1
0
Commit Graph

543 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
50acacf655 Accepting request 824701 from home:guoyunhe:branches:mozilla:Factory2
- Change *.appdata.xml location to latest AppStream standard

OBS-URL: https://build.opensuse.org/request/show/824701
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=850
2020-08-10 09:14:34 +00:00
Wolfgang Rosenauer
8addddfe67 - Mozilla Firefox 79.0
MFSA 2020-30 (bsc#1174538)
  * CVE-2020-15652 (bmo#1634872)
    Potential leak of redirect targets when loading scripts in a worker
  * CVE-2020-6514 (bmo#1642792)
    WebRTC data channel leaks internal address to peer
  * CVE-2020-15655 (bmo#1645204)
    Extension APIs could be used to bypass Same-Origin Policy
  * CVE-2020-15653 (bmo#1521542)
    Bypassing iframe sandbox when allowing popups
  * CVE-2020-6463 (bmo#1635293)
    Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
  * CVE-2020-15656 (bmo#1647293)
    Type confusion for special arguments in IonMonkey
  * CVE-2020-15658 (bmo#1637745)
    Overriding file type when saving to disk
  * CVE-2020-15657 (bmo#1644954)
    DLL hijacking due to incorrect loading path
  * CVE-2020-15654 (bmo#1648333)
    Custom cursor can overlay user interface
  * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
    bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
    bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
    Memory safety bugs fixed in Firefox 79
- updated dependency requirements:
  * mozilla-nspr >= 4.26
  * mozilla-nss >= 3.54
  * rust >= 1.43
  * rust-cbindgen >= 0.14.3
- removed obsolete patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=847
2020-07-29 07:07:58 +00:00
Wolfgang Rosenauer
47a7a10c4f Accepting request 821486 from home:badshah400:branches:mozilla:Factory
- Add mozilla-libavcodec58_91.patch to link against updated
  soversion of libavcodec (58.91) with ffmpeg >= 4.3.

OBS-URL: https://build.opensuse.org/request/show/821486
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=842
2020-07-17 15:04:42 +00:00
Wolfgang Rosenauer
fba870626f - added desktop file actions
- do not use XINPUT2 for the moment until Plasma 5.19.3 has landed
  (boo#1173993)
- rework langpack integration (boo#1173991)
  * ship XPIs instead of directories
  * allow addon sideloading
  * mark signatures for langpacks non-mandatory
  * do not autodisable user profile scopes
* Google API key is not usable for geolocation service

- Mozilla Firefox 78.0.2
  * Fixed an accessibility regression in reader mode (bmo#1650922)
  * Made the address bar more resilient to data corruption in the
    user profile (bmo#1649981)
  * Fixed a regression opening certain external applications (bmo#1650162)
  MFSA 2020-28
  * CVE pending (bmo#1644076)
    X-Frame-Options bypass using object or embed tags

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=839
2020-07-12 17:40:52 +00:00
Wolfgang Rosenauer
b65efa1613 - fix pipewire support for TW (boo#1172903)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=838
2020-07-06 22:08:51 +00:00
Wolfgang Rosenauer
13e2ddea0f - Mozilla Firefox 78.0.1
* Fixed an issue which could cause installed search engines to not
    be visible when upgrading from a previous release.
- enable MOZ_USE_XINPUT2 for TW (boo#1173320)
  * Protections Dashboard (about:protections)
  * WebRTC not interrupted by screensaver anymore
  * disabled TLS 1.0 and 1.1 by default
  MFSA 2020-24 (bsc#1173576)
  * CVE-2020-12415 (bmo#1586630)
    AppCache manifest poisoning due to url encoded character processing
  * CVE-2020-12416 (bmo#1639734)
    Use-after-free in WebRTC VideoBroadcaster
  * CVE-2020-12417 (bmo#1640737)
    Memory corruption due to missing sign-extension for ValueTags
    on ARM64
  * CVE-2020-12418 (bmo#1641303)
    Information disclosure due to manipulated URL object
  * CVE-2020-12419 (bmo#1643874)
    Use-after-free in nsGlobalWindowInner
  * CVE-2020-12420 (bmo#1643437)
    Use-After-Free when trying to connect to a STUN server
  * CVE-2020-12402 (bmo#1631597)
    RSA Key Generation vulnerable to side-channel attack
  * CVE-2020-12421 (bmo#1308251)
    Add-On updates did not respect the same certificate trust
    rules as software updates
  * CVE-2020-12422 (bmo#1450353)
    Integer overflow in nsJPEGEncoder::emptyOutputBuffer
  * CVE-2020-12423 (bmo#1642400)
    DLL Hijacking due to searching %PATH% for a library

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=835
2020-07-03 06:52:59 +00:00
Wolfgang Rosenauer
d08406e896 - Mozilla Firefox 78.0
* startup notifications now using Gtk instead of libnotify
  * PDF downloads now show an option to open the PDF directly in Firefox
- requires
  * NSS >= 3.53.1
  * nodejs >= 10.21
  * Gtk+3 >= 3.14
- removed obsolete patch
  * mozilla-s390-bigendian.patch
- Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build
  WebRTC with pipewire support to enable screen sharing under
  Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3)
  appropriately (boo#1172903).
- adding SLE12 compatibility in spec file
- add patches for s390x
  * mozilla-bmo1602730.patch (bmo#1602730)
  * mozilla-bmo1626236.patch (bmo#1626236)
  * mozilla-bmo998749.patch (bmo#998749)
  * mozilla-s390x-skia-gradient.patch
- update create-tar.sh
- Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=834
2020-06-30 11:39:58 +00:00
Wolfgang Rosenauer
3d2e40a031 Accepting request 813117 from home:Guillaume_G:branches:mozilla:Factory
- Exclude armv6, since it is unbuildable since about 3 years

OBS-URL: https://build.opensuse.org/request/show/813117
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=833
2020-06-10 07:35:21 +00:00
Wolfgang Rosenauer
d5337670c2 Accepting request 811243 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 77.0.1
  * Disable automatic selection of DNS over HTTPS providers during
    a test to enable wider deployment in a more controlled way
    (bmo#1642723)

OBS-URL: https://build.opensuse.org/request/show/811243
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=831
2020-06-04 06:00:26 +00:00
Wolfgang Rosenauer
5c3bb08acd - Mozilla Firefox 77.0
* view and manage web certificates more easily on the new
    about:certificate page
  * improvements in accessibility
  * significant improvements to JavaScript debugging
  MFSA 2020-20 (bsc#1172402)
  * CVE-2020-12399 (bmo#1631576)
    Timing attack on DSA signatures in NSS library
    (fixed with external NSS >= 3.52.1)
  * CVE-2020-12405 (bmo#1631618)
    Use-after-free in SharedWorkerService
  * CVE-2020-12406 (bmo#1639590)
    JavaScript type confusion with NativeTypes
  * CVE-2020-12407 (bmo#1637112)
    WebRender leaking GPU memory when using border-image CSS
    directive
  * CVE-2020-12408 (bmo#1623888)
    URL spoofing when using IP addresses
  * CVE-2020-12409 (bmo#1619305, bmo#1632717)
    Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
  * CVE-2020-12411 (bmo#1620972, bmo#1625333)
    Memory safety bugs fixed in Firefox 77
- requires
  * NSS >= 3.52.1
  * rust-cbindgen >= 1.14.1
  * clang >= 5
- added mozilla-bmo1634646.patch as part of fixing PGO build
  (still not working)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=830
2020-06-02 14:55:49 +00:00
Wolfgang Rosenauer
15bd5b7707 Accepting request 805351 from home:michel_mno:branches:mozilla:Factory
- change again _constraints for ppc64le use <physicalmemory>
  and increase limit_build in spec file to reduce max_jobs.

OBS-URL: https://build.opensuse.org/request/show/805351
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=828
2020-05-14 06:50:59 +00:00
Wolfgang Rosenauer
d5f3632780 - Mozilla Firefox 76.0.1
* Fixed a bug causing some add-ons such as Amazon Assistant to see
    multiple onConnect events, impairing functionality (bmo#1635637)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=827
2020-05-12 21:40:30 +00:00
Wolfgang Rosenauer
f1f2bf264a - Mozilla Firefox 76.0
* Lockwise improvements
  * Improvements in Picture-in-Picture feature
  * Support Audio Worklets
  MFSA-2020-16 (bsc#1171186)
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-12388 (bmo#1618911)
    Sandbox escape with improperly guarded Access Tokens
  * CVE-2020-12389 (bmo#1554110)
    Sandbox escape with improperly separated process types
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12390 (bmo#1141959)
    Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
  * CVE-2020-12391 (bmo#1457100)
    Content-Security-Policy bypass using object elements
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2020-12394 (bmo#1628288)
    URL spoofing in location bar when unfocussed
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
    Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
  * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
    bmo#1622291, bmo#1627644)
    Memory safety bugs fixed in Firefox 76

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=825
2020-05-05 19:25:39 +00:00
Wolfgang Rosenauer
81c21d1d0f - fix build issue in libvpx for i586 via mozilla-bmo1622013.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=823
2020-04-09 17:21:52 +00:00
Wolfgang Rosenauer
f0a9acb709 - Mozilla Firefox 75.0
- removed obsolete patch
  mozilla-bmo1609538.patch
- requires
  * rust >= 1.41
  * rust-cbindgen >= 0.13.1
  * mozilla-nss >= 3.51
  * nodejs10 >= 10.19

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=821
2020-04-07 12:21:48 +00:00
Wolfgang Rosenauer
474c698ebf - Mozilla Firefox 74.0.1
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=817
2020-04-03 15:25:40 +00:00
Wolfgang Rosenauer
945d8129f8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=815 2020-03-25 09:47:01 +00:00
Wolfgang Rosenauer
67fc595cea - mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled
to be read, as openssl 1.1.1 FIPS aborts if it cannot access it
  (bsc#1167132)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=814
2020-03-25 09:43:20 +00:00
Wolfgang Rosenauer
1fdca0de1d Accepting request 788017 from home:msmeissn:branches:mozilla:Factory
- firefox-fips.patch: allow /proc/sys/crypto/fips_enabled to be read, as openssl 1.1.1 
  FIPS aborts if it cannot access it (bsc#1167132)

OBS-URL: https://build.opensuse.org/request/show/788017
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=813
2020-03-25 09:12:06 +00:00
Wolfgang Rosenauer
a9628fa6ae - Mozilla Firefox 74.0
* https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
  MFSA 2020-08 (bsc#1166238)
  * CVE-2020-6805 (bmo#1610880)
    Use-after-free when removing data about origins
  * CVE-2020-6806 (bmo#1612308)
    BodyStream::OnInputStreamReady was missing protections against
    state confusion
  * CVE-2020-6807 (bmo#1614971)
    Use-after-free in cubeb during stream destruction
  * CVE-2020-6808 (bmo#1247968)
    URL Spoofing via javascript: URL
  * CVE-2020-6809 (bmo#1420296)
    Web Extensions with the all-urls permission could access local
    files
  * CVE-2020-6810 (bmo#1432856)
    Focusing a popup while in fullscreen could have obscured the
    fullscreen notification
  * CVE-2020-6811 (bmo#1607742)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2019-20503 (bmo#1613765)
    Out of bounds reads in sctp_load_addresses_from_init
  * CVE-2020-6812 (bmo#1616661)
    The names of AirPods with personally identifiable information
    were exposed to websites with camera or microphone permission
  * CVE-2020-6813 (bmo#1605814)
    @import statements in CSS could bypass the Content Security
    Policy nonce feature
  * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=809
2020-03-12 19:14:24 +00:00
Wolfgang Rosenauer
b72b8e1049 Accepting request 779145 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Fix build on aarch64/armv7 with:
  * mozilla-bmo1610814.patch - boo#1164845

OBS-URL: https://build.opensuse.org/request/show/779145
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=806
2020-02-26 08:05:26 +00:00
Wolfgang Rosenauer
32b74d8c4c - Mozilla Firefox 73.0.1
* Resolved problems connecting to the RBC Royal Bank website
    (bmo#1613943)
  * Fixed Firefox unexpectedly exiting when leaving Print Preview mode
    (bmo#1611133)
  * Fixed crashes when playing encrypted content on some Linux systems
    (bmo#1614535)
- start in wayland mode when running under wayland session

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=804
2020-02-20 13:56:27 +00:00
Wolfgang Rosenauer
82f4bf17d0 - Mozilla Firefox 73.0
* Added support for setting a default zoom level applicable for all
    web content
  * High-contrast mode has been updated to allow background images
  * Improved audio quality when playing back audio at a faster or
    slower speed
  * Added NextDNS as alternative option for DNS over HTTPS
  MFSA 2020-05 (bsc#1163368)
  * CVE-2020-6796 (bmo#1610426)
    Missing bounds check on shared memory read in the parent process
  * CVE-2020-6797 (bmo#1596668) (MacOS X only)
    Extensions granted downloads.open permission could open arbitrary
    applications on Mac OSX
  * CVE-2020-6798 (bmo#1602944)
    Incorrect parsing of template tag could result in JavaScript injection
  * CVE-2020-6799 (bmo#1606596) (Windows only)
    Arbitrary code execution when opening pdf links from other
    applications, when Firefox is configured as default pdf reader
  * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
    bmo#1608580,bmo#1608785,bmo#1605777)
    Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
  * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492)
    Memory safety bugs fixed in Firefox 73
- updated requirements
  * rust >= 1.39
  * NSS >= 3.49.2
  * rust-cbindgen >= 0.12.0
- rebased patches
- removed obsolete patch
  * mozilla-bmo1601707.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=802
2020-02-12 14:14:39 +00:00
Wolfgang Rosenauer
0ed6fb0b03 Accepting request 767929 from home:hellcp:branches:mozilla:Factory
- Use a symbolic icon from branding internals
- Pixmaps no longer required for the desktops

OBS-URL: https://build.opensuse.org/request/show/767929
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=800
2020-02-02 19:26:07 +00:00
Wolfgang Rosenauer
f7f1c3fabe - Mozilla Firefox 72.0.2
* Various stability fixes
  * Fixed issues opening files with spaces in their path (bmo#1601905)
  * Fixed a hang opening about:logins when a master password is set
    (bmo#1606992)
  * Fixed a web compatibility issue with CSS Shadow Parts which
    shipped in Firefox 72 (bmo#1604989)
  * Fixed inconsistent playback performance for fullscreen 1080p
    videos on some systems (bmo#1608485)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=798
2020-01-22 10:33:47 +00:00
Wolfgang Rosenauer
abdc4f99a4 Accepting request 766087 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Fix build for aarch64/ppc64le (do not update config.sub file
  for libbacktrace)

OBS-URL: https://build.opensuse.org/request/show/766087
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=797
2020-01-22 10:26:26 +00:00
Wolfgang Rosenauer
31f1b363df - Mozilla Firefox 72.0.1
- Mozilla Firefox 72.0
  * block fingerprinting scripts by default
  * new notification pop-ups
  * Picture-in-picture video
  MFSA 2020-01
  * CVE-2019-17016 (bmo#1599181)
    Bypass of @namespace CSS sanitization during pasting
  * CVE-2019-17017 (bmo#1603055)
    Type Confusion in XPCVariant.cpp
  * CVE-2019-17020 (bmo#1597645)
    Content Security Policy not applied to XSL stylesheets applied
    to XML documents
  * CVE-2019-17022 (bmo#1602843)
    CSS sanitization does not escape HTML tags
  * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME)
    NSS may negotiate TLS 1.2 or below after a TLS 1.3
    HelloRetryRequest had been sent
  * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826)
    Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
  * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965
    bmo#1595692,bmo#1597321,bmo#1597481)
    Memory safety bugs fixed in Firefox 72
- update create-tar.sh to skip compare-locales
- requires NSPR 4.24 and NSS 3.48
- removed usage of browser-plugins convention for NPAPI plugins
  from start wrapper and changed the RPM macro to the
  /usr/$LIB/mozilla/plugins location (boo#1160302)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=793
2020-01-08 11:59:18 +00:00
Wolfgang Rosenauer
5863c2f0e9 - added mozilla-bmo1601707.patch to fix gcc/LTO builds
(bmo#1601707, boo#1158466)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=791
2019-12-18 17:50:22 +00:00
Wolfgang Rosenauer
474457216d - Mozilla Firefox 71.0
* Improvements to Lockwise, our integrated password manager
  * More information about Enhanced Tracking Protection in action
  * Native MP3 decoding on Windows, Linux, and macOS
  * Configuration page (about:config) reimplemented in HTML
  * New kiosk mode functionality, which allows maximum screen space
    for customer-facing displays
  MFSA 2019-36
  * CVE-2019-11756 (bmo#1508776)
    Use-after-free of SFTKSession object
  * CVE-2019-17008 (bmo#1546331)
    Use-after-free in worker destruction
  * CVE-2019-13722 (bmo#1580156) (Windows only)
    Stack corruption due to incorrect number of arguments in WebRTC code
  * CVE-2019-17014 (bmo#1322864)
    Dragging and dropping a cross-origin resource, incorrectly loaded
    as an image, could result in information disclosure
  * CVE-2019-17010 (bmo#1581084)
    Use-after-free when performing device orientation checks
  * CVE-2019-17005 (bmo#1584170)
    Buffer overflow in plain text serializer
  * CVE-2019-17011 (bmo#1591334)
    Use-after-free when retrieving a document in antitracking
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209
    bmo#1580288, bmo#1585760, bmo#1592502)
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
  * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937
    bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865
    bmo#1594181)
    Memory safety bugs fixed in Firefox 71

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=789
2019-12-09 07:58:52 +00:00
Wolfgang Rosenauer
c5265ac327 - Mozilla Firefox 70.0.1
* Fix for an issue that caused some websites or page elements using
    dynamic JavaScript to fail to load. (bmo#1592136)
  * Title bar no longer shows in full screen view (bmo#1588747)
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
  big endian platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=787
2019-11-01 14:24:05 +00:00
Wolfgang Rosenauer
9b8d4398e7 - Mozilla Firefox 70.0
* more privacy protections from Enhanced Tracking Protection
  * Firefox Lockwise passwordmanager
  * Improvements to core engine components, for better browsing on more sites
  * Improved privacy and security indicators
  MFSA 2019-34
  * CVE-2018-6156 (bmo#1480088)
    Heap buffer overflow in FEC processing in WebRTC
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11765 (bmo#1562582)
    Incorrect permissions could be granted to a website
  * CVE-2019-17000 (bmo#1441468)
    CSP bypass using object tag with data: URI
  * CVE-2019-17001 (bmo#1587976)
    CSP bypass using object tag when script-src 'none' is specified
  * CVE-2019-17002 (bmo#1561056)
    upgrade-insecure-requests was not being honored for links dragged and dropped

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=786
2019-10-25 09:13:30 +00:00
Wolfgang Rosenauer
3a8861dc21 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=784 2019-10-13 16:17:42 +00:00
Wolfgang Rosenauer
929b941313 - Mozilla Firefox 69.0.3
* Fixed Yahoo mail users being prompted to download files when
    clicking on emails (bmo#1582848)
- devel package build can easily be disabled now

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=783
2019-10-13 16:07:47 +00:00
Wolfgang Rosenauer
13cc39d491 - Mozilla Firefox 69.0.2
- updated supported locale list
- remove obsolete kde.js setting (boo#1151186) and related patch
  firefox-add-kde.js-in-order-to-survive-PGO-build.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=778
2019-10-03 08:42:59 +00:00
Wolfgang Rosenauer
a2d0f13928 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=776 2019-09-25 12:32:43 +00:00
Wolfgang Rosenauer
8de2295280 - add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=775
2019-09-25 12:32:05 +00:00
Wolfgang Rosenauer
0d5b4a33d0 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=774 2019-09-25 12:13:22 +00:00
Wolfgang Rosenauer
84a21a1533 (contributed by Bernhard Wiedemann)
- Make build verbose (contributed by Martin Liška)
- remove obsolete kde.js setting (boo#1151186)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=772
2019-09-25 11:38:27 +00:00
Wolfgang Rosenauer
b4dcd00367 Accepting request 733089 from home:bmwiedemann:branches:mozilla:Factory
Allow to build without profile guided optimizations (boo#1040589)

OBS-URL: https://build.opensuse.org/request/show/733089
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=771
2019-09-25 08:59:57 +00:00
Wolfgang Rosenauer
1ff1de7746 Accepting request 732112 from home:marxin:branches:mozilla:Factory
- Make build verbose.

OBS-URL: https://build.opensuse.org/request/show/732112
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=769
2019-09-20 10:17:52 +00:00
Wolfgang Rosenauer
1f7d350ac4 - Mozilla Firefox 69.0.1
* Fixed external programs launching in the background when clicking
    a link from inside Firefox to launch them (bmo#1570845)
  * Usability improvements to the Add-ons Manager for users with
    screen readers (bmo#1567600)
  * Fixed the Captive Portal notification bar not being dismissable
    in some situations after login is complete (bmo#1578633)
  * Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454)
  * Fixed missing stacks in the Developer Tools Performance section
    (bmo#1578354)
  MFSA 2019-31
  * CVE-2019-11754 (bmo#1580506)
    Pointer Lock is enabled with no user notification
- disable DOH by default

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=768
2019-09-20 07:16:58 +00:00
Wolfgang Rosenauer
c460d1e56f * mozilla-bmo1504834-part1.patch
* mozilla-bmo1504834-part2.patch
  * mozilla-bmo1504834-part3.patch
  * mozilla-bmo1512162.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=766
2019-09-12 21:14:35 +00:00
Wolfgang Rosenauer
0c3a6afdc4 - Mozilla Firefox 69.0
* Enhanced Tracking Protection (ETP) for stronger privacy protections
  * Block Autoplay feature is enhanced to give users the option to block
    any video
  * Users in the US or using the en-US browser, can get a new “New Tab”
    page experience connecting to the best of Pocket's content.
  * Support for the Web Authentication HmacSecret extension via
    Windows Hello introduced.
  * Support for receiving multiple video codecs with this release makes
    it easier for WebRTC conferencing services to mix video from
    different clients.
- requires
  * rust/cargo >= 1.35
  * rust-cbindgen >= 0.9.0
  * mozilla-nss >= 3.45
- rebased patches
  * mozilla-bmo1504834-part1.patch (currently unused as it breaks LE)
  * mozilla-bmo1504834-part2.patch (currently unused as it breaks LE)
  * mozilla-bmo1504834-part3.patch (currently unused as it breaks LE)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=765
2019-09-09 06:28:12 +00:00
Wolfgang Rosenauer
e72a516450 - added a bunch of patches mainly for big endian platforms
* mozilla-bmo1504834-part1.patch
  * mozilla-bmo1504834-part2.patch
  * mozilla-bmo1504834-part3.patch
  * mozilla-bmo1511604.patch
  * mozilla-bmo1554971.patch
  * mozilla-bmo1573381.patch
  * mozilla-nestegg-big-endian.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=763
2019-09-05 12:57:01 +00:00
Wolfgang Rosenauer
99d30a30d4 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=762 2019-09-04 08:53:33 +00:00
Wolfgang Rosenauer
67a884d22d OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=761 2019-09-04 08:45:18 +00:00
Wolfgang Rosenauer
a552e67ce1 - Mozilla Firefox 68.1.0
MFSA 2019-26
  * CVE-2019-11751 (bmo#1572838; Windows only)
    Malicious code execution through command line parameters
  * CVE-2019-11746 (bmo#1564449)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033)
    XSS by breaking out of title and textarea elements using innerHTML
  * CVE-2019-11742 (bmo#1559715)
    Same-origin policy violation with SVG filters and canvas to steal
    cross-origin images
  * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
    File manipulation and privilege escalation in Mozilla Maintenance Service
  * CVE-2019-11753 (bmo#1574980; Windows only)
    Privilege escalation with Mozilla Maintenance Service in custom
    Firefox installation location
  * CVE-2019-11752 (bmo#1501152)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-9812 (bmo#1538008, bmo#1538015)
    Sandbox escape through Firefox Sync
  * CVE-2019-11743 (bmo#1560495)
    Cross-origin access to unload event attributes
  * CVE-2019-11748 (bmo#1564588)
    Persistence of WebRTC permissions in a third party context
  * CVE-2019-11749 (bmo#1565374)
    Camera information available without prompting using getUserMedia
  * CVE-2019-11750 (bmo#1568397)
    Type confusion in Spidermonkey
  * CVE-2019-11738 (bmo#1452037)
    Content security policy bypass through hash-based sources in directives

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=760
2019-09-04 08:35:37 +00:00
Wolfgang Rosenauer
10fec342e6 Accepting request 724187 from home:jbrielmaier:ppc64le
Sadly there is now better solution at the moment. A deeper look from upstream is necessary, it also could be some compiler bug. I'll watch the upstream bug closely.

I verified that the workaround actually fixes the problem on my ppc64le workstation :)

OBS-URL: https://build.opensuse.org/request/show/724187
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=758
2019-08-20 07:58:20 +00:00
Wolfgang Rosenauer
91c849f4d1 Accepting request 724472 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 68.0.2 MFSA 2019-24 (boo#1145665) CVE-2019-11733

OBS-URL: https://build.opensuse.org/request/show/724472
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=757
2019-08-19 06:30:53 +00:00
Wolfgang Rosenauer
1022830b45 Accepting request 720873 from home:Guillaume_G:branches:mozilla:Factory
Update build constraints to fix arm builds

OBS-URL: https://build.opensuse.org/request/show/720873
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=755
2019-08-06 07:53:11 +00:00
Wolfgang Rosenauer
e50c943778 - Mozilla Firefox 68.0.1
* Fixed missing Full Screen button when watching videos in full
    screen mode on HBO GO (bmo#1562837)
  * Fixed a bug causing incorrect messages to appear for some
    locales when sites try to request the use of the Storage
    Access API (bmo#1558503)
  * Users in Russian regions may have their default search engine
    changed (bmo#1565315)
  * Built-in search engines in some locales do not function
    correctly (bmo#1565779)
  * SupportMenu policy doesn't always work (bmo#1553290)
  * Allow the privacy.file_unique_origin pref to be controlled by
    policy (bmo#1563759)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=753
2019-07-19 14:43:08 +00:00
Wolfgang Rosenauer
e62fe7e3d9 Accepting request 714628 from home:jirislaby:branches:mozilla:Factory
- add fix-build-after-y2038-changes-in-glibc.patch

OBS-URL: https://build.opensuse.org/request/show/714628
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=752
2019-07-15 15:15:08 +00:00
Wolfgang Rosenauer
c66dced2e8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=751 2019-07-11 15:10:52 +00:00
Wolfgang Rosenauer
668f506a0c Accepting request 714438 from home:bmwiedemann:branches:mozilla:Factory
Generate langpacks sequentially to avoid file corruption from racy file writes (boo#1137970)

OBS-URL: https://build.opensuse.org/request/show/714438
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=750
2019-07-11 13:04:54 +00:00
Wolfgang Rosenauer
c4b62217a3 - Mozilla Firefox 68.0
* Dark mode in reader view
  * Improved extension security and discovery
  * Cryptomining and fingerprinting protections are added to strict
    content blocking settings in Privacy & Security preferences
  * Camera and microphone access now require an HTTPS connection
  MFSA 2019-21 (bsc#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11714 (bmo#1542593)
    NeckoChild can trigger crash when accessed off of main thread
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11716 (bmo#1552632)
    globalThis not enumerable until accessed
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11718 (bmo#1408349)
    Activity Stream writes unsanitized content to innerHTML
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=748
2019-07-09 21:21:11 +00:00
Wolfgang Rosenauer
2be5772ed8 Accepting request 713071 from home:marxin:branches:mozilla:Factory
- Enable PGO for x86_64.

OBS-URL: https://build.opensuse.org/request/show/713071
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=746
2019-07-02 20:43:20 +00:00
Wolfgang Rosenauer
0ef859ba7d - Mozilla Firefox 67.0.4
MFSA 2019-19 (boo#1138872)
  * CVE-2019-11708 (bmo#1559858)
    sandbox escape using Prompt:Open

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=744
2019-06-20 19:02:43 +00:00
Wolfgang Rosenauer
2a64714492 - Mozilla Firefox 67.0.3
MFSA 2019-18
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=742
2019-06-18 18:51:07 +00:00
Wolfgang Rosenauer
55599abb93 - Mozilla Firefox 67.0.2
* Fixed: Fix JavaScript error ("TypeError: data is null in
    PrivacyFilter.jsm") in console which may significantly degrade
    sessionstore reliability and performance (bmo#1553413)
  * Fixed: Proxy authentication dialog box repeatedly pops up
    asking to authenticate after upgrading to Firefox 67 (bmo#1548804)
  * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's
    implementation (bmo#1551282)
  * Fixed: Starting in safe mode on Linux or macOS causes Firefox
    to think on the subsequent launch that the profile is too
    recent to be used with this version of Firefox (bmo#1556612)
  * Fixed: Linux distribution users can't easily install/use
    additional/different languages using the built-in preferences
    UI (bmo#1554744)
  * Fixed: Developer tools users can't copy the href/src content
    from various HTML tags via the context menu in the Inspector
    markup view (bmo#1552275)
  * Fixed: Custom home page is broken with clearing data on shutdown
    settings applied (bmo#1554167)
  * Fixed: Performance-regression for eclipse RAP based applications
    (bmo#1555962)
  * Fixed: macOS 10.15 crash fix (bmo#1556076)
  * Fixed: Can't start two downloads in parallel via <a download>
    anymore (bmo#1542912)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=741
2019-06-12 21:30:01 +00:00
Wolfgang Rosenauer
fc63e9e0d5 - Mozilla Firefox 67.0.1
* enable enhanced tracking protection by default for new users
  * upgrade of Facebook container to version 2.0
  * new version of Firefox Lockwise (password management)
  * new version of Firefox Monitor
  * Firefox Send improvements

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=740
2019-06-09 08:21:04 +00:00
Wolfgang Rosenauer
3a4466d1cf - Mozilla Firefox 67.0
* Firefox 67 will be able to run different Firefox installs side by side
    https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
  * Tabs can now be pinned from the Page Actions menu in the address bar
  * Users can block known cryptominers and fingerprinters in the
    Custom settings or their Content Blocking preferences
  * The Import Data from Another Browser feature is now also available
    from the File menu
  * Firefox will now protect you against running older versions which
    can lead to data corruption and stability issues
  * Easier access to your list of saved logins from the main menu and
    login autocomplete
  * We’ve added a toolbar menu for your Firefox Account to provide more
    transparency for when you are synced, sharing data across devices
    and with Firefox. Personalize the appearance of the menu with your
    own avatar
  * Enable FIDO U2F API, and permit registrations for Google Accounts
  * Enabled AV1 support on Linux
  MFSA 2019-13
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=736
2019-05-22 20:38:29 +00:00
Wolfgang Rosenauer
c6af23c61b - Mozilla Firefox 66.0.5
* Fixed: Further improvements to re-enable web extensions which
    had been disabled for users with a master password set (bmo#1549249)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=734
2019-05-10 19:46:56 +00:00
Wolfgang Rosenauer
5b3482e861 - Mozilla Firefox 66.0.4 (boo#1134126)
* fix extension certificate chain
    https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=732
2019-05-05 20:35:52 +00:00
Wolfgang Rosenauer
4a05b1c2ea - Mozilla Firefox 66.0.3
* Fixed: Address bar on tablets running Windows 10 now behaves
    correctly (bmo#1498973)
  * Fixed: Performance issues with some HTML5 games (bmo#1537609)
  * Fixed a bug with keypress events in IBM cloud applications
    (bmo#1538970)
  * Fix for keypress events in some Microsoft cloud applications
    (bmo#1539618)
  * Changed: Updated Baidu search plugin

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=730
2019-04-13 15:12:36 +00:00
Wolfgang Rosenauer
77d74ed5ac - Mozilla Firefox 66.0.2
* Fixed Web compatibility issues with Office 365, iCloud and
    IBM WebMail caused by recent changes to the handling of
    keyboard events (bmo#1538966)
  * Crash fixes (bmo#1521370, bmo#1539118)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=728
2019-03-30 12:06:55 +00:00
Wolfgang Rosenauer
94b2d29d06 Accepting request 689279 from home:Guillaume_G:branches:mozilla:Factory
- Add patch to fix aarch64 build:
  * mozilla-fix-aarch64-libopus.patch (bmo#1539737)

OBS-URL: https://build.opensuse.org/request/show/689279
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=727
2019-03-28 10:24:32 +00:00
Wolfgang Rosenauer
7e741ea41d - Mozilla Firefox 66.0.1
MFSA 2019-09 (bsc#1130262)
  * CVE-2019-9810 (bmo#1537924)
    IonMonkey MArraySlice has incorrect alias information
  * CVE-2019-9813 (bmo#1538006)
    Ionmonkey type confusion with __proto__ mutations

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=724
2019-03-23 07:56:11 +00:00
Wolfgang Rosenauer
c35c1573d5 - Mozilla Firefox 66.0
* Increased content processes to 8
  * Added capability to search through open tabs from the tab overflow menu
  * New backend for the storage.local WebExtensions API, providing
    I/O performance improvements when the extension updates a small
    subset of the stored data
  * WebExtension keyboard shortcuts can now be managed or overridden
    from about:addons
  * Improved scrolling behavior: Firefox will now attempt to keep content
    from jumping around while a page is loading by supporting scroll
    anchoring
  * New about:privatebrowsing with search
  * A certificate error page now notifies the user of the name of the
    certificate issuer that breaks HTTPs connections on intercepted
    connections to help troubleshooting possible anti-virus software
    issues.
  * Fixed an performance issue some Linux users experienced with the
    Downloads panel (bmo#1517101)
  * Firefox now blocks all autoplay media with sound by default. Users
    can add individual sites to an exceptions list or turn the blocking
    off.
  * System title bar is hidden by default to match Gnome guideline
  MFSA 2019-07 (bsc#1129821)
  * CVE-2019-9790 (bmo#1525145)
    Use-after-free when removing in-use DOM elements
  * CVE-2019-9791 (bmo#1530958)
    Type inference is incorrect for constructors entered through on-stack
    replacement with IonMonkey
  * CVE-2019-9792 (bmo#1532599)
    IonMonkey leaks JS_OPTIMIZED_OUT magic value to script

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=723
2019-03-19 22:01:55 +00:00
Wolfgang Rosenauer
0d243c2ff1 Accepting request 681668 from home:coolo:branches:mozilla:Factory
- Do not hardcode nodejs8 but leave the prefer to the distribution
  (Tumbleweed staging wants to switch to nodejs10)

OBS-URL: https://build.opensuse.org/request/show/681668
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=721
2019-03-07 08:01:24 +00:00
Wolfgang Rosenauer
9feea8555d - Mozilla Firefox 65.0.1
* Fixed accidental requests to addons.mozilla.org when an addon
    recommendation doorhanger is shown (bmo#1526387)
  * Improved playback of interactive Netflix videos (bmo#1524500)
  * Fixed incorrect sizing of the "Clear Recent History" window in
    some situations (bmo#1523696)
  * Fixed audio & video delays while making WebRTC calls
    (bmo#1521577, bmo#1523817)
  * Fixed video sizing problems during some WebRTC calls (bmo#1520200)
  * Fixed looping CONNECT requests when using WebSockets over HTTP/2
    from behind a proxy server (bmo#1523427)
  * Fixed the "Enter" key not working on password entry fields for
    certain Linux distributions (bmo#1523635)
  MFSA 2019-04
  * CVE-2018-18356 bmo#1525817
    Use-after-free in Skia
  * CVE-2019-5785 bmo#1525433
    Integer overflow in Skia
  * CVE-2018-18511 bmo#1526218
    Cross-origin theft of images with ImageBitmapRenderingContext
- Enable LTO only for latest new toolchain (boo#1125038) for x86_64
  (with increased memory constraints)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=717
2019-02-13 08:14:35 +00:00
Wolfgang Rosenauer
6164077723 Accepting request 674399 from home:marxin:branches:mozilla:Factory
- Enable LTO only for latest toolchain (boo#1125038).

OBS-URL: https://build.opensuse.org/request/show/674399
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=716
2019-02-13 07:10:01 +00:00
Wolfgang Rosenauer
292dbe02a3 Accepting request 673283 from home:marxin:branches:mozilla:Factory
- Enable LTO for x86_64 (with increased memory constraints).

OBS-URL: https://build.opensuse.org/request/show/673283
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=714
2019-02-11 11:41:34 +00:00
Wolfgang Rosenauer
1030f9ddf5 - rebased patches
- remove workaround for build memory consumption on i586; other
  mitigations meanwhile introduced (mainly parallelity) will be
  sufficient
  mozilla-reduce-files-per-UnifiedBindings.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=712
2019-02-03 06:39:38 +00:00
Wolfgang Rosenauer
4962fbcbc3 missing proper changelog before Factory submission
- Mozilla Firefox 65.0
- requires
  NSS 3.41
  rust/carge 1.30
  rust-cbindgen 0.6.7
-rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=709
2019-01-29 18:07:12 +00:00
Wolfgang Rosenauer
59c27b8c6c Accepting request 666261 from home:marxin:branches:mozilla:Factory
- Increase disk constraint.
- Remove -v from mach build in order to work-around bmo#1500436.

OBS-URL: https://build.opensuse.org/request/show/666261
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=708
2019-01-16 09:31:29 +00:00
Wolfgang Rosenauer
68e8e12c27 Accepting request 664693 from home:marxin:branches:mozilla:Factory-new2
- Set %clang_build to false on all architectures
- Do not use -fno-delete-null-pointer-checks and -fno-strict-aliasing:
  it should not be needed.
- Do not overwrite enable-optimize and when possible
  enable --enable-debug-symbols.
- Add -v to mach in order to make build verbose.

OBS-URL: https://build.opensuse.org/request/show/664693
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=705
2019-01-12 22:48:04 +00:00
Wolfgang Rosenauer
c828807e6d Accepting request 664321 from home:AndreasStieger:branches:mozilla:Factory
64.0.2

OBS-URL: https://build.opensuse.org/request/show/664321
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=704
2019-01-10 10:25:49 +00:00
Wolfgang Rosenauer
96abfaec58 Accepting request 659329 from home:Guillaume_G:branches:mozilla:Factory
- Enable build_hardened for all architectures
- Switch back aarch64 to clang as '-fPIC' fixes bmo#1513605
- Remove obolete '--enable-pie' as -pie is always enabled for gcc and clang

OBS-URL: https://build.opensuse.org/request/show/659329
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=703
2019-01-07 19:59:56 +00:00
Wolfgang Rosenauer
f2a1d1c9f4 Accepting request 657818 from home:Guillaume_G:branches:mozilla:Factory
- Switch aarch64 builds back to gcc, not clang (bmo#1513605)
- Switch %arm builds back to gcc, not clang to avoid OOM
- Fix build flags when clang is not used
- Fix flags for clang ppc64 builds

OBS-URL: https://build.opensuse.org/request/show/657818
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=700
2018-12-13 12:15:35 +00:00
Wolfgang Rosenauer
7d565ee4aa - update to Firefox 64.0
* Better recommendations: You may see suggestions in regular browsing
    mode for new and relevant Firefox features, services, and extensions
    based on how you use the web (for US users only)
  * Enhanced tab management: You can now select multiple tabs from the
    tab bar and close, move, bookmark, or pin them quickly and easily
  * Easier performance management: The new Task Manager page found at
    about:performance lets you see how much energy each open tab consumes
    and provides access to close tabs to conserve power
  * Improved performance for Mac and Linux users, by enabling link time
    optimization (Clang LTO).
  * Added option to remove add-ons using the context menu on their
    toolbar buttons
  * RSS feed preview and live bookmarks are available only via add-ons
  * TLS certificates issued by Symantec are no longer trusted by Firefox.
    Website operators are strongly encouraged to replace any remaining
    Symantec TLS certificates as soon as possible
  MFSA 2018-29 (bsc#1119105)
  * CVE-2018-12407 bmo#1505973
    Buffer overflow with ANGLE library when using VertexBuffer11 module
  * CVE-2018-17466 bmo#1488295
    Buffer overflow and out-of-bounds read in ANGLE library with
    TextureStorage11
  * CVE-2018-18492 bmo#1499861
    Use-after-free with select element
  * CVE-2018-18493 bmo#1504452
    Buffer overflow in accelerated 2D canvas with Skia
  * CVE-2018-18494 bmo#1487964
    Same-origin policy violation using location attribute and
    performance.getEntries to steal cross-origin URLs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=699
2018-12-12 11:35:28 +00:00
Wolfgang Rosenauer
d8b75f888e Accepting request 652365 from home:Guillaume_G:branches:mozilla:Factory
- Remove --disable-elf-hack when not available: on aarch64 and ppc64*

OBS-URL: https://build.opensuse.org/request/show/652365
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=698
2018-12-11 07:45:25 +00:00
Wolfgang Rosenauer
f6f6df084e Accepting request 651976 from home:Guillaume_G:branches:mozilla:Factory2
- Clean-up %arm build

OBS-URL: https://build.opensuse.org/request/show/651976
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=695
2018-11-26 10:42:10 +00:00
Wolfgang Rosenauer
3ce0fd3bc7 - update to Firefox 63.0.3
* Games using WebGL (created in Unity) get stuck after very short
    time of gameplay (bmo#1502748)
  * Slow page loading for some users with specific proxy configurations
    (bmo#1495024)
  * Disable HTTP response throttling by default for causing bugs with
    videos in background tabs (bmo#1503354)
  * Opening magnet links no longer works (bmo#1498934)
  * Crash fixes (bmo#1498510, bmo#1503424)
- removed mozilla-newer-cbindgen.patch; no longer needed
- requires rust-cbindgen >= 0.6.2 to build
- requires nodejs >= 8.11 to build
- added mozilla-newer-cbindgen.patch to fix build with cbindgen 0.6.7

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=694
2018-11-18 21:46:59 +00:00
Wolfgang Rosenauer
b19ebee19e - disable elfhack for TW and newer due to build errors
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=693
2018-11-12 11:49:28 +00:00
Wolfgang Rosenauer
2f1f7dea2a - update to Firefox 63.0.1
* Snippets are not loaded due to missing element (bmo#1503047)
  * Print preview always shows 30& scale when it is actually
    Shrink To Fit (bmo#1501952)
  * Dialog displayed when closing multiple windows shows unreplaced
    %1$S placeholder in Japanese and potentially other locales
    (bmo#1500823)
  MFSA 2018-26 (bsc#1112852)
  * CVE-2018-12391 (bmo#1478843) (Android-only)
    HTTP Live Stream audio data is accessible cross-origin
  * CVE-2018-12392 (bmo#1492823)
    Crash with nested event loops
  * CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs)
    Integer overflow during Unicode conversion while loading JavaScript
  * CVE-2018-12395 (bmo#1467523)
    WebExtension bypass of domain restrictions through header rewriting
  * CVE-2018-12396 (bmo#1483602)
    WebExtension content scripts can execute in disallowed contexts
  * CVE-2018-12397 (bmo#1487478)
    Missing warning prompt when WebExtension requests local file access
  * CVE-2018-12398 (bmo#1460538, bmo#1488061)
    CSP bypass through stylesheet injection in resource URIs
  * CVE-2018-12399 (bmo#1490276)
    Spoofing of protocol registration notification bar
  * CVE-2018-12400 (bmo#1448305) (Android only)
    Favicons are cached in private browsing mode on Firefox for Android
  * CVE-2018-12401 (bmo#1422456)
    DOS attack through special resource URI parsing
  * CVE-2018-12402 (bmo#1469916)
    SameSite cookies leak when pages are explicitly saved

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=692
2018-11-10 21:07:09 +00:00
Wolfgang Rosenauer
6bbb36ffe9 - update to Firefox 63.0
* WebExtensions now run in their own process on Linux
  * The Ctrl+Tab shortcut now displays thumbnail previews of your
    tabs and cycles through tabs in recently used order. This new
    default behavior is activated only in new profiles and can be
    changed in preferences.
  * Added support for Web Components custom elements and shadow DOM
- requires NSPR 4.20, NSS 3.39 and Rust 1.28

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=691
2018-10-29 15:21:53 +00:00
Wolfgang Rosenauer
5048a922bb Accepting request 644806 from home:Guillaume_G:branches:mozilla:Factory
- Update _constraints for armv6/7
- Add patch to fix build on armv7:
  * mozilla-bmo1463035.patch

OBS-URL: https://build.opensuse.org/request/show/644806
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=690
2018-10-29 14:09:04 +00:00
Wolfgang Rosenauer
7f0ad4c413 Accepting request 639735 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 62.0.3:
  MFSA 2018-24
  * CVE-2018-12386 (bsc#1110506, bmo#1493900)
    Type confusion in JavaScript allowed remote code execution
  * CVE-2018-12387 (bsc#1110507, bmo#1493903)
    Array.prototype.push stack pointer vulnerability may enable
    exploits in the sandboxed content process

OBS-URL: https://build.opensuse.org/request/show/639735
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=688
2018-10-03 12:24:02 +00:00
Wolfgang Rosenauer
42ab585fa7 - disable rust debug symbols to fix build on %ix86
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=686
2018-09-24 20:59:09 +00:00
Wolfgang Rosenauer
ec4afab305 Accepting request 637170 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 62.0.2
  * CVE-2018-12385 (boo#1109363, bmo#1490585)

OBS-URL: https://build.opensuse.org/request/show/637170
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=684
2018-09-22 09:37:16 +00:00
Wolfgang Rosenauer
551d63d536 - update to Firefox 62.0 (build2)
- requires NSS >= 3.38
- removed obsolete patches
  mozilla-bmo1464766.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=682
2018-09-05 07:16:27 +00:00
Wolfgang Rosenauer
a3dfca5f05 - update to Firefox 61.0.2
* Improved website rendering with the Retained Display List feature
    enabled (bmo#1474402)
  * Fixed broken DevTools panels with certain extensions installed
    (bmo#1474379)
  * Fixed a crash for users with some accessibility tools enabled
    (bmo#1474007)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=680
2018-08-09 18:13:29 +00:00
Wolfgang Rosenauer
b94eb6767e Accepting request 621667 from home:AndreasStieger:branches:mozilla:Factory
Firefox 61.0.1

OBS-URL: https://build.opensuse.org/request/show/621667
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=678
2018-07-09 16:46:43 +00:00
Wolfgang Rosenauer
206b6f2820 - update to Firefox 61.0
* Performance enhancements
  * Various improvements for dark theme support will provide a more
    consistent experience across the entire Firefox UI
  * OpenSearch plugins offered by web pages can now be added from the
    page action menu for easier installation
  * Improved support for allowing WebExtensions to manage and hide tabs
- requires NSS 3.37.3
- requires python >= 3.5 to build
- removed obsolete patches
  mozilla-i586-DecoderDoctorLogger.patch
  mozilla-i586-domPrefs.patch
  mozilla-fix-skia-aarch64.patch
  mozilla-bmo1375074.patch
  mozilla-enable-csd.patch
- patch for new no-return warnings (mozilla-no-return.patch)
- do not disable system installed locales (mozilla-bmo1464766.patch)

- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
  conditional --disable-gconf to configure: no longer pull in
  obsolete gconf2 for Tumbleweed.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=673
2018-06-25 20:56:47 +00:00
Wolfgang Rosenauer
ea8e2a80bd - update to Firefox 60.0.2
* requires NSS 3.36.4
  MFSA 2018-14 (bsc#1096449)
  * CVE-2018-6126 (bmo#1462682)
    Heap buffer overflow rasterizing paths in SVG with Skia

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=671
2018-06-07 14:08:54 +00:00
Wolfgang Rosenauer
4a2d8988d3 Accepting request 614877 from home:Guillaume_G:branches:mozilla:Factory
- Add upstream patch to fix boo#1093059 instead of '-ffixed-x28' workaround:
  * mozilla-bmo1375074.patch

OBS-URL: https://build.opensuse.org/request/show/614877
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=670
2018-06-07 11:56:20 +00:00
Wolfgang Rosenauer
6b78971621 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=668 2018-05-26 21:36:30 +00:00
Wolfgang Rosenauer
5210fcee40 Accepting request 612415 from home:Guillaume_G:branches:mozilla:Factory
- Workaround crash on startup on aarch64, boo#1093059

OBS-URL: https://build.opensuse.org/request/show/612415
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=666
2018-05-26 15:51:56 +00:00
Wolfgang Rosenauer
45b6b99978 Accepting request 608990 from home:Guillaume_G:branches:mozilla:Factory
- Disable webrtc for aarch64 due to bmo#1434589
- Add patch to fix skia build on AArch64:
  * mozilla-fix-skia-aarch64.patch

OBS-URL: https://build.opensuse.org/request/show/608990
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=663
2018-05-23 08:43:47 +00:00
Wolfgang Rosenauer
9915e415f7 - update to Firefox 60.0.1
* Avoid overly long cycle collector pauses with some add-ons installed
    (bmo#1449033)
  * After unckecking the "Sponsored Stories" option, the New Tab page
    now immediately stops displaying "Sponsored content" cards (bmo#1458906)
  * On touchscreen devices, fixed momentum scrolling on non-zoomable pages
    (bmo#1457743)
  * Use the right default background when opening tabs or windows in
    high contrast mode (bmo#1458956)
  * Restored translations of the Preferences panels when using a
    language pack (bmo#1461590)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=661
2018-05-17 14:35:18 +00:00