1. 03 Sep, 2020 2 commits
  2. 25 Aug, 2020 1 commit
  3. 03 Sep, 2020 1 commit
  4. 07 Aug, 2020 3 commits
  5. 28 Jul, 2020 1 commit
    • Mike Hommey's avatar
      Import Debian changes 68.11.0esr-1~deb10u1 · a2c11177
      Mike Hommey authored
      firefox-esr (68.11.0esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release
        * Fixes for mfsa2020-31, also known as:
          CVE-2020-15652, CVE-2020-6514, CVE-2020-6463, CVE-2020-15659.
      a2c11177
  6. 13 Jul, 2020 1 commit
  7. 07 Jul, 2020 2 commits
  8. 01 Jul, 2020 1 commit
    • Mike Hommey's avatar
      Import Debian changes 68.10.0esr-1~deb10u1 · 46495816
      Mike Hommey authored
      firefox-esr (68.10.0esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release
        * Fixes for mfsa2020-25, also known as:
          CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420,
          CVE-2020-12421.
      
      firefox-esr (68.9.0esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release
        * Fixes for mfsa2020-21, also known as:
          CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410.
      
        * debian/rules: Force using old PKCS11 API when building against newer NSS
          releases. Closes: #961762.
        * debian/control*: Bump nss build dependencies.
      46495816
  9. 11 Jun, 2020 2 commits
  10. 26 May, 2020 1 commit
  11. 18 May, 2020 1 commit
  12. 05 May, 2020 1 commit
    • Mike Hommey's avatar
      Import Debian changes 68.8.0esr-1~deb10u1 · e7d1f06e
      Mike Hommey authored
      firefox-esr (68.8.0esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release
        * Fixes for mfsa2020-17, also known as:
          CVE-2020-12387, CVE-2020-6831, CVE-2020-12392, CVE-2020-12395.
      e7d1f06e
  13. 30 Apr, 2020 1 commit
  14. 29 Apr, 2020 1 commit
  15. 07 Apr, 2020 1 commit
    • Mike Hommey's avatar
      Import Debian changes 68.7.0esr-1~deb10u1 · dee4b161
      Mike Hommey authored
      firefox-esr (68.7.0esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release
        * Fixes for mfsa2020-13, also known as:
          CVE-2020-6821, CVE-2020-6822, CVE-2020-6825.
      
      firefox-esr (68.6.1esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release
        * Fixes for mfsa2020-11, also known as: CVE-2020-6819, CVE-2020-6820.
      dee4b161
  16. 30 Mar, 2020 1 commit
  17. 18 Mar, 2020 1 commit
  18. 10 Mar, 2020 1 commit
    • Mike Hommey's avatar
      Import Debian changes 68.6.0esr-1~deb10u1 · 65649dfb
      Mike Hommey authored
      firefox-esr (68.6.0esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release
        * Fixes for mfsa2020-09, also known as:
          CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811,
          CVE-2019-20503, CVE-2020-6812, CVE-2020-6814.
      65649dfb
  19. 13 Feb, 2020 3 commits
    • Apertis CI's avatar
      Import Upstream version 68.5.0esr · 915cb2b9
      Apertis CI authored
      915cb2b9
    • Andrew Lee (李健秋)'s avatar
      241e0c10
    • Mike Hommey's avatar
      Import Debian changes 68.4.1esr-1~deb10u1 · 53ab984b
      Mike Hommey authored
      firefox-esr (68.4.1esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release.
        * Fix for mfsa2020-03, also known as CVE-2019-17026.
      
      firefox-esr (68.4.0esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2020-02, also known as:
          CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024.
      
        * debian/rules: Don't build with --compress-debug-sections on jessie.
        * debian/rules: Use sourcestamp.txt for MOZ_BUILD_DATE. Closes: #946193.
      
        * sourcestamp.txt: Fill with the missing info.
        * intl/icu_sources_data.py: Don't build ICU in parallel.
        * gfx/skia/skia/third_party/skcms/src/Transform_inl.h: Work around older
          GCC ICEs on arm.
          (Thanks Emilio Pozuelo Monfort)
      
      firefox-esr (68.3.0esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-37, also known as:
          CVE-2019-17008, CVE-2019-11745, CVE-2019-17010, CVE-2019-17005,
          CVE-2019-17011, CVE-2019-17012.
      
        * debian/control*: Bump nss build dependencies.
        * debian/rules, debian/control.in:
          - Build with nodejs-mozilla on jessie and stretch.
          - Build with nasm-mozilla on jessie and stretch.
          - Don't build with system libvpx on stretch.
          (Thanks Emilio Pozuelo Monfort)
      53ab984b
  20. 11 Feb, 2020 2 commits
  21. 08 Jan, 2020 1 commit
    • Mike Hommey's avatar
      Import Debian changes 68.4.1esr-1~deb10u1 · db812b18
      Mike Hommey authored
      firefox-esr (68.4.1esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release.
        * Fix for mfsa2020-03, also known as CVE-2019-17026.
      
      firefox-esr (68.4.0esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2020-02, also known as:
          CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024.
      
        * debian/rules: Don't build with --compress-debug-sections on jessie.
        * debian/rules: Use sourcestamp.txt for MOZ_BUILD_DATE. Closes: #946193.
      
        * sourcestamp.txt: Fill with the missing info.
        * intl/icu_sources_data.py: Don't build ICU in parallel.
        * gfx/skia/skia/third_party/skcms/src/Transform_inl.h: Work around older
          GCC ICEs on arm.
          (Thanks Emilio Pozuelo Monfort)
      
      firefox-esr (68.3.0esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-37, also known as:
          CVE-2019-17008, CVE-2019-11745, CVE-2019-17010, CVE-2019-17005,
          CVE-2019-17011, CVE-2019-17012.
      
        * debian/control*: Bump nss build dependencies.
        * debian/rules, debian/control.in:
          - Build with nodejs-mozilla on jessie and stretch.
          - Build with nasm-mozilla on jessie and stretch.
          - Don't build with system libvpx on stretch.
          (Thanks Emilio Pozuelo Monfort)
      
      firefox-esr (68.2.0esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-33, also known as:
          CVE-2019-15903, CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,
          CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
          CVE-2019-11764.
      
      firefox-esr (68.1.0esr-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-26, also known as
          CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11752,
          CVE-2019-9812, CVE-2019-11743, CVE-2019-11748, CVE-2019-11749,
          CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735,
          CVE-2019-11740.
      
        * debian/upstream.mk: Read source repo and revision from json when
          getting upstream info. Instead of the .txt file that doesn't exist
          as of 69.
        * debian/control*:
          - Remove unused build dependency against python-ply.
          - Remove python-minimal build dependency. All supported versions
            of Debian have a new enough version.
        * debian/l10n/gen, debian/latest_nightly.py, debian/rules,
          debian/symbols.mk, debian/upstream.mk, debian/watch: Use explicit
          python2.7 instead of python.
      
      firefox-esr (68.0.2esr-1) unstable; urgency=medium
      
        * New upstream ESR release.
      
      firefox (68.0.2-3) unstable; urgency=medium
      
        * debian/control.in: Take source package name from preprocessing.
      
        * build/moz.configure/old.configure: Avoid race condition creating
          old-configure. bz#1574761.
        * dom/media/systemservices/CamerasChild.cpp,
          dom/media/systemservices/CamerasParent.cpp,
          dom/media/systemservices/VideoEngine.cpp,
          dom/media/webrtc/MediaEngineRemoteVideoSource.cpp: Don't use
          __PRETTY_FUNCTION__ or __FUNCTION__ as format strings. bz#1531309.
          Closes: #925680.
      
      firefox (68.0.2-2) unstable; urgency=medium
      
        * debian/rules: Fix MOZ_APP_REMOTINGNAME. Upstream build system changes
          made the config.status editing trick stop working. Export the variable for
          configure to pick it instead. Closes: #932256
      
      firefox (68.0.2-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-24, also known as CVE-2019-11733.
      
        * debian/control*, debian/rules: Don't build against system vpx >= 1.8.0.
          It has API changes that cause FTBFS.
      
      firefox (68.0.1-2) unstable; urgency=medium
      
        * debian/rules: Work around https://github.com/rust-lang/cargo/issues/7147.
      
      firefox (68.0.1-1) unstable; urgency=medium
      
        * New upstream release.
      
        * debian/rules:
          - Hook stamps/dh_install-l10n to override_dh_install-indep rather than
            binary-indep.
          - Pass make job server down through dh_auto_build.
        * debian/rules, debian/dh: Wrap dh to ensure debian/rules is invoked with
          parallelism.
      
      firefox (68.0-3) unstable; urgency=medium
      
        * debian/browser.README.Debian.in: Fix a reference to iceweasel in
          README.Debian. Thanks Edward Betts.
        * debian/rules:
          - Only exclude "-g" from dpkg-buildflags output. All the other flags
            that used to be excluded either already match upstream or add
            reproducibility.
          - Don't unexpectedly reset LDFLAGS.
          - [firefox-esr] Remove iceweasel transitional packages on bullseye.
          - Disable dh_strip_nondeterminism. Upstream build system already avoids
            non-determinism it would strip, so there is no need for it further
            modifying files.
          - Avoid arch:all builds building arch:any stuff.
          - Move AUTOCONF_DIRS cleanup after dh_clean.
          - Add rust flags to improve reproducibility.
          - Only touch or remove configure when it wasn't there to begin with.
          - Call configure using its full path.
          - Factor common configure arguments.
          - Build langpacks with --disable-compile-environment, and pass less
            configure arguments.
          - Build each langpack from a separate build directory. This means time
            wasted running configure more times, but all locales can now be built
            in parallel.
        * debian/symbols.mk, debian/symbols.apt.conf, debian/symbols.sources.list:
          Miscellaneous changes to symbols download script.
        * debian/make.mk: Exclude symbols.mk variables from dump output.
        * debian/browser.mozconfig.in: Remove redundant --prefix=/usr.
        * debian/control.in, debian/rules, debian/symbols.mk, debian/upstream.mk:
          Remove packaging scripts compatibility with Wheezy.
      
        * moz.configure: Only add confvars.sh as a dependency to config.status
          when it exists. bz#1560340.
      
      firefox (68.0-2) unstable; urgency=medium
      
        * debian/rules, debian/upstream.mk: Account for next Debian release.
        * debian/rules, debian/control: Build against system sqlite again.
      
        * gfx/skia/skia/third_party/skcms/src/Transform_inl.h: Work around GCC ICE
          on mips*, i386 and s390x.  Closes: #931757
        * python/mozbuild/mozbuild/action/langpack_manifest.py: Use build id as
          langpack version for reproducibility. bz#1565504.
      
      firefox (68.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-21, also known as:
          CVE-2019-9811, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713,
          CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717,
          CVE-2019-11718, CVE-2019-11720, CVE-2019-11721, CVE-2019-11730,
          CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727,
          CVE-2019-11728, CVE-2019-11710, CVE-2019-11709.
      
        * debian/control*: Bump nss, sqlite, rustc, cargo and cbindgen build
          dependencies. Remove Build-Conflicts with nss 3.44-1, since we now
          build-depend on a more recent version.
        * debian/rules, debian/control: Don't build against system sqlite, as
          Debian doesn't have the required version yet.
        * [firefox-esr] debian/l10n/browser-l10n.control*, debian/l10n/gen:
          Don't generate iceweasel l10n transition packages for locales that
          were never offered with iceweasel.
        * debian/control, debian/l10n/browser-l10n.control.in: Add transition
          dependencies for Bengali l10n. There is now only one Bengali l10n
          package instead of two.
        * debian/rules: Disable JIT at build time on mips because it fails to build.
      
        * build/gyp.mozbuild: Revert patch that disables libyuv assembly on
          mips64. It apparently compiles, now.
      
      firefox (67.0.4-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-19, also known as CVE-2019-11708.
      
      firefox (67.0.3-2) unstable; urgency=medium
      
        * python/mozbuild/mozbuild/action/node.py: Attempt to work around make issue
          happening on arch: all buildd.
      
      firefox (67.0.3-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-18, also known as CVE-2019-11707.
      
      firefox (67.0.2-1) unstable; urgency=medium
      
        * New upstream release.
      
      firefox (67.0.1-1) unstable; urgency=medium
      
        * New upstream release.
      
      firefox (67.0-4) unstable; urgency=medium
      
        * debian/rules: Work around FTBFS on mips* by disabling webrtc
          Build fails because of missing configurations for mips*.
        * debian/control*: Build-Conflicts with libnss3-dev 2:3.44-1.
          Closes: #929846.
      
        * js/src/jit/mips32/MacroAssembler-mips32-inl.h: Fix FTBFS on mips/mipsel.
          bz#1556197.
      
      firefox (67.0-3) unstable; urgency=medium
      
        * media/webrtc/trunk/webrtc/system_wrappers/source/cpu_features.cc: Remove
          WebRtc_GetCPUFeaturesARM from cpu_features.cc. It is already in
          cpu_features_linux.c (and is not in cpu_features.cc in webrtc upstream).
          Fixes FTBFS on armhf. bz#1523162.
      
      firefox (67.0-2) unstable; urgency=medium
      
        * debian/extra-stuff/addonsInfo.jsm:
          - Avoid running -dumps-addons-info without a running Firefox counting as a
            crash.
          - Support addons in resource:// locations in -dump-addons-info
      
        * js/src/wasm/WasmSignalHandlers.cpp: Include struct definitions for
          user_vfp and user_vfp_exc. Fixes FTBFS on armhf. bz#1526653.
        * js/src/jit/mips*/MacroAssembler-mips*-inl.h,
          js/src/jit/mips*/Trampoline-mips*.cpp: Fix functions: branchTestBigInt,
          negPtr, generateVMWrapper on MIPS. bz#1544631.
        * toolkit/modules/sessionstore/PrivacyFilter.jsm: Update and harden form
          data filtering for privacy to account for no data being passed in.
          bz#1553413.
      
      firefox (67.0-1) experimental; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-13, also known as:
          CVE-2019-9816, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820,
          CVE-2019-9821, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693,
          CVE-2019-7317, CVE-2019-11695, CVE-2019-11696, CVE-2019-11697,
          CVE-2019-11698, CVE-2019-11699, CVE-2019-11701, CVE-2019-9814,
          CVE-2019-9800.
        * Upload to experimental because the required cbindgen is not available in
          unstable.
      
        * debian/control*: Bump nspr, sqlite, rustc, cargo and cbindgen build
          dependencies.
        * debian/extra-stuff/addonsInfo.*, debian/extra-stuff/moz.build,
          debian/installer/package-manifest.browser, debian/rules:
          Modernize addonsInfo per bz#1431533, bz#1432992, bz#1514594, bz#1524688,
          etc.
      
      firefox (66.0.5-1) unstable; urgency=medium
      
        * New upstream release.
          - Additional fixes for addon signature validation.
      
      firefox (66.0.4-1) unstable; urgency=medium
      
        * New upstream release.
          - Fixes issues with addon signature validation. Closes: #928417.
          Note: this didn't affect addons installed via Debian packages.
      
      firefox (66.0.1-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-09, also known as:
          CVE-2019-9810, CVE-2019-9813.
      
        * debian/control*: Bump nss, sqlite, rustc, cargo and cbindgen build
          dependencies.
      
      firefox (66.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-07, also known as:
          CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793,
          CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799,
          CVE-2019-9802, CVE-2019-9803, CVE-2019-9805, CVE-2019-9806,
          CVE-2019-9807, CVE-2019-9809, CVE-2019-9808, CVE-2019-9789,
          CVE-2019-9788.
      
        * debian/browser.mozconfig.in: Adjust to the upstream change wrt Google
          API key configure options.
        * debian/control*: Add nasm build dependency on amd64 and i386.
      
      firefox (65.0.1-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-04, also known as:
          CVE-2018-18356, CVE-2019-5795, CVE-2018-18511.
      
        * debian/rules, debian/upstream.mk: Manually set the update channel.
          Closes: #921381, #921121, #921654.
        * debian/rules: Build with -mfp32 on mips and mipsel. This should fix the
          FTBFS.
      
      firefox (65.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-01, also known as:
          CVE-2018-18500, CVE-2018-18503, CVE-2018-18504, CVE-2018-18505,
          CVE-2018-18506, CVE-2018-18502, CVE-2018-18501.
      
        * debian/control*: Bump nss, sqlite, rustc, cargo and cbindgen build
          dependencies.
        * debian/browser.install.in: Install libmozwayland.so.
      
      firefox (64.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2018-29, also known as:
          CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493,
          CVE-2018-18494, CVE-2018-18495, CVE-2018-18496, CVE-2018-18497,
          CVE-2018-18498, CVE-2018-12406, CVE-2018-12405.
      
        * debian/rules, debian/browser.install.in: Properly copy the watermark
          to /usr/share/icons/hicolor/symbolic/apps.
        * debian/rules: Disable debug symbols on 32-bits architectures, that
          requires too much memory.
        * debian/browser.mozconfig.in:
          - Remove --enable-pie option, it's the default, now.
          - Remove --disable-nodejs now that it's required.
        * debian/control*:
          - Bump rustc, cargo, cbindgen, nss and sqlite dependencies.
          - Add nodejs build dependency.
        * debian/browser-symbolic.svg.in: Import the watermark used for the
          symbolic icon in the debian/ directory.
      
      firefox (63.0.3-1) unstable; urgency=medium
      
        * New upstream release.
      
        * debian/control*: Build depend on unversioned clang/llvm.
          Closes: #912802.
        * debian/rules: Use embedded libevent in backports. Closes: #910397.
        * debian/rules: Use GNU gold linker on i386 because BFD ld fails to link
          libxul.so (memory exhausted).
      
        * build/unix/elfhack/test.c: Try to ensure the bss section of the
          elfhack testcase stays large enough. bz#1505608.
        * memory/build/mozjemalloc.cpp: Fix run sizes for size classes >= 16KB
          on systems with large pages. bz#1507035. Closes: #911898.
        * media/libaom/moz.build: Use NEON_FLAGS instead of VPX_ASFLAGS for
          libaom neon code.
        * gfx/cairo/libpixman/src/pixman-vmx.c: Protect #include <config.h> in
          pixman-vmx.c like in other pixman-*.c files
      
      firefox (63.0.1-1) unstable; urgency=medium
      
        * New upstream release.
        * debian/google.key: Use new Google API key, courtesy of Francois Marier.
      
      firefox (63.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2018-26, also known as:
          CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396,
          CVE-2018-12397, CVE-2018-12398, CVE-2018-12399, CVE-2018-12401,
          CVE-2018-12402, CVE-2018-12403, CVE-2018-12388, CVE-2018-12390.
      
        * debian/control*:
          - Bump nss dependency.
          - Add build dependency on cbindgen.
        * debian/browser.mozconfig.in: Disable nodejs until it's actually necessary.
        * debian/rules: Add -Wl,--compress-debug-sections=zlib to LDFLAGS to work
          around elfhack failing with unstripped binaries larger than 2GiB.
      
      firefox (62.0.3-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2018-24, also known as:
          CVE-2018-12386, CVE-2018-12387.
      
        * debian/extra-stuff/addonsInfo.js: Fixes to work with recent versions
          of Firefox. Closes: #909056.
        * debian/control*, debian/browser.mozconfig.in: Build ALSA support.
          Closes: #864987, #900062, #908349
      
      firefox (62.0.2-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2018-22, also known as CVE-2018-12385.
        * Ignore locale change events for the search service on shutdown.
          bz#1489820. Closes: #908932.
      
        * debian/control*:
          - Remove the sqlite and nss dependencies when not building against the
            system libraries.
          - Enforce nss, nspr and sqlite dependencies to the same versions as
            build dependencies. There are subtle non-ABI differences between
            versions that Firefox might be relying on (be it features, behavior
            changes/fixes, etc.) and can cause subtle problems when older
            versions are used. Closes: #908225, #908520.
          - Add a suggestion for pulseaudio.
        * debian/rules, debian/control: Add libavcodec-extra* packages to the list
          of recommends. Closes: #909130
      
        * js/src/jit/BaselineJIT.h: Disable baseline JIT when SSE2 is not supported
          at runtime. bz#1492064. Closes: #908396, #908449.
        * gfx/2d/Swizzle.cpp: Use Swizzle fallback when SSE2 is not supported.
          bz#1492065. Closes: #877445.
      
      firefox (62.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2018-20, also known as:
          CVE-2018-12377, CVE-2018-12378, CVE-2018-12383, CVE-2018-12375,
          CVE-2018-12376.
      
        * debian/control*:
          - Bump nss and sqlite build dependencies.
          - Build depend on llvm/clang 6.0 for buster. Closes: #906175.
        * debian/browser.mozconfig.in, debian/control*, debian/rules: Remove
          build dependency on libbz2-dev. It's not used anymore.
        * debian/noinstall.in: Remove the dictionaries directory, not part
          of the packaged Firefox anymore.
        * debian/l10n/gen: Use iso-codes json data instead of XML when present.
          Closes: #907611.
      
        * widget/gtk/nsAppShell.cpp: Use remoting name for call to
          gdk_set_program_class. Closes: #907574.
      
      firefox (61.0.1-1) unstable; urgency=medium
      
        * New upstream release.
      
      firefox (61.0-2) unstable; urgency=medium
      
        * debian/browser.mozconfig.in, debian/control*, debian/rules: Remove
          build dependency on system libhunspell. Using system hunspell lacks
          features required by Firefox. Next version of Firefox doesn't allow
          to build against system hunspell anyways. Closes: #900469.
        * debian/browser.links.in, debian/rules, debian/vendor.js: Use the
          spellchecker.dictionary_path pref to set the hunspell directory.
        * debian/browser.mozconfig.in: Allow unsigned addons in app and system
          scopes.
        * debian/rules: Work around the effect the above has on the
          --{enable,with}-system-* check.
        * debian/control*: Remove old conflicts. Thanks Sylvestre Ledru.
          Closes: #882956.
        * debian/l10n/recommends, debian/l10n/browser-l10n.control,
          debian/control: Update dictionary recommendations, following these rules:
          - Transitional myspell packages are not listed except when stable
            doesn't have the corresponding hunspell package.
          - Both hunspell and myspell packages are listed if they are different.
          Closes: #813832, #825843
        * debian/copyright, debian/rules: Refer to /usr/share/common-licenses/MPL*
          instead of installing our own copy. Closes: #704303.
        * debian/make.mk: Use the same code as dump target for the dump-% target.
        * debian/control*, debian/rules: Add Recommends on all supported libavcodec
          libraries for h264 playback. Closes: #901600.
      
        * toolkit/modules/AppConstants.jsm, toolkit/modules/moz.build,
          toolkit/moz.configure, toolkit/mozapps/extensions/internal/XPIInstall.jsm,
          toolkit/mozapps/extensions/content/extensions.js,
          toolkit/mozapps/extensions/internal/XPIDatabase.jsm: Change how addon
          signature requirement relaxation is done. Closes: #899390.
      
      firefox (61.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2018-15, also known as:
          CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12358,
          CVE-2018-12362, CVE-2018-5156, CVE-2018-12363, CVE-2018-12364,
          CVE-2018-12365, CVE-2018-12371, CVE-2018-12366, CVE-2018-12367,
          CVE-2018-12369, CVE-2018-12370, CVE-2018-5186, CVE-2018-5187,
          CVE-2018-5188.
      
        * debian/control*:
          - Bump nss and sqlite build dependencies.
          - Add a build dependency on python3.
        * debian/browser.install.in: Adjust to upstream changes.
        * debian/vendor.js: Relax the addon signature requirements.
      
        * toolkit/mozapps/extensions/content/extensions.js,
          toolkit/mozapps/extensions/internal/XPIDatabase.jsm: Allow to relax the
          addon signature requirements.
      db812b18
  22. 04 Nov, 2019 1 commit
  23. 29 Oct, 2019 2 commits
    • Mike Hommey's avatar
      Import Debian changes 68.2.0esr-1~deb10u1 · 7c9c5eb0
      Mike Hommey authored
      firefox-esr (68.2.0esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-33, also known as:
          CVE-2019-15903, CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,
          CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
          CVE-2019-11764.
      
      firefox-esr (68.1.0esr-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-26, also known as
          CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11752,
          CVE-2019-9812, CVE-2019-11743, CVE-2019-11748, CVE-2019-11749,
          CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735,
          CVE-2019-11740.
      
        * debian/upstream.mk: Read source repo and revision from json when
          getting upstream info. Instead of the .txt file that doesn't exist
          as of 69.
        * debian/control*:
          - Remove unused build dependency against python-ply.
          - Remove python-minimal build dependency. All supported versions
            of Debian have a new enough version.
        * debian/l10n/gen, debian/latest_nightly.py, debian/rules,
          debian/symbols.mk, debian/upstream.mk, debian/watch: Use explicit
          python2.7 instead of python.
      
      firefox-esr (68.0.2esr-1) unstable; urgency=medium
      
        * New upstream ESR release.
      
      firefox (68.0.2-3) unstable; urgency=medium
      
        * debian/control.in: Take source package name from preprocessing.
      
        * build/moz.configure/old.configure: Avoid race condition creating
          old-configure. bz#1574761.
        * dom/media/systemservices/CamerasChild.cpp,
          dom/media/systemservices/CamerasParent.cpp,
          dom/media/systemservices/VideoEngine.cpp,
          dom/media/webrtc/MediaEngineRemoteVideoSource.cpp: Don't use
          __PRETTY_FUNCTION__ or __FUNCTION__ as format strings. bz#1531309.
          Closes: #925680.
      
      firefox (68.0.2-2) unstable; urgency=medium
      
        * debian/rules: Fix MOZ_APP_REMOTINGNAME. Upstream build system changes
          made the config.status editing trick stop working. Export the variable for
          configure to pick it instead. Closes: #932256
      
      firefox (68.0.2-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-24, also known as CVE-2019-11733.
      
        * debian/control*, debian/rules: Don't build against system vpx >= 1.8.0.
          It has API changes that cause FTBFS.
      
      firefox (68.0.1-2) unstable; urgency=medium
      
        * debian/rules: Work around https://github.com/rust-lang/cargo/issues/7147.
      
      firefox (68.0.1-1) unstable; urgency=medium
      
        * New upstream release.
      
        * debian/rules:
          - Hook stamps/dh_install-l10n to override_dh_install-indep rather than
            binary-indep.
          - Pass make job server down through dh_auto_build.
        * debian/rules, debian/dh: Wrap dh to ensure debian/rules is invoked with
          parallelism.
      
      firefox (68.0-3) unstable; urgency=medium
      
        * debian/browser.README.Debian.in: Fix a reference to iceweasel in
          README.Debian. Thanks Edward Betts.
        * debian/rules:
          - Only exclude "-g" from dpkg-buildflags output. All the other flags
            that used to be excluded either already match upstream or add
            reproducibility.
          - Don't unexpectedly reset LDFLAGS.
          - [firefox-esr] Remove iceweasel transitional packages on bullseye.
          - Disable dh_strip_nondeterminism. Upstream build system already avoids
            non-determinism it would strip, so there is no need for it further
            modifying files.
          - Avoid arch:all builds building arch:any stuff.
          - Move AUTOCONF_DIRS cleanup after dh_clean.
          - Add rust flags to improve reproducibility.
          - Only touch or remove configure when it wasn't there to begin with.
          - Call configure using its full path.
          - Factor common configure arguments.
          - Build langpacks with --disable-compile-environment, and pass less
            configure arguments.
          - Build each langpack from a separate build directory. This means time
            wasted running configure more times, but all locales can now be built
            in parallel.
        * debian/symbols.mk, debian/symbols.apt.conf, debian/symbols.sources.list:
          Miscellaneous changes to symbols download script.
        * debian/make.mk: Exclude symbols.mk variables from dump output.
        * debian/browser.mozconfig.in: Remove redundant --prefix=/usr.
        * debian/control.in, debian/rules, debian/symbols.mk, debian/upstream.mk:
          Remove packaging scripts compatibility with Wheezy.
      
        * moz.configure: Only add confvars.sh as a dependency to config.status
          when it exists. bz#1560340.
      
      firefox (68.0-2) unstable; urgency=medium
      
        * debian/rules, debian/upstream.mk: Account for next Debian release.
        * debian/rules, debian/control: Build against system sqlite again.
      
        * gfx/skia/skia/third_party/skcms/src/Transform_inl.h: Work around GCC ICE
          on mips*, i386 and s390x.  Closes: #931757
        * python/mozbuild/mozbuild/action/langpack_manifest.py: Use build id as
          langpack version for reproducibility. bz#1565504.
      
      firefox (68.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-21, also known as:
          CVE-2019-9811, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713,
          CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717,
          CVE-2019-11718, CVE-2019-11720, CVE-2019-11721, CVE-2019-11730,
          CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727,
          CVE-2019-11728, CVE-2019-11710, CVE-2019-11709.
      
        * debian/control*: Bump nss, sqlite, rustc, cargo and cbindgen build
          dependencies. Remove Build-Conflicts with nss 3.44-1, since we now
          build-depend on a more recent version.
        * debian/rules, debian/control: Don't build against system sqlite, as
          Debian doesn't have the required version yet.
        * [firefox-esr] debian/l10n/browser-l10n.control*, debian/l10n/gen:
          Don't generate iceweasel l10n transition packages for locales that
          were never offered with iceweasel.
        * debian/control, debian/l10n/browser-l10n.control.in: Add transition
          dependencies for Bengali l10n. There is now only one Bengali l10n
          package instead of two.
        * debian/rules: Disable JIT at build time on mips because it fails to build.
      
        * build/gyp.mozbuild: Revert patch that disables libyuv assembly on
          mips64. It apparently compiles, now.
      
      firefox (67.0.4-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-19, also known as CVE-2019-11708.
      
      firefox (67.0.3-2) unstable; urgency=medium
      
        * python/mozbuild/mozbuild/action/node.py: Attempt to work around make issue
          happening on arch: all buildd.
      
      firefox (67.0.3-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-18, also known as CVE-2019-11707.
      
      firefox (67.0.2-1) unstable; urgency=medium
      
        * New upstream release.
      
      firefox (67.0.1-1) unstable; urgency=medium
      
        * New upstream release.
      
      firefox (67.0-4) unstable; urgency=medium
      
        * debian/rules: Work around FTBFS on mips* by disabling webrtc
          Build fails because of missing configurations for mips*.
        * debian/control*: Build-Conflicts with libnss3-dev 2:3.44-1.
          Closes: #929846.
      
        * js/src/jit/mips32/MacroAssembler-mips32-inl.h: Fix FTBFS on mips/mipsel.
          bz#1556197.
      
      firefox (67.0-3) unstable; urgency=medium
      
        * media/webrtc/trunk/webrtc/system_wrappers/source/cpu_features.cc: Remove
          WebRtc_GetCPUFeaturesARM from cpu_features.cc. It is already in
          cpu_features_linux.c (and is not in cpu_features.cc in webrtc upstream).
          Fixes FTBFS on armhf. bz#1523162.
      
      firefox (67.0-2) unstable; urgency=medium
      
        * debian/extra-stuff/addonsInfo.jsm:
          - Avoid running -dumps-addons-info without a running Firefox counting as a
            crash.
          - Support addons in resource:// locations in -dump-addons-info
      
        * js/src/wasm/WasmSignalHandlers.cpp: Include struct definitions for
          user_vfp and user_vfp_exc. Fixes FTBFS on armhf. bz#1526653.
        * js/src/jit/mips*/MacroAssembler-mips*-inl.h,
          js/src/jit/mips*/Trampoline-mips*.cpp: Fix functions: branchTestBigInt,
          negPtr, generateVMWrapper on MIPS. bz#1544631.
        * toolkit/modules/sessionstore/PrivacyFilter.jsm: Update and harden form
          data filtering for privacy to account for no data being passed in.
          bz#1553413.
      
      firefox (67.0-1) experimental; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-13, also known as:
          CVE-2019-9816, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820,
          CVE-2019-9821, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693,
          CVE-2019-7317, CVE-2019-11695, CVE-2019-11696, CVE-2019-11697,
          CVE-2019-11698, CVE-2019-11699, CVE-2019-11701, CVE-2019-9814,
          CVE-2019-9800.
        * Upload to experimental because the required cbindgen is not available in
          unstable.
      
        * debian/control*: Bump nspr, sqlite, rustc, cargo and cbindgen build
          dependencies.
        * debian/extra-stuff/addonsInfo.*, debian/extra-stuff/moz.build,
          debian/installer/package-manifest.browser, debian/rules:
          Modernize addonsInfo per bz#1431533, bz#1432992, bz#1514594, bz#1524688,
          etc.
      
      firefox (66.0.5-1) unstable; urgency=medium
      
        * New upstream release.
          - Additional fixes for addon signature validation.
      
      firefox (66.0.4-1) unstable; urgency=medium
      
        * New upstream release.
          - Fixes issues with addon signature validation. Closes: #928417.
          Note: this didn't affect addons installed via Debian packages.
      
      firefox (66.0.1-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-09, also known as:
          CVE-2019-9810, CVE-2019-9813.
      
        * debian/control*: Bump nss, sqlite, rustc, cargo and cbindgen build
          dependencies.
      
      firefox (66.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-07, also known as:
          CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793,
          CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799,
          CVE-2019-9802, CVE-2019-9803, CVE-2019-9805, CVE-2019-9806,
          CVE-2019-9807, CVE-2019-9809, CVE-2019-9808, CVE-2019-9789,
          CVE-2019-9788.
      
        * debian/browser.mozconfig.in: Adjust to the upstream change wrt Google
          API key configure options.
        * debian/control*: Add nasm build dependency on amd64 and i386.
      
      firefox (65.0.1-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-04, also known as:
          CVE-2018-18356, CVE-2019-5795, CVE-2018-18511.
      
        * debian/rules, debian/upstream.mk: Manually set the update channel.
          Closes: #921381, #921121, #921654.
        * debian/rules: Build with -mfp32 on mips and mipsel. This should fix the
          FTBFS.
      
      firefox (65.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-01, also known as:
          CVE-2018-18500, CVE-2018-18503, CVE-2018-18504, CVE-2018-18505,
          CVE-2018-18506, CVE-2018-18502, CVE-2018-18501.
      
        * debian/control*: Bump nss, sqlite, rustc, cargo and cbindgen build
          dependencies.
        * debian/browser.install.in: Install libmozwayland.so.
      
      firefox (64.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2018-29, also known as:
          CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493,
          CVE-2018-18494, CVE-2018-18495, CVE-2018-18496, CVE-2018-18497,
          CVE-2018-18498, CVE-2018-12406, CVE-2018-12405.
      
        * debian/rules, debian/browser.install.in: Properly copy the watermark
          to /usr/share/icons/hicolor/symbolic/apps.
        * debian/rules: Disable debug symbols on 32-bits architectures, that
          requires too much memory.
        * debian/browser.mozconfig.in:
          - Remove --enable-pie option, it's the default, now.
          - Remove --disable-nodejs now that it's required.
        * debian/control*:
          - Bump rustc, cargo, cbindgen, nss and sqlite dependencies.
          - Add nodejs build dependency.
        * debian/browser-symbolic.svg.in: Import the watermark used for the
          symbolic icon in the debian/ directory.
      
      firefox (63.0.3-1) unstable; urgency=medium
      
        * New upstream release.
      
        * debian/control*: Build depend on unversioned clang/llvm.
          Closes: #912802.
        * debian/rules: Use embedded libevent in backports. Closes: #910397.
        * debian/rules: Use GNU gold linker on i386 because BFD ld fails to link
          libxul.so (memory exhausted).
      
        * build/unix/elfhack/test.c: Try to ensure the bss section of the
          elfhack testcase stays large enough. bz#1505608.
        * memory/build/mozjemalloc.cpp: Fix run sizes for size classes >= 16KB
          on systems with large pages. bz#1507035. Closes: #911898.
        * media/libaom/moz.build: Use NEON_FLAGS instead of VPX_ASFLAGS for
          libaom neon code.
        * gfx/cairo/libpixman/src/pixman-vmx.c: Protect #include <config.h> in
          pixman-vmx.c like in other pixman-*.c files
      
      firefox (63.0.1-1) unstable; urgency=medium
      
        * New upstream release.
        * debian/google.key: Use new Google API key, courtesy of Francois Marier.
      
      firefox (63.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2018-26, also known as:
          CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396,
          CVE-2018-12397, CVE-2018-12398, CVE-2018-12399, CVE-2018-12401,
          CVE-2018-12402, CVE-2018-12403, CVE-2018-12388, CVE-2018-12390.
      
        * debian/control*:
          - Bump nss dependency.
          - Add build dependency on cbindgen.
        * debian/browser.mozconfig.in: Disable nodejs until it's actually necessary.
        * debian/rules: Add -Wl,--compress-debug-sections=zlib to LDFLAGS to work
          around elfhack failing with unstripped binaries larger than 2GiB.
      
      firefox (62.0.3-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2018-24, also known as:
          CVE-2018-12386, CVE-2018-12387.
      
        * debian/extra-stuff/addonsInfo.js: Fixes to work with recent versions
          of Firefox. Closes: #909056.
        * debian/control*, debian/browser.mozconfig.in: Build ALSA support.
          Closes: #864987, #900062, #908349
      
      firefox (62.0.2-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2018-22, also known as CVE-2018-12385.
        * Ignore locale change events for the search service on shutdown.
          bz#1489820. Closes: #908932.
      
        * debian/control*:
          - Remove the sqlite and nss dependencies when not building against the
            system libraries.
          - Enforce nss, nspr and sqlite dependencies to the same versions as
            build dependencies. There are subtle non-ABI differences between
            versions that Firefox might be relying on (be it features, behavior
            changes/fixes, etc.) and can cause subtle problems when older
            versions are used. Closes: #908225, #908520.
          - Add a suggestion for pulseaudio.
        * debian/rules, debian/control: Add libavcodec-extra* packages to the list
          of recommends. Closes: #909130
      
        * js/src/jit/BaselineJIT.h: Disable baseline JIT when SSE2 is not supported
          at runtime. bz#1492064. Closes: #908396, #908449.
        * gfx/2d/Swizzle.cpp: Use Swizzle fallback when SSE2 is not supported.
          bz#1492065. Closes: #877445.
      
      firefox (62.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2018-20, also known as:
          CVE-2018-12377, CVE-2018-12378, CVE-2018-12383, CVE-2018-12375,
          CVE-2018-12376.
      
        * debian/control*:
          - Bump nss and sqlite build dependencies.
          - Build depend on llvm/clang 6.0 for buster. Closes: #906175.
        * debian/browser.mozconfig.in, debian/control*, debian/rules: Remove
          build dependency on libbz2-dev. It's not used anymore.
        * debian/noinstall.in: Remove the dictionaries directory, not part
          of the packaged Firefox anymore.
        * debian/l10n/gen: Use iso-codes json data instead of XML when present.
          Closes: #907611.
      
        * widget/gtk/nsAppShell.cpp: Use remoting name for call to
          gdk_set_program_class. Closes: #907574.
      
      firefox (61.0.1-1) unstable; urgency=medium
      
        * New upstream release.
      
      firefox (61.0-2) unstable; urgency=medium
      
        * debian/browser.mozconfig.in, debian/control*, debian/rules: Remove
          build dependency on system libhunspell. Using system hunspell lacks
          features required by Firefox. Next version of Firefox doesn't allow
          to build against system hunspell anyways. Closes: #900469.
        * debian/browser.links.in, debian/rules, debian/vendor.js: Use the
          spellchecker.dictionary_path pref to set the hunspell directory.
        * debian/browser.mozconfig.in: Allow unsigned addons in app and system
          scopes.
        * debian/rules: Work around the effect the above has on the
          --{enable,with}-system-* check.
        * debian/control*: Remove old conflicts. Thanks Sylvestre Ledru.
          Closes: #882956.
        * debian/l10n/recommends, debian/l10n/browser-l10n.control,
          debian/control: Update dictionary recommendations, following these rules:
          - Transitional myspell packages are not listed except when stable
            doesn't have the corresponding hunspell package.
          - Both hunspell and myspell packages are listed if they are different.
          Closes: #813832, #825843
        * debian/copyright, debian/rules: Refer to /usr/share/common-licenses/MPL*
          instead of installing our own copy. Closes: #704303.
        * debian/make.mk: Use the same code as dump target for the dump-% target.
        * debian/control*, debian/rules: Add Recommends on all supported libavcodec
          libraries for h264 playback. Closes: #901600.
      
        * toolkit/modules/AppConstants.jsm, toolkit/modules/moz.build,
          toolkit/moz.configure, toolkit/mozapps/extensions/internal/XPIInstall.jsm,
          toolkit/mozapps/extensions/content/extensions.js,
          toolkit/mozapps/extensions/internal/XPIDatabase.jsm: Change how addon
          signature requirement relaxation is done. Closes: #899390.
      
      firefox (61.0-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2018-15, also known as:
          CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12358,
          CVE-2018-12362, CVE-2018-5156, CVE-2018-12363, CVE-2018-12364,
          CVE-2018-12365, CVE-2018-12371, CVE-2018-12366, CVE-2018-12367,
          CVE-2018-12369, CVE-2018-12370, CVE-2018-5186, CVE-2018-5187,
          CVE-2018-5188.
      
        * debian/control*:
          - Bump nss and sqlite build dependencies.
          - Add a build dependency on python3.
        * debian/browser.install.in: Adjust to upstream changes.
        * debian/vendor.js: Relax the addon signature requirements.
      
        * toolkit/mozapps/extensions/content/extensions.js,
          toolkit/mozapps/extensions/internal/XPIDatabase.jsm: Allow to relax the
          addon signature requirements.
      7c9c5eb0
    • Ritesh Raj Sarraf's avatar
      Import Upstream version 68.2.0esr · 15c36446
      Ritesh Raj Sarraf authored
      15c36446
  24. 05 Oct, 2019 2 commits
  25. 17 Aug, 2019 1 commit
  26. 02 Aug, 2019 1 commit
  27. 24 Jul, 2019 1 commit
  28. 23 Jul, 2019 1 commit
  29. 09 Jul, 2019 1 commit
    • Mike Hommey's avatar
      Import Debian changes 60.8.0esr-1~deb10u1 · c4ab490b
      Mike Hommey authored
      firefox-esr (60.8.0esr-1~deb10u1) buster-security; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-22, also known as:
          CVE-2019-9811, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713,
          CVE-2019-11729, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719,
          CVE-2019-11730, CVE-2019-11709.
      c4ab490b
  30. 20 Jun, 2019 1 commit
    • Mike Hommey's avatar
      Import Debian changes 60.7.2esr-1 · 34275a82
      Mike Hommey authored
      firefox-esr (60.7.2esr-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa219-19, also known as CVE-2019-11708.
      
      firefox-esr (60.7.1esr-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-18, also known as CVE-2019-11707.
      
      firefox-esr (60.7.0esr-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-14, also known as:
          CVE-2019-9816, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820,
          CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-7317,
          CVE-2019-9797, CVE-2018-18511, CVE-2019-11698, CVE-2019-5798,
          CVE-2019-9800.
      
        * debian/rules: Avoid rust build errors with newer versions of rustc by
          capping lints to warnings.
      
      firefox-esr (60.6.3esr-1) unstable; urgency=medium
      
        * New upstream release.
          - Additional fixes for addon signature validation.
      
      firefox-esr (60.6.2esr-1) unstable; urgency=medium
      
        * New upstream release.
          - Fixes issues with addon signature validation. Closes: #928415, #928449.
          Note: this didn't affect addons installed via Debian packages.
      
      firefox-esr (60.6.1esr-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-10, also known as:
          CVE-2019-9810, CVE-2019-9813.
      
      firefox-esr (60.6.0esr-1) unstable; urgency=medium
      
        * New upstream release.
        * Fixes for mfsa2019-08, also known as:
          CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793,
          CVE-2019-9795, CVE-2019-9796, CVE-2018-18506, CVE-2019-9788.
      
        * debian/rules: Disable debug symbols on mips/mipsel on buster.
          The rust compiler can't deal with them in the available address space.
        * debian/browser.mozconfig.in: Adjust to the upstream change wrt Google
          API key configure options.
      34275a82