1
0
Commit Graph

480 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
19ab3bdb06 MFSA 2018-11 (bsc#1092548)
* CVE-2018-5154 (bmo#1443092)
    Use-after-free with SVG animations and clip paths
  * CVE-2018-5155 (bmo#1448774)
    Use-after-free with SVG animations and text paths
  * CVE-2018-5157 (bmo#1449898)
    Same-origin bypass of PDF Viewer to view protected PDF files
  * CVE-2018-5158 (bmo#1452075)
    Malicious PDF can inject JavaScript into PDF Viewer
  * CVE-2018-5159 (bmo#1441941)
    Integer overflow and out-of-bounds write in Skia
  * CVE-2018-5160 (bmo#1436117)
    Uninitialized memory use by WebRTC encoder
  * CVE-2018-5152 (bmo#1415644, bmo#1427289)
    WebExtensions information leak through webRequest API
  * CVE-2018-5153 (bmo#1436809)
    Out-of-bounds read in mixed content websocket messages
  * CVE-2018-5163 (bmo#1426353)
    Replacing cached data in JavaScript Start-up Bytecode Cache
  * CVE-2018-5164 (bmo#1416045)
    CSP not applied to all multipart content sent with
    multipart/x-mixed-replace
  * CVE-2018-5166 (bmo#1437325)
    WebExtension host permission bypass through filterReponseData
  * CVE-2018-5167 (bmo#1447969)
    Improper linkification of chrome: and javascript: content in
    web console and JavaScript debugger
  * CVE-2018-5168 (bmo#1449548)
    Lightweight themes can be installed without user interaction
  * CVE-2018-5169 (bmo#1319157)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=658
2018-05-09 19:58:20 +00:00
Wolfgang Rosenauer
57e0eca548 - use upstream source archive and detached signature for
source verification

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=657
2018-05-09 09:46:09 +00:00
Wolfgang Rosenauer
5751c8c7f0 mozilla-bmo1005535.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=656
2018-05-08 13:47:17 +00:00
Wolfgang Rosenauer
0344382ac8 - update to Firefox 60.0
* Added a policy engine that allows customized Firefox deployments
    in enterprise environments, using Windows Group Policy or a
    cross-platform JSON file
  * Applied Quantum CSS to render browser UI
  * Added support for Web Authentication, allowing the use of USB
    tokens for authentication to web sites
  * Locale added: Occitan (oc)
- removed obsolete patches
  0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
- requires NSPR 4.19 and NSS 3.36.1
- requires rust 1.24 or higher

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=655
2018-05-08 13:14:23 +00:00
Wolfgang Rosenauer
f9f24f9c98 Accepting request 603791 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Fix armv7 build by:
  * adding RUSTFLAGS="-Cdebuginfo=0"
  * updating _constraints for %arm

OBS-URL: https://build.opensuse.org/request/show/603791
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=654
2018-05-07 08:31:01 +00:00
Wolfgang Rosenauer
ab10e8708d OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=652 2018-05-02 20:48:42 +00:00
Wolfgang Rosenauer
445b42f0ea - do not try CSD on kwin (boo#1091592)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=651
2018-05-02 20:47:59 +00:00
Wolfgang Rosenauer
8f47a5e0ee Accepting request 602850 from home:AndreasStieger:branches:mozilla:Factory
- fix build in openSUSE:Leap:42.3:Update, use gcc7

OBS-URL: https://build.opensuse.org/request/show/602850
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=650
2018-05-02 07:26:13 +00:00
Wolfgang Rosenauer
f1dc5639b2 Accepting request 602833 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 59.0.3

OBS-URL: https://build.opensuse.org/request/show/602833
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=649
2018-05-01 17:13:15 +00:00
Wolfgang Rosenauer
b9c534ef0d Accepting request 599877 from home:marxin:branches:mozilla:Factory
- Add 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
  in order to fix boo#1090362.

OBS-URL: https://build.opensuse.org/request/show/599877
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=647
2018-04-25 20:14:59 +00:00
Wolfgang Rosenauer
5e0222bbda Accepting request 593016 from home:badshah400:branches:mozilla:Factory
- Add back mozilla-enable-csd.patch: New rebased version from Fedora for version 59.0.x.

OBS-URL: https://build.opensuse.org/request/show/593016
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=646
2018-04-03 07:38:15 +00:00
Wolfgang Rosenauer
1595d2c3dc Accepting request 591640 from home:Andreas_Schwab:Factory
- Reduce constraints on aarch64

OBS-URL: https://build.opensuse.org/request/show/591640
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=644
2018-03-27 15:18:52 +00:00
Wolfgang Rosenauer
a07c7d7f17 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=643 2018-03-27 12:14:12 +00:00
Wolfgang Rosenauer
f3956c8162 - update to Firefox 59.0.2
* Invalid page rendering with hardware acceleration enabled (bmo#1435472)
  * Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites
    that use those keys with resistFingerprinting enabled (bmo#1433592)
  * High CPU / memory churn caused by third-party software on some
    computers (bmo#1446280)
  * Users who have configured an "automatic proxy configuration URL"
    and want to reload their proxy settings from the URL will find
    the Reload button disabled in the Connection Settings dialog when
    they select Preferences/Options>Network Proxy>Settings... (bmo#1445991)
  * URL Fragment Identifiers Break Service Worker Responses (bmo#1443850)
  * User's trying to cancel a print around the time it completes will
    continue to get intermittent crashes (bmo#1441598)
  MFSA 2018-10 (bsc#1087059)
  * CVE-2018-5148 (bmo#1440717)
    Use-after-free in compositor
- removed obsolete patch mozilla-bmo1446062.patch
  * mozilla-i586-domPrefs.patch - DOMPrefs.h

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=642
2018-03-27 12:10:14 +00:00
Wolfgang Rosenauer
59451a5643 Accepting request 590743 from home:cgrobertson:branches:mozilla:Factory
- Added patches:
  * mozilla-i586-DecoderDoctorLogger.patch - bmo#1447070
    fixes non-unified build error
  * mozilla-i586-domPrefs.patch - DOMPrefs.h 
    fixes 32bit build error

OBS-URL: https://build.opensuse.org/request/show/590743
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=641
2018-03-26 11:11:30 +00:00
Wolfgang Rosenauer
032c70a665 (mozilla-bmo1446062.patch)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=639
2018-03-17 08:09:22 +00:00
Wolfgang Rosenauer
5257d425d0 - update to Firefox 59.0.1 (bsc#1085671)
MFSA 2018-08
  * CVE-2018-5146 (bmo#1446062)
    Vorbis audio processing out of bounds write
  * CVE-2018-5147 (bmo#1446365)
    Out of bounds memory write in libtremor

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=638
2018-03-16 18:58:54 +00:00
Wolfgang Rosenauer
a51b2db7d0 Accepting request 587943 from home:cgrobertson:branches:mozilla:Factory
- Added patch:
  * mozilla-bmo1005535.patch:
    Enable skia_gpu on big endian platforms.

OBS-URL: https://build.opensuse.org/request/show/587943
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=637
2018-03-16 16:09:39 +00:00
Wolfgang Rosenauer
3f1ee3498d - update to Firefox 59.0
* Performance enhancements
  * Drag-and-drop to rearrange Top Sites on the Firefox Home page
  * added features for Firefox Screenshots
  * Enhanced WebExtensions API
  * Improved RTC capabilities
  MFSA 2018-06 (bsc#1085130)
  * CVE-2018-5127 (bmo#1430557)
    Buffer overflow manipulating SVG animatedPathSegList
  * CVE-2018-5128 (bmo#1431336)
    Use-after-free manipulating editor selection ranges
  * CVE-2018-5129 (bmo#1428947)
    Out-of-bounds write with malformed IPC messages
  * CVE-2018-5130 (bmo#1433005)
    Mismatched RTP payload type can trigger memory corruption
  * CVE-2018-5131 (bmo#1440775)
    Fetch API improperly returns cached copies of no-store/no-cache resources
  * CVE-2018-5132 (bmo#1408194)
    WebExtension Find API can search privileged pages
  * CVE-2018-5133 (bmo#1430511, bmo#1430974)
    Value of the app.support.baseURL preference is not properly sanitized
  * CVE-2018-5134 (bmo#1429379)
    WebExtensions may use view-source: URLs to bypass content restrictions
  * CVE-2018-5135 (bmo#1431371)
    WebExtension browserAction can inject scripts into unintended contexts
  * CVE-2018-5136 (bmo#1419166)
    Same-origin policy violation with data: URL shared workers
  * CVE-2018-5137 (bmo#1432870)
    Script content can access legacy extension non-contentaccessible resources
  * CVE-2018-5138 (bmo#1432624) (Android only)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=636
2018-03-13 19:46:06 +00:00
Wolfgang Rosenauer
3ad3fa88d2 Accepting request 574856 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 58.0.2

OBS-URL: https://build.opensuse.org/request/show/574856
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=634
2018-02-09 22:45:30 +00:00
Wolfgang Rosenauer
0b6de140a7 Accepting request 573267 from home:fstrba:branches:mozilla:Factory
Fix bmo#1430274, ALSA sound not working in Firefox 58 due to sandboxing

OBS-URL: https://build.opensuse.org/request/show/573267
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=632
2018-02-06 11:31:29 +00:00
Wolfgang Rosenauer
18da636317 - use correct language packs
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=631
2018-01-30 07:00:03 +00:00
Wolfgang Rosenauer
dd53ed18ec - update to Firefox 58.0.1
MFSA 2018-05
  *  Arbitrary code execution through unsanitized browser UI (bmo#1432966)
- fixed language packs (boo#1077590)
- readd mozilla-enable-csd.patch as it only lands for FF59 upstream
- allow larger number of nested elements (mozilla-bmo256180.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=630
2018-01-29 22:56:59 +00:00
Wolfgang Rosenauer
6156a55b00 - update to Firefox 58.0 (bsc#1077291)
MFSA 2018-02
  * CVE-2018-5091 (bmo#1423086)
    Use-after-free with DTMF timers
  * CVE-2018-5092 (bmo#1418074)
    Use-after-free in Web Workers
  * CVE-2018-5093 (bmo#1415291)
    Buffer overflow in WebAssembly during Memory/Table resizing
  * CVE-2018-5094 (bmo#1415883)
    Buffer overflow in WebAssembly with garbage collection on
    uninitialized memory
  * CVE-2018-5095 (bmo#1418447)
    Integer overflow in Skia library during edge builder allocation
  * CVE-2018-5097 (bmo#1387427)
    Use-after-free when source document is manipulated during XSLT
  * CVE-2018-5098 (bmo#1399400)
    Use-after-free while manipulating form input elements
  * CVE-2018-5099 (bmo#1416878)
    Use-after-free with widget listener
  * CVE-2018-5100 (bmo#1417405)
    Use-after-free when IsPotentiallyScrollable arguments are freed
    from memory
  * CVE-2018-5101 (bmo#1417661)
    Use-after-free with floating first-letter style elements
  * CVE-2018-5102 (bmo#1419363)
    Use-after-free in HTML media elements
  * CVE-2018-5103 (bmo#1423159)
    Use-after-free during mouse event handling
  * CVE-2018-5104 (bmo#1425000)
    Use-after-free during font face manipulation

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=629
2018-01-23 20:56:02 +00:00
Wolfgang Rosenauer
725614f48e - update to Firefox 58.0
* Added Nepali (ne-NP) locale
  * Added support for form autofill for credit card
  * Optimize page load by caching JavaScript internal representation
- requires NSS 3.34.1
- requires rust 1.21
- removed obsolete patches:
  mozilla-bindgen-systemlibs.patch
  mozilla-bmo1360278.patch
  mozilla-bmo1399611-csd.patch
  mozilla-rust-1.23.patch
- rebased patches
- updated man-page

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=628
2018-01-23 09:55:12 +00:00
Wolfgang Rosenauer
339fcf649a - fixed build with latest rust (mozilla-rust-1.23.patch)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=626
2018-01-09 18:50:27 +00:00
Wolfgang Rosenauer
0cced0c0f9 - update to Firefox 57.0.4:
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=624
2018-01-04 22:21:28 +00:00
Wolfgang Rosenauer
b2bf73f33f - fixed regression introduced Oct 10th which made Firefox crash
when cancelling the KDE file dialog (boo#1069962)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=623
2018-01-03 13:39:46 +00:00
Wolfgang Rosenauer
a958854f92 Accepting request 560783 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 57.0.3 bsc#1074235

OBS-URL: https://build.opensuse.org/request/show/560783
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=622
2017-12-31 08:46:35 +00:00
Wolfgang Rosenauer
ef7f78afd2 Accepting request 555580 from home:AndreasStieger:branches:mozilla:Factory
amend changelog

OBS-URL: https://build.opensuse.org/request/show/555580
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=620
2017-12-11 08:35:28 +00:00
Wolfgang Rosenauer
5ab1f22724 Accepting request 555271 from home:dimstar:Factory
- Explicitly buildrequires python2-xml: The build system relies on
  it. We wrongly relied on other packages pulling it in for us.

- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.

OBS-URL: https://build.opensuse.org/request/show/555271
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=619
2017-12-11 08:32:40 +00:00
Wolfgang Rosenauer
0eb4f70103 - update to Firefox 57.0.1
* Fix a video color distortion issue on YouTube and other video
    sites with some AMD devices (bmo#1417442)
  * Fix an issue with prefs.js when the profile path has non-ascii
    characters (bmo#1420427)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=617
2017-12-03 16:35:26 +00:00
Wolfgang Rosenauer
06e8aeb58c - Add mozilla-bmo1360278.patch
The new config entry is named ui.context_menus.after_mouseup
  (default : false).

- Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled
  widget.allow-client-side-decoration=true
  (mozilla-bmo1399611-csd.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=615
2017-11-24 22:07:36 +00:00
Wolfgang Rosenauer
e0fb118b81 Accepting request 544148 from home:cgiboudeaux:branches:mozilla:Factory
- Add firefox-show-context-menu-on-mouse-release.patch
  This is upstream's version of the previous patch creating a
  preference to restore the Firefox < 57 behaviour.
  The new config entry is named ui.context_menus.after_mouseup
  (default : false). Fixes bmo#1360278.

OBS-URL: https://build.opensuse.org/request/show/544148
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=614
2017-11-24 21:53:29 +00:00
Wolfgang Rosenauer
fe9ab0007d Accepting request 542056 from home:cgiboudeaux:branches:mozilla:Factory
- Add show-context-menu-on-mouse-release.patch.
  Starting with Firefox 57, the context menu appears on key press.
  This patch creates a config entry to restore the
  old behaviour. Without the patch, the mouse gesture extensions
  require 2 clicks to work (bmo#1360278). The config entry is named
  "input.contextMenu.onRelease" (default: false).

OBS-URL: https://build.opensuse.org/request/show/542056
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=613
2017-11-18 08:20:26 +00:00
Wolfgang Rosenauer
1975148d10 fix changelog
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=611
2017-11-15 06:46:35 +00:00
Wolfgang Rosenauer
c3624659ef - update to Firefox 57.0b14
* Firefox Quantum
  * Photon UI
  * Unified address and search bar
  * AMD VP9 hardware video decoder support
  * Added support for Date/Time input
  * stricter security sandbox blocking filesystem reading and
    writing on Linux systems
  * middle mouse paste in the content area no longer navigates to
    URLs by default on Unix systems
  MFSA 2017-24
  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
    Use-after-free of PressShell while restyling layout
  * CVE-2017-7830 (bmo#1408990)
    Cross-origin URL information leak through Resource Timing API
  * CVE-2017-7831 (bmo#1392026)
    Information disclosure of exposed properties on JavaScript proxy
    objects
  * CVE-2017-7832 (bmo#1408782)
    Domain spoofing through use of dotless 'i' character followed
    by accent markers
  * CVE-2017-7833 (bmo#1370497)
    Domain spoofing with Arabic and Indic vowel marker characters
  * CVE-2017-7834 (bmo#1358009)
    data: URLs opened in new tabs bypass CSP protections
  * CVE-2017-7835 (bmo#1402363)
    Mixed content blocking incorrectly applies with redirects
  * CVE-2017-7836 (bmo#1401339)
    Pingsender dynamically loads libcurl on Linux and OS X
  * CVE-2017-7837 (bmo#1325923)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=610
2017-11-14 23:17:59 +00:00
Wolfgang Rosenauer
238d2bd9f9 - update to Firefox 56.0.2
* Disable Form Autofill completely on user request (bmo#1404531)
  * Fix for video-related crashes on Windows 7 (bmo#1409141)
  * Correct detection for 64-bit GSSAPI authentication (bmo#1409275)
  * Fix for shutdown crash (bmo#1404105)

- update to Firefox 56.0.1
  * Block D3D11 when using Intel drivers on Windows 7 systems with
    partial AVX support (bmo#1403353)
  -> just to sync the version number
- enable stylo for TW (requires LLVM >= 3.9)
- queue KDE filepicker requests to avoid non-opening file dialogs
  happening in certain situations (contributed by Ignaz Forster)
- the placeholder dot in KDE file dialog in case of empty filenames
  was removed, apparently not required (anymore)
  (contributed by Ignaz Forster)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=609
2017-10-30 06:56:57 +00:00
Wolfgang Rosenauer
520970847d - Correct plugin directory for aarch64 (boo#1061207). The wrapper
script was not detecting aarch64 as a 64 bit architecture, thus
  used /usr/lib/browser-plugins/.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=607
2017-10-01 21:17:54 +00:00
Wolfgang Rosenauer
9eeb1263a0 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=606 2017-10-01 21:11:38 +00:00
Wolfgang Rosenauer
263c14d0f3 Accepting request 530202 from home:Zaitor:branches:mozilla:Factory
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
  pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
  pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
  pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
  looks for.

OBS-URL: https://build.opensuse.org/request/show/530202
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=605
2017-10-01 21:08:36 +00:00
Wolfgang Rosenauer
1bfb30f717 * Firefox Screenshots
MFSA 2017-21
  * CVE-2017-7793 (bmo#1371889)
    Use-after-free with Fetch API
  * CVE-2017-7817 (bmo#1356596) (Android-only)
    Firefox for Android address bar spoofing through fullscreen mode
  * CVE-2017-7818 (bmo#1363723)
    Use-after-free during ARIA array manipulation
  * CVE-2017-7819 (bmo#1380292)
    Use-after-free while resizing images in design mode
  * CVE-2017-7824 (bmo#1398381)
    Buffer overflow when drawing and validating elements with ANGLE
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
    Use-after-free in TLS 1.2 generating handshake hashes
  * CVE-2017-7812 (bmo#1379842)
    Drag and drop of malicious page content to the tab bar can open locally stored files
  * CVE-2017-7814 (bmo#1376036)
    Blob and data URLs bypass phishing and malware protection warnings
  * CVE-2017-7813 (bmo#1383951)
    Integer truncation in the JavaScript parser
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
  * CVE-2017-7815 (bmo#1368981)
    Spoofing attack with modal dialogs on non-e10s installations
  * CVE-2017-7816 (bmo#1380597)
    WebExtensions can load about: URLs in extension UI
  * CVE-2017-7821 (bmo#1346515)
    WebExtensions can download and open non-executable files without user interaction
  * CVE-2017-7823 (bmo#1396320)
    CSP sandbox directive did not create a unique origin

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=604
2017-09-29 06:26:35 +00:00
Wolfgang Rosenauer
9b2ce29f83 - update to Firefox 56.0 (boo#1060445)
* Find Options/Preferences more quickly with new search function
  * Media is no longer auto-played when opened in a background tab
  * Enable CSS Grid Layout View
- requires NSPR 4.16 and NSS 3.32.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=603
2017-09-28 08:44:46 +00:00
Wolfgang Rosenauer
8462a9b8f6 Accepting request 529098 from home:dimstar:Factory
- Add alsa-devel BuildRequires: we care for ALSA support to be
  built and thus need to ensure we get the dependencies in place.
  In the past, alsa-devel was pulled in by accident: we
  buildrequire libgnome-devel. This required esound-devel and that
  in turn pulled in alsa-devel for us. libgnome is being fixed to
  no longer require esound-devel.

OBS-URL: https://build.opensuse.org/request/show/529098
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=602
2017-09-28 08:27:23 +00:00
Wolfgang Rosenauer
f0b77e0133 - update to Firefox 55.0.3
* Fix an issue with addons when using a path containing non-ascii
    characters (bmo#1389160)
  * Fix file uploads to some websites, including YouTube (bmo#1383518)
- fix Google API key build integration
- add mozilla-ucontext.patch to fix Tumbleweed build
- do not enable XINPUT2 for now (boo#1053959)

- update to Firefox 55.0.1
  * Fix a regression the tab restoration process (bmo#1388160)
  * Fix a problem causing What's new pages not to be displayed (bmo#1386224)
  * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370)
  * Disable the predictor prefetch (bmo#1388160)

- update to Firefox 55.0 (boo#1052829)
  * Browsing sessions with a high number of tabs are now restored
    in an instant
  * Sidebar (bookmarks, history, synced tabs) can now be moved to
    the right edge of the window
  * Fine-tune your browser performance from the Preferences/Options page.
  * Make screenshots of webpages, and save them locally or upload
    them to the cloud. This feature will undergo A/B testing and
    will not be visible for some users.
  * Added Belarusian (be) locale
  * Simplify print jobs from within print preview
  * Use virtual reality devices with the web with the introduction
    of WebVR
  * Search suggestions are now enabled by default for users who
    haven't explicitly opted-out
  * Search with any installed search engine directly from the

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=601
2017-09-05 10:10:37 +00:00
Wolfgang Rosenauer
00cbc455c9 Accepting request 515330 from home:Andreas_Schwab:Factory
- mozilla-ucontext.patch: use ucontext_t instead of struct ucontext

OBS-URL: https://build.opensuse.org/request/show/515330
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=599
2017-08-09 10:10:53 +00:00
Wolfgang Rosenauer
b7e1035064 - update to Firefox 52.3esr (boo#1052829)
MFSA 2017-19
  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
    XUL injection in the style editor in devtools
  * CVE-2017-7800 (bmo#1374047)
    Use-after-free in WebSockets during disconnection
  * CVE-2017-7801 (bmo#1371259)
    Use-after-free with marquee during window resizing
  * CVE-2017-7784 (bmo#1376087)
    Use-after-free with image observers
  * CVE-2017-7802 (bmo#1378147)
    Use-after-free resizing image elements
  * CVE-2017-7785 (bmo#1356985)
    Buffer overflow manipulating ARIA attributes in DOM
  * CVE-2017-7786 (bmo#1365189)
    Buffer overflow while painting non-displayable SVG
  * CVE-2017-7753 (bmo#1353312)
    Out-of-bounds read with cached style data and pseudo-elements#
  * CVE-2017-7787 (bmo#1322896)
    Same-origin policy bypass with iframes through page reloads
  * CVE-2017-7807 (bmo#1376459)
    Domain hijacking through AppCache fallback
  * CVE-2017-7792 (bmo#1368652)
    Buffer overflow viewing certificates with an extremely long OID
  * CVE-2017-7804 (bmo#1372849)
    Memory protection bypass through WindowsDllDetourPatcher
  * CVE-2017-7791 (bmo#1365875)
    Spoofing following page navigation with data: protocol and modal alerts
  * CVE-2017-7782 (bmo#1344034)
    WindowsDllDetourPatcher allocates memory without DEP protections

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=598
2017-08-08 19:59:47 +00:00
Wolfgang Rosenauer
39f69ee80f Accepting request 508300 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 52.2.1esr, with a slightly faster create-tar.sh

OBS-URL: https://build.opensuse.org/request/show/508300
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=596
2017-07-14 07:51:30 +00:00
Wolfgang Rosenauer
09b85d1e80 - update to Firefox 52.2esr (boo#1043960)
MFSA 2017-16
  * CVE-2017-5472 (bmo#1365602)
    Use-after-free using destroyed node when regenerating trees
  * CVE-2017-7749 (bmo#1355039)
    Use-after-free during docshell reloading
  * CVE-2017-7750 (bmo#1356558)
    Use-after-free with track elements
  * CVE-2017-7751 (bmo#1363396)
    Use-after-free with content viewer listeners
  * CVE-2017-7752 (bmo#1359547)
    Use-after-free with IME input
  * CVE-2017-7754 (bmo#1357090)
    Out-of-bounds read in WebGL with ImageInfo object
  * CVE-2017-7755 (bmo#1361326)
    Privilege escalation through Firefox Installer with same
    directory DLL files (Windows only)
  * CVE-2017-7756 (bmo#1366595)
    Use-after-free and use-after-scope logging XHR header errors
  * CVE-2017-7757 (bmo#1356824)
    Use-after-free in IndexedDB
  * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
    CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
    CVE-2017-7777
    Vulnerabilities in the Graphite 2 library
  * CVE-2017-7758 (bmo#1368490)
    Out-of-bounds read in Opus encoder
  * CVE-2017-7760 (bmo#1348645)
    File manipulation and privilege escalation via callback parameter
    in Mozilla Windows Updater and Maintenance Service (Windows only)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=594
2017-06-14 09:43:07 +00:00
Wolfgang Rosenauer
1dc1d33afa - remove -fno-inline-small-functions and explicitely optimize with
-O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=592
2017-05-24 18:34:48 +00:00