- Mozilla Firefox 78.0.1

* Fixed an issue which could cause installed search engines to not
    be visible when upgrading from a previous release.
- enable MOZ_USE_XINPUT2 for TW (boo#1173320)
  * Protections Dashboard (about:protections)
  * WebRTC not interrupted by screensaver anymore
  * disabled TLS 1.0 and 1.1 by default
  MFSA 2020-24 (bsc#1173576)
  * CVE-2020-12415 (bmo#1586630)
    AppCache manifest poisoning due to url encoded character processing
  * CVE-2020-12416 (bmo#1639734)
    Use-after-free in WebRTC VideoBroadcaster
  * CVE-2020-12417 (bmo#1640737)
    Memory corruption due to missing sign-extension for ValueTags
    on ARM64
  * CVE-2020-12418 (bmo#1641303)
    Information disclosure due to manipulated URL object
  * CVE-2020-12419 (bmo#1643874)
    Use-after-free in nsGlobalWindowInner
  * CVE-2020-12420 (bmo#1643437)
    Use-After-Free when trying to connect to a STUN server
  * CVE-2020-12402 (bmo#1631597)
    RSA Key Generation vulnerable to side-channel attack
  * CVE-2020-12421 (bmo#1308251)
    Add-On updates did not respect the same certificate trust
    rules as software updates
  * CVE-2020-12422 (bmo#1450353)
    Integer overflow in nsJPEGEncoder::emptyOutputBuffer
  * CVE-2020-12423 (bmo#1642400)
    DLL Hijacking due to searching %PATH% for a library

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=835

MozillaFirefox.changes

@@ -1,9 +1,50 @@
+-------------------------------------------------------------------
+Wed Jul  1 07:15:02 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 78.0.1
+  * Fixed an issue which could cause installed search engines to not
+    be visible when upgrading from a previous release.
+- enable MOZ_USE_XINPUT2 for TW (boo#1173320)
+
 -------------------------------------------------------------------
 Sun Jun 28 07:17:13 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
 
 - Mozilla Firefox 78.0
   * startup notifications now using Gtk instead of libnotify
   * PDF downloads now show an option to open the PDF directly in Firefox
+  * Protections Dashboard (about:protections)
+  * WebRTC not interrupted by screensaver anymore
+  * disabled TLS 1.0 and 1.1 by default
+  MFSA 2020-24 (bsc#1173576)
+  * CVE-2020-12415 (bmo#1586630)
+    AppCache manifest poisoning due to url encoded character processing
+  * CVE-2020-12416 (bmo#1639734)
+    Use-after-free in WebRTC VideoBroadcaster
+  * CVE-2020-12417 (bmo#1640737)
+    Memory corruption due to missing sign-extension for ValueTags
+    on ARM64
+  * CVE-2020-12418 (bmo#1641303)
+    Information disclosure due to manipulated URL object
+  * CVE-2020-12419 (bmo#1643874)
+    Use-after-free in nsGlobalWindowInner
+  * CVE-2020-12420 (bmo#1643437)
+    Use-After-Free when trying to connect to a STUN server
+  * CVE-2020-12402 (bmo#1631597)
+    RSA Key Generation vulnerable to side-channel attack
+  * CVE-2020-12421 (bmo#1308251)
+    Add-On updates did not respect the same certificate trust
+    rules as software updates
+  * CVE-2020-12422 (bmo#1450353)
+    Integer overflow in nsJPEGEncoder::emptyOutputBuffer
+  * CVE-2020-12423 (bmo#1642400)
+    DLL Hijacking due to searching %PATH% for a library
+  * CVE-2020-12424 (bmo#1562600)
+    WebRTC permission prompt could have been bypassed by a
+    compromised content process
+  * CVE-2020-12425 (bmo#1634738)
+    Out of bound read in Date.parse()
+  * CVE-2020-12426 (bmo#1608068, bmo#1609951, bmo#1631187, bmo#1637682)
+    Memory safety bugs fixed in Firefox 78
 - requires
   * NSS >= 3.53.1
   * nodejs >= 10.21

MozillaFirefox.spec

@@ -26,8 +26,8 @@
 # major 69
 # mainver %major.99
 %define major          78
-%define mainver        %major.0
-%define orig_version   78.0
+%define mainver        %major.0.1
+%define orig_version   78.0.1
 %define orig_suffix    %{nil}
 %define update_channel release
 %define branding       1

firefox-78.0.1.source.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:494d277b120028e036e2aee3f658d79afc895457dc6aadb1c02f0547ef1d66ca
+size 334523644

firefox-78.0.1.source.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl772cYACgkQ8aZmj7t9
+Vy4ExxAAlNStxBXW0u1WtdvxDofC3GODPf6XcMdZVJc45JKJy3hLeBXk26NsaXki
+pxE0ySHKEdzdGMYG5U6JDP3XbUpEQcsazjLdeHERvxYsZBvy41sCRkQu+XITSP5z
+HmbvYA1r+H7j2+yPkbSkyjtZONADbRwnnhwCWpo5gRhny3v17EQy6vUFYHANxtDI
+DxRi6Uccko4kV4y8hdw/rdT+IxHJAvtucJFMONUgm1DUdy5QV1BuMAxHru3CW1NK
+7YlODbG/+u6OiTJdoczVjSxmLPlH4f02pAcWsijXDBeVSVwUI4ATckbPVIY/HL/U
+Z6n4c8jXeN/pkdEr4+jUENCqKP3JDq6bEPsD1c3megnhqtLN4gR1bTp7fS8Cm1gG
+8Nv34x/deg8LADyYMIS8arduYfzKgRt28cduGeqSdtjWQR7SqrQ1OXGP2npEp/wc
+xS+Q9WPh9BNfDuOWw87BdI+UZ/BdX2PTTTvdXlMCTU9wvjs7DGYeMFiSHCVkBoFZ
+c/We+9dHreTA0qiM1K/O2iwdbH0JF4yjfnqTQUqXVjtFQJRk/xtZ6Fd3Ddwhmmtb
+FGRkOjN9Z07NjXsos5dp3Qj7PFOlMwbYDlJ5oQGYZxo6qWKUkJoZSDv1DnWDwUVc
+dP9tJy/RQ+5AeKZVauqOdgVOyTKENEOhtsf0AJ+scnryJSH4mic=
+=vbhv
+-----END PGP SIGNATURE-----

firefox-78.0.source.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:291a593151e476e6c4b61e48a3bdd5a11896fbde6261dcad347d5b7df265a058
-size 333422136

firefox-78.0.source.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEECXsxMHeuYqAvhNpN8aZmj7t9Vy4FAl706/oACgkQ8aZmj7t9
-Vy7BQQ//e9w8ZTou1TaKhI8Wkd+NwpmqPgqpkqlfZ39/G0TACqEQQnUJh6EmYmxc
-lr3U82ePOoT0pOaH1qOJpoBQUlgODqxkL/RQjrkUnY+MfWvhdQqM3X7OaqOrVYue
-pwpNQ7wWCzirIgzVdHOD8CLw0aqYfJwu8Hbnu4kEadXWEck05YDcGHvpDdpfbQ3Z
-+DmkgIRGUjed1PCZxrB4rwFE4VWzPhKByLGBtfSbI+49AwXXt/TRzCYC8y0sfl1+
-mzLMO7K02xfquWpXwSY+cyDHW1WM76BdTKOCqswD3lsB7MJiA+HZ+h6HfVRGK4ov
-VLh2H1/0RfvjO9VUOtrSRUAevFpmRMuBHwtRNF0Zp2mjunSNeHRHIndWUPSbMp6F
-Ecvm+RNAIUHOtgi+mrzq9NIVIoi4F2KYNOTJQPR/vGGbvDUmnyXm0y5wLt7pAyIv
-d7LBV7BcTmCjmnWQG40QbhLpDyFF/wUoKkxXWySnPBu5V2UD2OzBnlQ+BIZyvSar
-jjGNLlWcwQ9TIZUFqYa3J3JQ23BRHYh4Nr40YDuEGZCJcdAslbFSRUeII0XxVa1k
-YqVHSU/C1Vsumxe/Yh5s2CppZAs+KyZ5YkRlZebBR+7mRd52fuoOSMgNbiSV5aOw
-qEV4RV82Cph/uITGPzxAn3TatGRP/tGdz3b5mi+Bwmveq+9Z1Q8=
-=FBW2
------END PGP SIGNATURE-----

mozilla.sh.in

@@ -87,9 +87,11 @@ if [ "$XDG_SESSION_TYPE" = "wayland" ]; then
   export MOZ_ENABLE_WAYLAND=1
 fi
 
-# enable xinput2 (boo#1032003)
-# breaks too many things right now (boo#1053959)
-#export MOZ_USE_XINPUT2=1
+# xinput2 (boo#1173320)
+source /etc/os-release
+if [ "$ID" = "opensuse-tumbleweed" ]; then
+  export MOZ_USE_XINPUT2=1
+fi
 
 moz_debug=0
 script_args=""

tar_stamps

@@ -1,8 +1,8 @@
 PRODUCT="firefox"
 CHANNEL="release"
-VERSION="78.0"
+VERSION="78.0.1"
 VERSION_SUFFIX=""
-PREV_VERSION="78.0b8"
+PREV_VERSION="78.0"
 PREV_VERSION_SUFFIX=""
 #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation