0080 CVE-2011-0081
    Miscellaneous memory safety hazards
  * MFSA 2011-17/CVE-2011-0068 (bmo#623791)
    WebGLES vulnerabilities
  * MFSA 2011-18/CVE-2011-1202 (bmo#640339)
    XSLT generate-id() function heap address leak
- add all available icon sizes
- license update: MPLv1.1 or GPLv2+ or LGPLv2+
  Sync licenses with Fedora. MPL does not state ^or later^
- update to version 4.0rc2
- fixed rpm macros delivered with devel package (bnc#679950)
- update to version 4.0b12
- rebased patches
- update to version 4.0b11
  * loads of bugfixes compared to last beta
  * added "Do Not Track" option
- rebased patches
- disable testpilot
- set correct desktop file name within KDE for 11.4 and up
- add devel package with macros for extensions (from [hidden email])
- update to version 4.0b10
- removed obsolete firefox-shell-bmo624267.patch
- testpilot moved to distribution/extensions
- updated locale provides and removed bn-IN from locales
- update to version 4.0b9
- added x-scheme-handler for http and https to desktop file for
  newer Gnome environments
- fixed default browser check/set for GIO (bmo#611953)
  (mozilla-shellservice.patch)
- removed obsolete firefox-appname.patch (integrated into
  shellservice patch)
- renamed desktop file to firefox.desktop for 11.4 and newer
  (bnc#664211)
- removed support for 10.3 and older from the spec file
- removed obsolete "Ximian" categories from desktop file
- Mirror ac_add_options --disable-ipc from xulrunner for PowerPC.
- update to version 4.0beta8
- major update to version 4.0beta7
  * based on mozilla-xulrunner20
  * far too many internal changes to list
- security update to 3.6.12 (bnc#649492)
  * MFSA 2010-73/CVE-2010-3765 (bmo#607222)
    Heap buffer overflow mixing document.write and DOM insertion
- security update to 3.6.11 (bnc#645315)
  * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
    Miscellaneous memory safety hazards
  * MFSA 2010-65/CVE-2010-3179 (bmo#583077)
    Buffer overflow and memory corruption using document.write
  * MFSA 2010-66/CVE-2010-3180 (bmo#588929)
    Use-after-free error in nsBarProp
  * MFSA 2010-67/CVE-2010-3183 (bmo#598669)
    Dangling pointer vulnerability in LookupGetterOrSetter
  * MFSA 2010-68/CVE-2010-3177 (bmo#556734)
    XSS in gopher parser when parsing hrefs
  * MFSA 2010-69/CVE-2010-3178 (bmo#576616)
    Cross-site information disclosure via modal calls
  * MFSA 2010-70/CVE-2010-3170 (bmo#578697)
    SSL wildcard certificate matching IP addresses
  * MFSA 2010-71/CVE-2010-3182 (bmo#590753)
    Unsafe library loading vulnerabilities
  * MFSA 2010-72/CVE-2010-3173
    Insecure Diffie-Hellman key exchange
- update to 3.6.10
  * fixing startup topcrash (bmo#594699)
- security update to 3.6.9 (bnc#637303)
  * MFSA 2010-49/CVE-2010-3169
    Miscellaneous memory safety hazards
  * MFSA 2010-50/CVE-2010-2765 (bmo#576447)
    Frameset integer overflow vulnerability
  * MFSA 2010-51/CVE-2010-2767 (bmo#584512)
    Dangling pointer vulnerability using DOM plugin array
  * MFSA 2010-53/CVE-2010-3166 (bmo#579655)
    Heap buffer overflow in nsTextFrameUtils::TransformText
  * MFSA 2010-54/CVE-2010-2760 (bmo#585815)
    Dangling pointer vulnerability in nsTreeSelection
  * MFSA 2010-55/CVE-2010-3168 (bmo#576075)
    XUL tree removal crash and remote code execution
  * MFSA 2010-56/CVE-2010-3167 (bmo#576070)
    Dangling pointer vulnerability in nsTreeContentView
  * MFSA 2010-57/CVE-2010-2766 (bmo#580445)
    Crash and remote code execution in normalizeDocument
  * MFSA 2010-59/CVE-2010-2762 (bmo#584180)
    SJOW creates scope chains ending in outer object
  * MFSA 2010-61/CVE-2010-2768 (bmo#579744)
    UTF-7 XSS by overriding document charset using <object> type
    attribute
  * MFSA 2010-62/CVE-2010-2769 (bmo#520189)
    Copy-and-paste or drag-and-drop into designMode document allows
    XSS
  * MFSA 2010-63/CVE-2010-2764 (bmo#552090)
    Information leak via XMLHttpRequest statusText
- disable crash reporter for non x86/x86_64 to make it build.
- security update to 3.6.8 (bnc#622506)
  * MFSA 2010-48/CVE-2010-2755 (bmo#575836)
    Dangling pointer crash regression from plugin parameter array
    fix
- security update to 3.6.7 (bnc#622506)
  * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
    Miscellaneous memory safety hazards
  * MFSA 2010-35/CVE-2010-1208 (bmo#572986)
    DOM attribute cloning remote code execution vulnerability
  * MFSA 2010-36/CVE-2010-1209 (bmo#552110)
    Use-after-free error in NodeIterator
  * MFSA 2010-37/CVE-2010-1214 (bmo#572985)
    Plugin parameter EnsureCachedAttrParamArrays remote code
    execution vulnerability
  * MFSA 2010-38/CVE-2010-1215 (bmo#567069)
    Arbitrary code execution using SJOW and fast native function
  * MFSA 2010-39/CVE-2010-2752 (bmo#574059)
    nsCSSValue::Array index integer overflow
  * MFSA 2010-40/CVE-2010-2753 (bmo#571106)
    nsTreeSelection dangling pointer remote code execution
    vulnerability
  * MFSA 2010-41/CVE-2010-1205 (bmo#570451)
    Remote code execution using malformed PNG image
  * MFSA 2010-42/CVE-2010-1213 (bmo#568148)
    Cross-origin data disclosure via Web Workers and importScripts
  * MFSA 2010-43/CVE-2010-1207 (bmo#571287)
    Same-origin bypass using canvas context
  * MFSA 2010-44/CVE-2010-1210 (bmo#564679)
    Characters mapped to U+FFFD in 8 bit encodings cause subsequent
    character to vanish
  * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
    Multiple location bar spoofing vulnerabilities
  * MFSA 2010-46/CVE-2010-0654 (bmo#524223)
    Cross-domain data theft using CSS
  * MFSA 2010-47/CVE-2010-2754 (bmo#568564)
    Cross-origin data leakage from script filename in error messages
- update to 3.6.6 release
  * modifies the crash protection feature to increase the amount
    of time that plugins are allowed to be non-responsive before
    being terminated.
- update to final 3.6.4 release (bnc#603356)
  * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
    CVE-2010-1203
    Crashes with evidence of memory corruption (rv:1.9.2.4)
  * MFSA 2010-28/CVE-2010-1198 (bmo#532246)
    Freed object reuse across plugin instances
  * MFSA 2010-29/CVE-2010-1196 (bmo#534666)
    Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
  * MFSA 2010-30/CVE-2010-1199 (bmo#554255)
    Integer Overflow in XSLT Node Sorting
  * MFSA 2010-31/CVE-2010-1125 (bmo#552255)
    focus() behavior can be used to inject or steal keystrokes
  * MFSA 2010-32/CVE-2010-1197 (bmo#537120)
    Content-Disposition: attachment ignored if
    Content-Type: multipart also present
  * MFSA 2010-33/CVE-2008-5913 (bmo#475585)
    User tracking across sites using Math.random()
- update to 3.6.4(build6)
- security update to 3.6.4 (Lorentz)
  * enable crashreporter also for x86-64
  * Flash runs in a separate process to avoid crashing Firefox
    (ix86 only; x86-64 still uses nspluginwrapper)
- security update to 3.6.3
  * MFSA 2010-25/CVE-2010-1121 (bmo#555109)
    Re-use of freed object due to scope confusion
- security update to version 3.6.2 (bnc#586567)
  * MFSA 2010-08/CVE-2010-1028
    WOFF heap corruption due to integer overflow
  * MFSA 2010-09/CVE-2010-0164 (bmo#547143)
    Deleted frame reuse in multipart/x-mixed-replace image
  * MFSA 2010-10/CVE-2010-0170 (bmo#541530)
    XSS via plugins and unprotected Location object
  * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167
    Crashes with evidence of memory corruption
  * MFSA 2010-12/CVE-2010-0171 (bmo#531364)
    XSS using addEventListener and setTimeout on a wrapped object
  * MFSA 2010-13/CVE-2010-0168 (bmo#540642)
    Content policy bypass with image preloading
  * MFSA 2010-14/CVE-2010-0169 (bmo#535806)
    Browser chrome defacement via cached XUL stylesheets
  * MFSA 2010-15/CVE-2010-0172 (bmo#537862)
    Asynchronous Auth Prompt attaches to wrong window
  * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
    Crashes with evidence of memory corruption
  * MFSA 2010-18/CVE-2010-0176 (bmo#538308)
    Dangling pointer vulnerability in nsTreeContentView
  * MFSA 2010-19/CVE-2010-0177 (bmo#538310)
    Dangling pointer vulnerability in nsPluginArray
  * MFSA 2010-20/CVE-2010-0178 (bmo#546909)
    Chrome privilege escalation via forced URL drag and drop
  * MFSA 2010-22/CVE-2009-3555 (bmo#545755)
    Update NSS to support TLS renegotiation indication
  * MFSA 2010-23/CVE-2010-0181 (bmo#452093)
    Image src redirect to mailto: URL opens email editor
  * MFSA 2010-24/CVE-2010-0182 (bmo#490790)
    XMLDocument::load() doesn't check nsIContentPolicy
- update to 3.6rc2 (already named 3.6.0)
- removed obsolete orbit-devel build requirement
- major update to 3.6rc1
- update to version 3.5.7 (bnc#568011)
  * DNS resolution in MakeSN of nsAuthSSPI causing issues for
    proxy servers that support NTLM auth (bmo#535193)
- added missing lockdown preferences (bnc#567131)
- readded firefox-ui-lockdown.patch (bnc#546158)
- security update to version 3.5.6 (bnc#559807)
  * MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
    Crashes with evidence of memory corruption (rv:1.9.1.6)
  * MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
    Memory safety fixes in liboggplay media library
  * MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
    Integer overflow, crash in libtheora video library
  * MFSA 2009-68/CVE-2009-3983 (bmo#487872)
    NTLM reflection vulnerability
  * MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
    Location bar spoofing vulnerabilities
  * MFSA 2009-70/VE-2009-3986 (bmo#522430)
    Privilege escalation via chrome window.opener
- fixed firefox-browser-css.patch (bnc#561027)
- rebased patches for fuzz=0
- update to version 3.5.5 (bnc#553172)
- security update to version 3.5.4 (bnc#545277)
  * MFSA 2009-52/CVE-2009-3370 (bmo#511615)
    Form history vulnerable to stealing
  * MFSA 2009-53/CVE-2009-3274 (bmo#514823)
    Local downloaded file tampering
  * MFSA 2009-54/CVE-2009-3371 (bmo#514554)
    Crash with recursive web-worker calls
  * MFSA 2009-55/CVE-2009-3372 (bmo#500644)
    Crash in proxy auto-configuration regexp parsing
  * MFSA 2009-56/CVE-2009-3373 (bmo#511689)
    Heap buffer overflow in GIF color map parser
  * MFSA 2009-57/CVE-2009-3374 (bmo#505988)
    Chrome privilege escalation in XPCVariant::VariantDataToJS()
  * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862)
    Heap buffer overflow in string to number conversion
  * MFSA 2009-61/CVE-2009-3375 (bmo#503226)
    Cross-origin data theft through document.getSelection()
  * MFSA 2009-62/CVE-2009-3376 (bmo#511521)
    Download filename spoofing with RTL override
  * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378
    Upgrade media libraries to fix memory safety bugs
  * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383
    Crashes with evidence of memory corruption
- removed upstreamed patch
  * firefox-bug506901.patch
- fix KDE button order in one more place (bnc#170055)
- improve UI colors to be usable with dark themes at all
  (firefox-browser-css.patch) (bnc#503351)
- extend list of supported architectures as ABI identifier
  (mozilla-abi.patch) (bnc#543460)
- added KDE integration patch from [hidden email]
  (firefox-kde.patch)
  * support for knotify, making -kde4-addon obsolete
  * KDE-specific support functional (bnc#170055)
- do not build libnkgnomevfs (bmo#512671) (firefox-no-gnomevfs)
- security update to version 3.5.3 (bnc#534458)
  * MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/
    CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075
    Crashes with evidence of memory corruption
  * MFSA 2009-49/CVE-2009-3077 (bmo#506871)
    TreeColumns dangling pointer vulnerability
  * MFSA 2009-50/CVE-2009-3078 (bmo#453827)
    Location bar spoofing via tall line-height Unicode characters
  * MFSA 2009-51/CVE-2009-3079 (bmo#454363)
    Chrome privilege escalation with FeedWriter
- renamed patch firefox-contextmenu-gnome to firefox-cross-desktop
  as it contains more tweaks to handle non-Gnome environments and
  especially KDE integration:
  * added the ability to set the KDE default browser
    (still part of bnc#170055)
- split -translations package into -common and -other
  (bnc#529180)
- remove "set as background" from context menu if not running in
  Gnome (part of bnc#170055)
- security update to version 3.5.2
  * MFSA 2009-38/CVE-2009-2470 (bmo#459524)
    Data corruption with SOCKS5 reply containing DNS name longer
    than 15 characters
  * MFSA 2009-44/CVE-2009-2654 (bmo#451898)
    Location bar and SSL indicator spoofing via window.open() on
    invalid URL
  * MFSA 2009-45
    Crashes with evidence of memory corruption
  * MFSA 2009-46 (bmo#498897)
    Chrome privilege escalation due to incorrectly cached wrapper
  * various other stability fixes
- export MOZ_APP_LAUNCHER in the startscript (bmo#453689)
- fixed %exclude usage
- fixed preferences' advanced pane for fresh profiles (bmo#506901)
- security update to version 3.5.1
  * MFSA 2009-41
    Corrupt JIT state after deep return from native function
- added mozilla-linkorder.patch to fix build with --as-needed
- update to final version 3.5 (20090623)
- fixed build by linking to a real file
- update to version 3.5rc2 (20090617)
- BuildRequire mozilla-xulrunner191 = 1.9.1.0
- update to version 3.5b99 (20090604)
- BuildRequire mozilla-xulrunner191 = 1.9.1b99
- fixed typos in improved xulrunner dependencies
- use non-localized Downloads folder (bnc#501724)
- update to new major version 3.5b4
  * based on Gecko 1.9.1 (mozilla-xulrunner191)
  * Private Browsing Mode
  * TraceMonkey JavaScript engine
  * Geolocation support
  * native JSON and web worker threads support
  * speculative parsing for faster content rendering
  * Some HTML5 support
- updated firefox.schemas
- improved firefox-no-update.patch
- security update to 3.0.10
  * MFSA 2009-23/CVE-2009-1313 (bmo#489647)
    Crash in nsTextFrame::ClearTextRun()
- security update to 3.0.9 (bnc#495473)
  * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305
    Crashes with evidence of memory corruption (rv:1.9.0.9)
  * MFSA 2009-15/CVE-2009-0652 (bmo#479336)
    URL spoofing with box drawing character
  * MFSA 2009-16/CVE-2009-1306 (bmo#474536)
    jar: scheme ignores the content-disposition: header on the
    inner URI
  * MFSA 2009-17/CVE-2009-1307 (bmo#481342)
    Same-origin violations when Adobe Flash loaded via
    view-source: scheme
  * MFSA 2009-18/CVE-2009-1308 (bmo#481558)
    XSS hazard using third-party stylesheets and XBL bindings
  * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433)
    Same-origin violations in XMLHttpRequest and
    XPCNativeWrapper.toString
  * MFSA 2009-20/CVE-2009-1310 (bmo#483086)
    Malicious search plugins can inject code into arbitrary sites
  * MFSA 2009-21/CVE-2009-1311 (bmo#471962)
    POST data sent to wrong site when saving web page with
    embedded frame
  * MFSA 2009-22/CVE-2009-1312 (bmo#475636)
    Firefox allows Refresh header to redirect to javascript: URIs
- security update to 1.9.0.8 (bnc#488955,489411)
  * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
    Crash and remote code execution in XSL transformation
  * MFSA 2009-13/CVE-2009-1044 (bmo#484320)
    Arbitrary code execution via XUL tree moveToEdgeShift
- allow RPM provides for stuff besides shared libraries
  (e.g. mime-types)
- security update to 3.0.7 (bnc#478625)
  * MFSA 2009-07 - Crashes with evidence of memory corruption
    CVE-2009-0771 - Layout Engine Crashes
    CVE-2009-0772 - Layout Engine Crashes
    CVE-2009-0773 - crashes in the JavaScript engine
    CVE-2009-0774 - Layout Engine Crashes
  * MFSA 2009-08/CVE-2009-0775 - (bmo#474456)
    Mozilla Firefox XUL Linked Clones Double Free Vulnerability
  * MFSA 2009-09/CVE-2009-0776 (bmo#414540)
    XML data theft via RDFXMLDataSource and cross-domain redirect
  * MFSA 2009-10/CVE-2009-0040 (bmo#478901)
    Upgrade PNG library to fix memory safety hazards
  * MFSA 2009-11/CVE-2009-0777 (bmo#452979)
    URL spoofing with invisible control characters

==== MozillaThunderbird ====
Version update (52.3.0 -> 52.4.0)
Subpackages: MozillaThunderbird-translations-common

- Mozilla Thunderbird 52.4.0 (bsc#1060445)
  * new behavior was introduced for replies to mailing list posts:
    "When replying to a mailing list, reply will be sent to address
    in From header ignoring Reply-to header". A new preference
    mail.override_list_reply_to allows to restore the previous behavior.
  * Under certain circumstances (image attachment and non-image
    attachment), attached images were shown truncated in messages
    stored in IMAP folders not synchronised for offline use.
  * IMAP UIDs > 0x7FFFFFFF now handled properly
  Security fixes from Gecko 52.4esr
  * CVE-2017-7793 (bmo#1371889)
    Use-after-free with Fetch API
  * CVE-2017-7818 (bmo#1363723)
    Use-after-free during ARIA array manipulation
  * CVE-2017-7819 (bmo#1380292)
    Use-after-free while resizing images in design mode
  * CVE-2017-7824 (bmo#1398381)
    Buffer overflow when drawing and validating elements with ANGLE
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
    Use-after-free in TLS 1.2 generating handshake hashes
  * CVE-2017-7814 (bmo#1376036)
    Blob and data URLs bypass phishing and malware protection warnings
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
  * CVE-2017-7823 (bmo#1396320)
    CSP sandbox directive did not create a unique origin
  * CVE-2017-7810
    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
- Add alsa-devel BuildRequires: we care for ALSA support to be
  built and thus need to ensure we get the dependencies in place.
  In the past, alsa-devel was pulled in by accident: we
  buildrequire libgnome-devel. This required esound-devel and that
  in turn pulled in alsa-devel for us. libgnome is being fixed to
  no longer require esound-devel.

==== bluedevil5 ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * fix spdx licence for appstream happyness
  * fix spdx licence for appstream happyness
  * Use Q_DECL_OVERRIDE

==== breeze ====
Version update (5.10.5 -> 5.11.0)
Subpackages: breeze5-cursors breeze5-decoration breeze5-style breeze5-style-lang breeze5-wallpapers

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Too many changes to list here

==== breeze-gtk ====
Version update (5.10.5 -> 5.11.0)
Subpackages: gtk2-metatheme-breeze gtk3-metatheme-breeze metatheme-breeze-common

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * Fix background-image warning
  * Don't show scrollbar steppers
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Adjusted Scrollbars so now they fit the Qt theme

==== breeze4-style ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Too many changes to list here

==== clamav ====

- Implement shared library guideline.

==== dracut ====

- Add IMA functionality (fate#323289)
  This is implemented as a sub module analogous to FIPS
  * adds 0539-Add-IMA-functionality-fate-323289.patch

==== drkonqi5 ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
- Initial package, split from plasma5-workspace

==== file ====
Subpackages: file-devel file-magic libmagic1

- remove python build instructions from master spec file, move completely
  into python-magic.spec

==== graphviz ====
Subpackages: graphviz-plugins-core libgraphviz6

- Exclude %{_mandir}/man1/smyrna.1%{ext_man} from graphiz' main
  package, since the man page is packaged in the -smyrna sub
  package already.

==== graphviz-addons ====
Subpackages: graphviz-gd graphviz-gnome

- Exclude %{_mandir}/man1/smyrna.1%{ext_man} from graphiz' main
  package, since the man page is packaged in the -smyrna sub
  package already.

==== kactivitymanagerd ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Separating queries for removing from a specific activity and from all activities

==== kcm_sddm ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Use Q_DECL_OVERRIDE

==== kde-cli-tools5 ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * always install kdesu docs, the translations are always installed so this has minimal effect
  * update kcm statistics in kcmshell too
  * Use Q_DECL_OVERRIDE

==== kde-gtk-config5 ====
Version update (5.10.5 -> 5.11.0)
Subpackages: kde-gtk-config5-gtk2 kde-gtk-config5-gtk3

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Add some keywords so it's more easily found in System Settings search
  * Fix look-up of gtk preview modules (kde#383198)
  * Remove unused KNS file
  * Make the kde-gtk-config kcm better at checking global gtk settings (kde#378013)
  * Fix test
  * Add a checkbox to enable dark GTK3 Themes (kde#346469)
  * Use override
  * Use Q_DECL_OVERRIDE
- Remove patches, now upstream:
  * 0001-Fix-look-up-of-gtk-preview-modules.patch

==== kde-user-manager ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Don't show a region selector when selecting avatars from a gallery
  * Use Q_DECL_OVERRIDE

==== kernel-source ====
Version update (4.13.4 -> 4.13.5)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms

- Linux 4.13.5 (bnc#1012628).
- cifs: check rsp for NULL before dereferencing in SMB2_open
  (bnc#1012628).
- cifs: release cifs root_cred after exit_cifs (bnc#1012628).
- cifs: release auth_key.response for reconnect (bnc#1012628).
- nvme-pci: fix host memory buffer allocation fallback
  (bnc#1012628).
- nvme-pci: use appropriate initial chunk size for HMB allocation
  (bnc#1012628).
- nvme-pci: propagate (some) errors from host memory buffer setup
  (bnc#1012628).
- dax: remove the pmem_dax_ops->flush abstraction (bnc#1012628).
- dm integrity: do not check integrity for failed read operations
  (bnc#1012628).
- mmc: block: Fix incorrectly initialized requests (bnc#1012628).
- fs/proc: Report eip/esp in /prod/PID/stat for coredumping
  (bnc#1012628).
- scsi: scsi_transport_fc: fix NULL pointer dereference in
  fc_bsg_job_timeout (bnc#1012628).
- SMB3: Add support for multidialect negotiate (SMB2.1 and later)
  (bnc#1012628).
- mac80211: fix VLAN handling with TXQs (bnc#1012628).
- mac80211_hwsim: Use proper TX power (bnc#1012628).
- mac80211: flush hw_roc_start work before cancelling the ROC
  (bnc#1012628).
- mac80211: fix deadlock in driver-managed RX BA session start
  (bnc#1012628).
- genirq: Make sparse_irq_lock protect what it should protect
  (bnc#1012628).
- genirq/msi: Fix populating multiple interrupts (bnc#1012628).
- genirq: Fix cpumask check in __irq_startup_managed()
  (bnc#1012628).
- KVM: PPC: Book3S HV: Hold kvm->lock around call to
  kvmppc_update_lpcr (bnc#1012628).
- KVM: PPC: Book3S HV: Fix bug causing host SLB to be restored
  incorrectly (bnc#1012628).
- KVM: PPC: Book3S HV: Don't access XIVE PIPR register using
  byte accesses (bnc#1012628).
- tracing: Fix trace_pipe behavior for instance traces
  (bnc#1012628).
- tracing: Erase irqsoff trace with empty write (bnc#1012628).
- tracing: Remove RCU work arounds from stack tracer
  (bnc#1012628).
- md/raid5: fix a race condition in stripe batch (bnc#1012628).
- md/raid5: preserve STRIPE_ON_UNPLUG_LIST in
  break_stripe_batch_list (bnc#1012628).
- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx
  doesn't parse nlmsg properly (bnc#1012628).
- scsi: aacraid: Fix 2T+ drives on SmartIOC-2000 (bnc#1012628).
- scsi: aacraid: Add a small delay after IOP reset (bnc#1012628).
- drm/exynos: Fix locking in the suspend/resume paths
  (bnc#1012628).
- drm/i915/gvt: Fix incorrect PCI BARs reporting (bnc#1012628).
- Revert "drm/i915/bxt: Disable device ready before shutdown
  command" (bnc#1012628).
- drm/radeon: disable hard reset in hibernate for APUs
  (bnc#1012628).
- crypto: drbg - fix freeing of resources (bnc#1012628).
- crypto: talitos - Don't provide setkey for non hmac hashing algs
  (bnc#1012628).
- crypto: talitos - fix sha224 (bnc#1012628).
- crypto: talitos - fix hashing (bnc#1012628).
- security/keys: properly zero out sensitive key material in
  big_key (bnc#1012628).
- security/keys: rewrite all of big_key crypto (bnc#1012628).
- KEYS: fix writing past end of user-supplied buffer in
  keyring_read() (bnc#1012628).
- KEYS: prevent creating a different user's keyrings
  (bnc#1012628).
- KEYS: prevent KEYCTL_READ on negative key (bnc#1012628).
- libnvdimm, namespace: fix btt claim class crash (bnc#1012628).
- powerpc/eeh: Create PHB PEs after EEH is initialized
  (bnc#1012628).
- powerpc/pseries: Fix parent_dn reference leak in add_dt_node()
  (bnc#1012628).
- powerpc/tm: Flush TM only if CPU has TM feature (bnc#1012628).
- MIPS: Fix perf event init (bnc#1012628).
- s390/perf: fix bug when creating per-thread event (bnc#1012628).
- s390/mm: make pmdp_invalidate() do invalidation only
  (bnc#1012628).
- s390/mm: fix write access check in gup_huge_pmd() (bnc#1012628).
- PM: core: Fix device_pm_check_callbacks() (bnc#1012628).
- Revert "IB/ipoib: Update broadcast object if PKey value was
  changed in index 0" (bnc#1012628).
- Fix SMB3.1.1 guest authentication to Samba (bnc#1012628).
- SMB3: Fix endian warning (bnc#1012628).
- SMB3: Warn user if trying to sign connection that authenticated
  as guest (bnc#1012628).
- SMB: Validate negotiate (to protect against downgrade) even
  if signing off (bnc#1012628).
- SMB3: handle new statx fields (bnc#1012628).
- SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags
  (bnc#1012628).
- vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets
  (bnc#1012628).
- libceph: don't allow bidirectional swap of pg-upmap-items
  (bnc#1012628).
- brd: fix overflow in __brd_direct_access (bnc#1012628).
- gfs2: Fix debugfs glocks dump (bnc#1012628).
- bsg-lib: don't free job in bsg_prepare_job (bnc#1012628).
- iw_cxgb4: drop listen destroy replies if no ep found
  (bnc#1012628).
- iw_cxgb4: remove the stid on listen create failure
  (bnc#1012628).
- iw_cxgb4: put ep reference in pass_accept_req() (bnc#1012628).
- rcu: Allow for page faults in NMI handlers (bnc#1012628).
- mmc: sdhci-pci: Fix voltage switch for some Intel host
  controllers (bnc#1012628).
- extable: Consolidate *kernel_text_address() functions
  (bnc#1012628).
- extable: Enable RCU if it is not watching in
  kernel_text_address() (bnc#1012628).
- selftests/seccomp: Support glibc 2.26 siginfo_t.h (bnc#1012628).
- seccomp: fix the usage of get/put_seccomp_filter() in
  seccomp_get_filter() (bnc#1012628).
- arm64: Make sure SPsel is always set (bnc#1012628).
- arm64: mm: Use READ_ONCE when dereferencing pointer to pte table
  (bnc#1012628).
- arm64: fault: Route pte translation faults via
  do_translation_fault (bnc#1012628).
- KVM: VMX: extract __pi_post_block (bnc#1012628).
- KVM: VMX: avoid double list add with VT-d posted interrupts
  (bnc#1012628).
- KVM: VMX: simplify and fix vmx_vcpu_pi_load (bnc#1012628).
- KVM: nVMX: fix HOST_CR3/HOST_CR4 cache (bnc#1012628).
- kvm/x86: Handle async PF in RCU read-side critical sections
  (bnc#1012628).
- KVM: VMX: Do not BUG() on out-of-bounds guest IRQ (bnc#1012628).
- kvm: nVMX: Don't allow L2 to access the hardware CR8
  (bnc#1012628).
- xfs: validate bdev support for DAX inode flag (bnc#1012628).
- fix infoleak in waitid(2) (bnc#1012628).
- sched/sysctl: Check user input value of sysctl_sched_time_avg
  (bnc#1012628).
- irq/generic-chip: Don't replace domain's name (bnc#1012628).
- mtd: Fix partition alignment check on multi-erasesize devices
  (bnc#1012628).
- mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user
  (bnc#1012628).
- etnaviv: fix submit error path (bnc#1012628).
- etnaviv: fix gem object list corruption (bnc#1012628).
- futex: Fix pi_state->owner serialization (bnc#1012628).
- md: fix a race condition for flush request handling
  (bnc#1012628).
- md: separate request handling (bnc#1012628).
- PCI: Fix race condition with driver_override (bnc#1012628).
- btrfs: fix NULL pointer dereference from free_reloc_roots()
  (bnc#1012628).
- btrfs: clear ordered flag on cleaning up ordered extents
  (bnc#1012628).
- btrfs: finish ordered extent cleaning if no progress is found
  (bnc#1012628).
- btrfs: propagate error to btrfs_cmp_data_prepare caller
  (bnc#1012628).
- btrfs: prevent to set invalid default subvolid (bnc#1012628).
- PM / OPP: Call notifier without holding opp_table->lock
  (bnc#1012628).
- x86/mm: Fix fault error path using unsafe vma pointer
  (bnc#1012628).
- x86/fpu: Don't let userspace set bogus xcomp_bv (bnc#1012628).
- KVM: VMX: do not change SN bit in vmx_update_pi_irte()
  (bnc#1012628).
- KVM: VMX: remove WARN_ON_ONCE in
  kvm_vcpu_trigger_posted_interrupt (bnc#1012628).
- KVM: VMX: use cmpxchg64 (bnc#1012628).
- video: fbdev: aty: do not leak uninitialized padding in clk
  to userspace (bnc#1012628).
- Update config files.
- commit 3fd9659
- orc: mark it as reliable (bnc#1058115).
- Update config files.
- commit 3cbbf06
- x86/asm: Use register variable to get stack pointer value
  (bnc#1058115).
- commit a5d4692
- x86/asm: Fix inline asm call constraints for GCC 4.4
  (bnc#1058115).
- commit 034c016
- platform/x86: fujitsu-laptop: Don't oops when FUJ02E3 is not
  presnt (bnc#1058814).
- commit 80338f6
- ORC crypto patches: Update upstream status.
- commit 01974c6
- Refresh
  patches.suse/0001-objtool-Don-t-report-end-of-section-error-after-an-e.patch.
- Refresh
  patches.suse/0002-x86-head-Remove-confusing-comment.patch.
- Refresh
  patches.suse/0003-x86-head-Remove-unused-bad_address-code.patch.
- Refresh
  patches.suse/0004-x86-head-Fix-head-ELF-function-annotations.patch.
- Refresh
  patches.suse/0005-x86-boot-Annotate-verify_cpu-as-a-callable-function.patch.
- Refresh
  patches.suse/0006-x86-xen-Fix-xen-head-ELF-annotations.patch.
- Refresh
  patches.suse/0007-x86-xen-Add-unwind-hint-annotations.patch.
- Refresh
  patches.suse/0008-x86-head-Add-unwind-hint-annotations.patch.
- Delete
  patches.suse/0002-dwarf-do-not-throw-away-unwind-info.patch.
  Update upstream status and drop the dwarf remainder.
- commit c3e0cbe

==== kgamma5 ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Use Q_DECL_OVERRIDE
  * Use QFormLayout for sliders
  * Don't fix a height of sliders
  * Fix spacing in "Select test picture:" row
  * Remove .png extension from icon name in the desktop file

==== khotkeys5 ====
Version update (5.10.5 -> 5.11.0)
Subpackages: khotkeys5-devel

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Use Q_DECL_OVERRIDE

==== kinfocenter5 ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Allow to select module with keyboard
  * Do not leak XVisualInfo (X11 EGL path)
  * Do not mark {variantLabel} as translatable
  * Use Q_DECL_OVERRIDE

==== kmenuedit5 ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Remove obsolete add_dependencies
  * Use Q_DECL_OVERRIDE

==== kscreen5 ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * Don't auto scale outputs where we don't know the physical size
  * Keep monitoring the initial config
  * track the config to monitor, save scale
  * add size hint to KScreen KCM
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Also generate default output scale on first run not just new monitors
  * [OutputConfig] Locale-format refresh rate
  * Automatic scaling selection
  * Fix deprecated usage of ecm_install_icons
  * Show UI for per screen scaling options on supported platforms
  * Port OutputConfig away from blockSignals
  * Use Q_DECL_OVERRIDE
  * Get rid of extra margins

==== kscreenlocker ====
Version update (5.10.5 -> 5.11.0)
Subpackages: libKScreenLocker5

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * Workaround crash on lockscreen close
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * seccomp filter: Handle openat as well (kde#384651)
  * Don't dissallow open with write flag syscall on NVIDIA (kde#384005)
  * Tell user to unlock his session only
  * Use Q_DECL_OVERRIDE
  * Fix detection of sys/event.h on FreeBSD < 12
  * include <signal.h> for kill(2)
- Remove patches, now upstream:
  * 0001-Don-t-dissallow-open-with-write-flag-syscall-on-NVID.patch

==== ksshaskpass5 ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * None

==== ksysguard5 ====
Version update (5.10.5 -> 5.11.0)

- Add patch to fix gathering of the CPU clock with kernel >= 4.13
  (boo#1061071, kde#382561):
  * 0001-Try-to-read-CPU-clock-from-cpufreq-scaling_cur_freq-.patch
- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * softraid: Remove dead code and associated warning.
  * Properly check if mdraid array is active.
  * FreeBSD build fix, v4.
  * FreeBSD compile fix, try 3.
  * Fix FreeBSD build, try 2.
  * Fix build regression on FreeBSD
  * Fix compilation with strict libc (such as musl).
  * remove extra <nlist.h> include on FreeBSD
  * Use Q_DECL_OVERRIDE

==== kwin5 ====
Version update (5.10.5 -> 5.11.0)
Subpackages: kwin5-devel

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * Fix: Missing dependencies for kwin autotests
  * remove xdgv6 use from 5.11 branch
  * Also send Wayland clients to a new desktop if their desktop was removed
  * Don't recreate kwayland blurmanager on screen size changes
  * Don't reload background contrast effect on screen resize
  * [tabbox] Create X11Filter on establishKeyboardGrab (kde#385032)
  * Restore cursors across multiple screens (kde#385003)
  * Properly update the visible (icon) name when the caption changes (kde#384760)
  * Make sure OpenGL Context is valid before deleting shader (kde#384884)
  * Don't scale cursor hotspot differently to cursor (kde#384769)
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Too many changes to list here

==== libkdecoration2 ====
Version update (5.10.5 -> 5.11.0)
Subpackages: libkdecoration2-devel libkdecorations2-5 libkdecorations2private5

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * [autotests] Fix DecorationButtonTest::testPressAndHold with Qt 5.9

==== libkscreen2 ====
Version update (5.10.5 -> 5.11.0)
Subpackages: libKF5Screen7 libkscreen2-devel libkscreen2-plugin

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * When cloning a config also clone supportedFeatures
  * warnings--;
  * let's continue in debug code instead of returning from XRandRConfig::applyKScreenConfig
  * Add setScale option to kscreendoctor
  * USe Q_DECL_OVERRIDE
  * Delete registry before connection
  * Update unit test to match scaling

==== libksysguard5 ====
Version update (5.10.5 -> 5.11.0)
Subpackages: libksysguard5-devel libksysguard5-helper

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * libksysguard does not appear to use QtScript, but just includes it.
  * Inject custom style sheet with system colors (kde#360214)
  * Use Q_DECL_OVERRIDE
  * Fix compilation on CentOS 6

==== linphone ====
Subpackages: liblinphone++9 liblinphone-data liblinphone-devel liblinphone-lang liblinphone9

- Add build condtionally for C++ bindings to fix build in Leap
- Remove build conditionally for ffmpeg
- Remove build conditionally for ldap
- Remove unused BuildRequires for disabled rootca download

==== milou5 ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * make krunner accessible
  * spdx validation
  * Remove unused import
  * Remove unused import
  * [ResultDelegate] Enforce PlainText
  * Use Q_DECL_OVERRIDE

==== oxygen5 ====
Version update (5.10.5 -> 5.11.0)
Subpackages: oxygen5-cursors oxygen5-decoration oxygen5-devel oxygen5-lang oxygen5-sounds oxygen5-style

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * renamed oxygen specific KCMs CCBUG: 383283
  * - hide shadow when mask is empty - properly handle creating shadow when mdi window is already visible at registration - added some "auto" declarations
  * - hide shadow when mask is empty - properly handle creating shadow when mdi window is already visible at registration - added some "auto" declarations
  * fixed warning about unused variable
  * removed double ;;
  * Fixed calculation of top border.
  * Fixed calculation of top border.
  * Partially revert "Use Q_DECL_OVERRIDE" (kde#380452)
  * Q_DECL_OVERRIDE -> override Rationale is that oxygen decoration depends on libkdecoration, which uses override directly already.
  * Use Q_DECL_OVERRIDE
  * Set a mask to shadow widget to make sure that it does not overlap with the mdi window. BUG:379790 (kde#379790)
  * Set a mask to shadow widget to make sure that it does not overlap with the mdi window. BUG:379790 (kde#379790)

==== perl-Class-Multimethods ====
Version update (1.70 -> 1.701)

- regenerate spec file with cpanspec
- update to 1.701
  - Added handler registration code to clean up installation
    (thanks Robert)
  - Changed demo shebang lines for Debian compatibility
    (thanks Florian and Jay)
- obsoleting Class-Multimethods-1.70.diff

==== perl-DBD-CSV ====
Version update (0.48 -> 0.49)

- updated to 0.49
  see /usr/share/doc/packages/perl-DBD-CSV/ChangeLog
  0.49 - 2016-05-12, H.Merijn Brand
  * Simplified test-table-name generation
  * Prefer quote_empty over quote_always for size (Text::CSV_XS => 1.18)
  * Add CONTRIBUTING.md
  * It's 2016
  * Added docs to warn for reserved words (RT#106529)
  * Minor spelling corrections (PRC Guillermo O. Freschi)
  * Test with perl 5.24.0, DBI 1.636, SQL::Statement-1.410, and
    Text::CSV_XS-1.23

==== perl-Log-Dispatch ====
Version update (2.66 -> 2.67)

- updated to 2.67
  see /usr/share/doc/packages/perl-Log-Dispatch/Changes
  2.67     2017-09-24
  - Added a lazy_open option to the File output. This delays opening the file
    until the first time a log message is written to it. Implemented by Slaven
    Rezi?. GH #50.

==== plasma-nm5 ====
Version update (5.10.5 -> 5.11.0)
Subpackages: plasma-nm5-openconnect plasma-nm5-openvpn plasma-nm5-pptp plasma-nm5-vpnc

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * Don't duplicate UI option for automatic speed detection (kde#383505)
  * Remove unused identity model
  * It makes sense to show VPN connections only when we are connected to internet
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Drop the old legacy connection editor
  * Add option to allow managing virtual connections (kde#376664)
  * Summary: L2TP: pre-sharedkey should be mask
  * Add support for fortisslvpn
  * Openconnect: make sure the UI fits into the password dialog (kde#380399)
  * UI updates for NetworkManager-l2tp 1.2.6
  * Add missing file with UI for configuration
  * Allow to have wider password dialog while preffering minimum size (kde#380399)
  * Openconnect: make sure we accept the dialog (kde#380299)
  * Openconnect: Add option to select protocol
  * Properly pass specific vpn type when selecting new connection by double click
  * Openconnect (juniper): Properly make sure we are compatible with the rest of nm tools
  * Openconnect (juniper): Make sure we are compatible with the rest of nm tools (kde#380244)
  * Add option to disable unlocking modem on detection (kde#380150)

==== plasma5-addons ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * Fix ksysguard not starting on plasmoid click
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Try to get higher quality image for flickr potd. (kde#377917)
  * spdx syntax fix http://metadata.neon.kde.org/appstream/html/xenial/main/issues/plasma-dataengines-addons.html
  * fix .desktop files for appstream compliance http://metadata.neon.kde.org/appstream/html/xenial/main/issues/plasma-widgets-addons.html
  * fixes for appstream compliance http://metadata.neon.kde.org/appstream/html/xenial/main/issues/plasma-wallpapers-addons.html
  * [Color Picker] Add drag pixmap for color
  * [Color Picker] Allow running color picker applet standalone
  * [Notes applet] Wrap in FocusScope
  * remove wrong X-Ubuntu-Gettext-Domain key
  * Restore original formatButtonsRow.opacity
  * [Notes Applet] Show formatting options when it has focus
  * Use Q_DECL_OVERRIDE
  * Fix fifteen puzzle solveability (kde#358940)

==== plasma5-desktop ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * kimpanel: Wrap everything in an item for PlasmaCore.Dialog
  * kimpanel: another try to workaround kimpanel window not getting updated issue.
  * Error out if the device returns a negative number of buttons
  * Sync XRDB DPI to the platform specific setting
  * Use a different key for font DPI on X and Wayland
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Too many changes to list here
- Remove patches, now upstream:
  * fix-writing-Qt4-font-settings.patch

==== plasma5-integration ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * link test against QuickControls2 to fix compile
  * Use QQuickStyle to set the QQC2 style (kde#384481)
  * Set QtQuickControls theme in QPT (kde#384466,kde#384481)
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Add ~/.local/share/icons to icons search paths
  * Group find_package(KF5*) calls together
  * Fix faulty merge
  * Allow to change toolbar font separately again (kde#358254)
  * [KHintsSettings] Update AA_DontShowIconsInMenus at runtime
  * Also specify a default StyleName for fonts (kde#383191)
  * Middle-click on QSystemTrayIcon ?auses context menu (kde#382855)
  * KDE QFileDialog helper: support name filters without parenthesis.
  * Introduce KDE_NO_GLOBAL_MENU env variable to disable global menu
  * Introduce KDE_NO_GLOBAL_MENU env variable to disable global menu
  * check window visibility at expose event
  * Allow to disable blinking cursor completely
  * Fix deprecation warnings. setSelection -> setSelectedUrl ui -> uiDelegate
  * Replace Q_DECL_OVERRIDE with override.

==== plasma5-openSUSE ====
Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE

- Update to 5.11.0
- Update to 5.10.95
- Fix minor issues in org.opensuse.desktop.defaultPanel metadata
- Force "Regular" font style in /etc/xdg/kdeglobals by default

==== plasma5-pa ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * [ListItemBase] Use section instead of disabled menu item
  * StreamRestore: Always set channel count to 1 (kde#383787)

==== plasma5-workspace ====
Version update (5.10.5 -> 5.11.0)
Subpackages: plasma5-session plasma5-workspace-devel plasma5-workspace-lang plasma5-workspace-libs

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * update selected wallpaper when adding from file browser
  * Stop setting the QQC1 style in startkde
  * Fix another test failure.
  * Fix test failure after favorites URL mangling refactoring.
  * [PowerDevil Runner] Obliterate traces of power profiles
  * [TasksModel] Use std::acumulate on the QHash directly
  * remove extra executable bits
  * Don't set QQC Style in startkde
  * Unhide autohidden panel when using global menu (kde#384861)
  * Use a separate config value for Wayland font DPI
- Remove the fix related to a knotifications bug (boo#1046458):
  * bug is fixed upstream (knotifications 5.38.0)
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Too many changes to list here
- Remove patches, now upstream:
  * plasma5-workspace/0001-Don-t-search-for-and-link-to-libcln-when-using-libqa.patch
  * plasma5-workspace/applauncher-allow-to-show-apps-by-name.patch
  * plasma5-workspace/logoutdialog-honor-Offer-shutdown-options.patch
- Move plasma5-session into here
- Convert kde-plasma.desktop session file to link to avoid duplicate
  entries in display managers
- Add AppStreamQt BuildReq

==== polkit-kde-agent-5 ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Use Q_DECL_OVERRIDE

==== powerdevil5 ====
Version update (5.10.5 -> 5.11.0)

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Disable DDCUtil by default
  * Bump the version requirement for Qt
  * Revert "skip the disabled backlight device" (kde#381114,kde#381199)
  * Use Q_DECL_OVERRIDE
  * cmake: link to ddcutil only if found
  * Add brightness control using ddcutil lib

==== systemsettings5 ====
Version update (5.10.5 -> 5.11.0)
Subpackages: systemsettings5-devel

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * Remove unnecessary remove_definitions()
  * Define -DQT_NO_URL_CAST_FROM_STRING and fix compilation.
  * Also extract i18n messages from *.qml
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Too many changes to list here
- Add patch to fix appearance of the front page with long words (kde#380972):
  * 0001-try-harder-to-wrap-very-long-words.patch

==== timezone ====

- Require simply java, since with the new version of javazic, it
  is possible to generate the timezone information using any java
  version

==== timezone-java ====

- Require simply java, since with the new version of javazic, it
  is possible to generate the timezone information using any java
  version

==== xdg-desktop-portal-kde ====
Version update (5.10.5 -> 5.11.0)
Subpackages: xdg-desktop-portal-kde-lang

- Update to 5.11.0
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.11.0.php
- Changes since 5.10.95:
  * None
- Update to 5.10.95
  * New feature release
  * For more details please see:
  * https://www.kde.org/announcements/plasma-5.10.95.php
- Changes since 5.10.5:
  * Use CMAKE_INSTALL_FULL_LIBEXECDIR
  * Use CMAKE_INSTALL_FULL_LIBEXECDIR
  * Add arcconfig
  * Massively simplify the class DesktopPortal
  * Add missing files
  * Add Access portal for requesting hardware access
  * Restore previous version
  * Fix description
  * Update AppChooser portal
  * Fix minor issues spotted by Lamarque


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: ??? changelog posting/archiving relevance ??? (was: New Tumbleweed snapshot 20171009)

Felix Miata-3
Dominique Leuenberger composed on 2017-10-11 01:39 (UTC+0200):

[roughly 173kb archived, approximately 70% of which is Firefox]

...
> Packages changed:
>   MozillaFirefox (52.3.0 -> 56.0)
...
> ==== MozillaFirefox ====
> Version update (52.3.0 -> 56.0)
> Subpackages: MozillaFirefox-translations-common
...
> - update to Firefox 55.0.1
...
> - update to Firefox 55.0 (boo#1052829)
...
> - update to Firefox 54.0.1
...
...
> - update to Firefox 53.0
...
> - update to Firefox 52.0.2
...
> - Mozilla Firefox 51.0.1:
...
> - update to Firefox 51.0
...
>   * MFSA 2017-01
...
> - update to Firefox 50.1.0 (boo#1015422)
>   * MFSA 2016-94
...
> - update to Firefox 50.0.2
...
> - update to Firefox 50.0 (boo#1009026)
...
>   (Windows only) (bmo#1246945)
...
> - Mozilla Firefox 49.0.2:
...
> - Mozilla Firefox 49.0.1:
...
> - Mozilla Firefox 48.0.2:
>   * Mitigate a startup crash issue caused on Windows (bmo#1291738)
...
> - Mozilla Firefox 48.0.1:
...
> - update to Firefox 48.0 (boo#991809)
...
> - Mozilla Firefox 47.0.1:
...
> - update to Firefox 46.0.1
...
> - Mozilla Firefox 45.0.1:
...
> - update to Firefox 45.0 (boo#969894)
...
...
> - update to Firefox 44.0.2
...
> - update to Firefox 44.0
>   * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633
...
> - Mozilla Firefox 43.0.4:
...
> - update to Firefox 43.0.3
...
> - update to Firefox 43.0 (bnc#959277)
...
> - update to Firefox 42.0 (bnc#952810)
...
> - update to Firefox 41.0.2 (bnc#950686)
...
> - update to Firefox 41.0.1
...
> - update to Firefox 41.0 (bnc#947003)
...
> - update to Firefox 40.0.3 (bnc#943550)
...
> - update to Firefox 40.0 (bnc#940806)
...
>   * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
...
> - update to Firefox 39.0 (bnc#935979)
...
> - update to Firefox 38.0.1
...
> - update to Firefox 38.0 (bnc#930622)
...
> - update to Firefox 37.0.2 (bnc#928116)
...
> - update to Firefox 37.0 (bnc#925368)
...
> - update to Firefox 36.0.4 (bnc#923534)
...
> - update to Firefox 36.0 (bnc#917597)
...
> - update to Firefox 35.0.1
...
> - update to Firefox 35.0 (bnc#910669)
...
> - update to Firefox 34.0.5 (bnc#908009)
...
> - update to Firefox 33.1
...
> - update to Firefox 32.0.2
...
> - update to Firefox 32.0.1
...
> - update to Firefox 31.0 (bnc#887746)
>   * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548
...
> - update to Firefox 30.0 (bnc#881874)
...
> - update to Firefox 29.0.1
...
> - update to Firefox 29.0 (bnc#875378)
...
> - update to Firefox 28.0 (bnc#868603)
>   * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
...
> - update to Firefox 27.0.1
...
> - update to Firefox 27.0 (bnc#861847)
...
> - update to Firefox 26.0 (bnc#854367, bnc#854370)
...
> - update to Firefox 25.0 (bnc#847708)
...
> - update to Firefox 24.0 (bnc#840485)
...
> - update to Firefox 23.0.1
...
> - update to Firefox 23.0 (bnc#833389)
>   * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702
...
> - update to Firefox 22.0 (bnc#825935)
...
> - update to Firefox 21.0 (bnc#819204)
...
> - update to Firefox 20.0 (bnc#813026)
...
> - update to Firefox 19.0.2 (bnc#808243)
...
> - update to Firefox 19.0.1
...
> - update to Firefox 19.0 (bnc#804248)
>   * MFSA 2013-21/CVE-2013-0783/2013-0784
...
> - update to Firefox 18.0.2
...
> - update to Firefox 18.0.1
...
> - update to Firefox 18.0 (bnc#796895)
...
> - update to Firefox 17.0.1
...
> - update to Firefox 17.0 (bnc#790140)
>   * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
...
> - update to Firefox 16.0.2 (bnc#786522)
...
> - update to Firefox 16.0.1 (bnc#783533)
...
> - update to Firefox 15.0.1 (bnc#779936)
...
> - update to Firefox 15.0 (bnc#777588)
>   * MFSA 2012-57/CVE-2012-1970
...
> - update to 14.0.1 (bnc#771583)
>   * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
...
> - update to Firefox 13.0 (bnc#765204)
...
> - update to Firefox 12.0 (bnc#758408)
...
> - update to Firefox 11.0 (bnc#750044)
...
> - update to Firefox 10.0.2 (bnc#747328)
...
> - update to Firefox 10.0.1 (bnc#746616)
...
> - update to Firefox 10.0 (bnc#744275)
...
> - update to Firefox 9.0.1
...
> - update to Firefox 9 (bnc#737533)
...
> - update to Firefox 8 (bnc#728520)
>   * MFSA 2011-47/CVE-2011-3648 (bmo#690225)
...
> - update to minor release 7.0.1
...
> - security update to 6.0.2 (bnc#714931)
...
> - update to 6.0 (bnc#712224)
...
> - update to 6.0b3
...
> - update to 5.0 final
> - included fixes for security issues: (bnc#701296, bnc#700578)
>   * MFSA 2011-19/CVE-2011-2374 CVE-2011-2375
...
> - update to 5.0b7
...
> - security update to 4.0.1 (bnc#689281)
>   * MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0079
...
> - update to version 4.0b10
...
> - update to version 4.0beta8
> - major update to version 4.0beta7
...
> - security update to 3.6.12 (bnc#649492)
...
> - security update to 3.6.11 (bnc#645315)
>   * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
...
> - update to 3.6.10
...
> - security update to 3.6.9 (bnc#637303)
...
> - update to 3.6.6 release
...
> - update to final 3.6.4 release (bnc#603356)
>   * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
...
> - update to 3.6.4(build6)
> - security update to 3.6.4 (Lorentz)
...
> - security update to 3.6.3
...
> - security update to version 3.6.2 (bnc#586567)
>   * MFSA 2010-08/CVE-2010-1028
...
> - update to 3.6rc2 (already named 3.6.0)
...
> - major update to 3.6rc1
> - update to version 3.5.7 (bnc#568011)
...
> - security update to version 3.5.6 (bnc#559807)
...
> - update to version 3.5.5 (bnc#553172)
> - security update to version 3.5.4 (bnc#545277)
>   * MFSA 2009-52/CVE-2009-3370 (bmo#511615)
...
> - security update to version 3.5.3 (bnc#534458)
...
> - security update to version 3.5.2
...
> - update to final version 3.5 (20090623)
...
> - update to version 3.5rc2 (20090617)
...
> - update to version 3.5b99 (20090604)
...
> - update to new major version 3.5b4
...
> - security update to 3.0.10
...
> - security update to 3.0.9 (bnc#495473)
>   * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305
...
> - security update to 3.0.7 (bnc#478625)
>   * MFSA 2009-07 - Crashes with evidence of memory corruption
>     CVE-2009-0771 - Layout Engine Crashes...
Is this resource wastage necessary or relevant? :-(
--
"Wisdom is supreme; therefore get wisdom. Whatever else you
get, get wisdom." Proverbs 4:7 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: ??? changelog posting/archiving relevance ???

Stephan Kulow-3
Am 11.10.2017 um 05:05 schrieb Felix Miata:
> Dominique Leuenberger composed on 2017-10-11 01:39 (UTC+0200):
>

>>     CVE-2009-0771 - Layout Engine Crashes...
> Is this resource wastage necessary or relevant? :-(
>
Just don't print it

Greetings, Stephan

--
Ma muaß weiterkämpfen, kämpfen bis zum Umfalln, a wenn die
ganze Welt an Arsch offen hat, oder grad deswegn.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

sddm won't allow change user

Karl Mistelberger
In reply to this post by Dominique Leuenberger
with sddm  0.15.0-1.1 change user does not work anymore.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: sddm won't allow change user

Wolfgang Bauer
Am Mittwoch, 11. Oktober 2017, 09:06:49 schrieb Karl Mistelberger:
> with sddm  0.15.0-1.1 change user does not work anymore.

That's a regression in Plasma 5.11.0 (unrelated to sddm 0.15.0, which is in
Tumbleweed since weeks already).

A fix is on the way:
https://build.opensuse.org/request/show/533431

Btw, you can apply it locally if you don't want to wait for the update, just
change the file /usr/share/plasma/look-and-
feel/org.openSUSE.desktop/contents/components/UserDelegate.qml with a text
editor accordingly:
@@ -28,6 +@@ -28,6 +28,7 @@ Item {
 
     property bool isCurrent: true
 
+    readonly property var m: model
     property string name
     property string userName
     property string avatarPath

Kind Regards,
Wolfgang

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: sddm won't allow change user

Karl Mistelberger
Am Mittwoch, 11. Oktober 2017, 19:52:49 CEST schrieb Wolfgang Bauer:

> Am Mittwoch, 11. Oktober 2017, 09:06:49 schrieb Karl Mistelberger:
> > with sddm  0.15.0-1.1 change user does not work anymore.
>
> That's a regression in Plasma 5.11.0 (unrelated to sddm 0.15.0, which is in
> Tumbleweed since weeks already).
>
> A fix is on the way:
> https://build.opensuse.org/request/show/533431
>
> Btw, you can apply it locally if you don't want to wait for the update, just
> change the file /usr/share/plasma/look-and-
> feel/org.openSUSE.desktop/contents/components/UserDelegate.qml with a text
> editor accordingly:
> @@ -28,6 +@@ -28,6 +28,7 @@ Item {
>
>      property bool isCurrent: true
>
> +    readonly property var m: model
>      property string name
>      property string userName
>      property string avatarPath

Changed the file and switch user works again.

Thanks a lot!
Karl

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: ??? changelog posting/archiving relevance ??? (was: New Tumbleweed snapshot 20171009)

Peter Suetterlin
In reply to this post by Felix Miata-3
Felix Miata wrote:
> Dominique Leuenberger composed on 2017-10-11 01:39 (UTC+0200):
>
> [roughly 173kb archived, approximately 70% of which is Firefox]

Yeah, we had that earlier, with several thousand lines of changelog.
At that time someone said there'd be work in progress to supress this in
future.

Seems not to work....
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]