1
0
Commit Graph

562 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
1aa3604ee4 Accepting request 955943 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 97.0.1

OBS-URL: https://build.opensuse.org/request/show/955943
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=959
2022-02-18 21:48:06 +00:00
Wolfgang Rosenauer
4e431c39c0 - Mozilla Firefox 97.0
MFSA 2022-04 (bsc#1195682)
  * CVE-2022-22753 (bmo#1732435)
    Privilege Escalation to SYSTEM on Windows via Maintenance Service
  * CVE-2022-22754 (bmo#1750565)
    Extensions could have bypassed permission confirmation during update
  * CVE-2022-22755 (bmo#1309630)
    XSL could have allowed JavaScript execution after a tab was closed
  * CVE-2022-22756 (bmo#1317873)
    Drag and dropping an image could have resulted in the dropped
    object being an executable
  * CVE-2022-22757 (bmo#1720098)
    Remote Agent did not prevent local websites from connecting
  * CVE-2022-22758 (bmo#1728742)
    tel: links could have sent USSD codes to the dialer on
    Firefox for Android
  * CVE-2022-22759 (bmo#1739957)
    Sandboxed iframes could have executed script if the parent
    appended elements
  * CVE-2022-22760 (bmo#1740985, bmo#1748503)
    Cross-Origin responses could be distinguished between script
    and non-script content-types
  * CVE-2022-22761 (bmo#1745566)
    frame-ancestors Content Security Policy directive was not
    enforced for framed extension pages
  * CVE-2022-22762 (bmo#1743931)
    JavaScript Dialogs could have been displayed over other
    domains on Firefox for Android
  * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
    bmo#1748210, bmo#1748279)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=958
2022-02-08 14:33:04 +00:00
Wolfgang Rosenauer
2764c59751 Accepting request 952269 from home:dirkmueller:Factory
- remove memoryperjob and use %limit instead. this allows to
  adapt to more worker types, and lowers the time the package
  is stuck in "scheduling". raising memory above 8 to lower
  risk for LTO jobs to run OOM
- add hack to disable -Wl,--gc-section which avoids a binutils
  segfault on x86
- change mozilla-reduce-rust-debuginfo.patch: use -g1 everywhere

OBS-URL: https://build.opensuse.org/request/show/952269
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=957
2022-02-08 08:38:01 +00:00
Wolfgang Rosenauer
9162c87eb4 Accepting request 951346 from home:dirkmueller:branches:mozilla:Factory
- disable ccache, this adds about 1 minute of build time and 
  over 2 GB of disk space usage without benefit on OBS builds
- build with rust-simd like upstream does
- use -g1 for debuginfo generation as this is what upstream 
  does as well and it saves ~ 2GB of writes
- use %limit on x86_64 to scale down to less capable workers
- disable install stripping so that debuginfo is useful
- use autopatch
- cleanup constraints to specify only jobs, physicalmemory
  and memoryperjob to be more flexible on which host to build
  on

OBS-URL: https://build.opensuse.org/request/show/951346
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=956
2022-02-03 17:24:14 +00:00
Wolfgang Rosenauer
f2fb960d33 - Mozilla Firefox 96.0.3 (bsc#1195230)
* Fixed an issue that allowed unexpected data to be submitted in
    some of our search telemetry (bmo#1752317)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=955
2022-01-28 15:33:21 +00:00
Wolfgang Rosenauer
81795c233e Accepting request 948330 from home:marxin:branches:mozilla:Factory
- Enable -fimplicit-constexpr for GCC 12+.

OBS-URL: https://build.opensuse.org/request/show/948330
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=954
2022-01-24 08:24:06 +00:00
Wolfgang Rosenauer
68541949af Accepting request 947794 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 96.0.2

OBS-URL: https://build.opensuse.org/request/show/947794
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=953
2022-01-21 07:26:07 +00:00
Wolfgang Rosenauer
ab7bde2994 Accepting request 946472 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 96.0.1 boo#1194677

OBS-URL: https://build.opensuse.org/request/show/946472
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=952
2022-01-14 17:14:41 +00:00
Wolfgang Rosenauer
abe4d87b4e - Mozilla Firefox 96.0
* https://www.mozilla.org/en-US/firefox/96.0/releasenotes
  MFSA 2022-01 (bsc#1194547)
  * CVE-2022-22746 (bmo#1735071)
    Calling into reportValidity could have lead to fullscreen
    window spoof
  * CVE-2022-22743 (bmo#1739220)
    Browser window spoof using fullscreen mode
  * CVE-2022-22742 (bmo#1739923)
    Out-of-bounds memory access when inserting text in edit mode
  * CVE-2022-22741 (bmo#1740389)
    Browser window spoof using fullscreen mode
  * CVE-2022-22740 (bmo#1742334)
    Use-after-free of ChannelEventQueue::mOwner
  * CVE-2022-22738 (bmo#1742382)
    Heap-buffer-overflow in blendGaussianBlur
  * CVE-2022-22737 (bmo#1745874)
    Race condition when playing audio files
  * CVE-2021-4140 (bmo#1746720)
    Iframe sandbox bypass with XSLT
  * CVE-2022-22750 (bmo#1566608)
    IPC passing of resource handles could have lead to sandbox
    bypass
  * CVE-2022-22749 (bmo#1705094)
    Lack of URL restrictions when scanning QR codes
  * CVE-2022-22748 (bmo#1705211)
    Spoofed origin on external protocol launch dialog
  * CVE-2022-22745 (bmo#1735856)
    Leaking cross-origin URLs through securitypolicyviolation
    event

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=951
2022-01-11 22:06:33 +00:00
Wolfgang Rosenauer
2942ef5aaf - Mozilla Firefox 95.0.2
* Addresses frequent crashes experienced by users with C/E/Z-Series
    "Bobcat" CPUs running on Windows 7, 8, and 8.1.
- updated constraints for ppc and x86-64

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=950
2021-12-29 10:25:00 +00:00
Wolfgang Rosenauer
b18fda39cd Accepting request 943030 from home:iznogood:branches:mozilla:Factory
- Add upstream patches:
  * mozilla-bmo1745560.patch: Fix build against wayland 1.20.
  * mozilla-bmo1744896.patch: Create WaylandVsyncSource on window
    creation

OBS-URL: https://build.opensuse.org/request/show/943030
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=949
2021-12-29 09:38:41 +00:00
Wolfgang Rosenauer
f6424d435d - Mozilla Firefox 95.0.1 (bsc#1193845)
* Fixed frequent
    MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
    messages when trying to connect to various microsoft.com
    domains (bmo#1745600)
  * Fix for a WebRender crash on some Linux/X11 systems (bmo#1741956)
  * Fix for a frequent Windows shutdown crash (bmo#1738984)
  * Fix websites contrast issues for some Linux users with
    Dark mode set at OS level (bmo#1740518)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=948
2021-12-17 14:07:38 +00:00
Wolfgang Rosenauer
79dbc14d01 - Mozilla Firefox 95.0
* You can now move the Picture-in-Picture toggle button to the
    opposite side of the video. Simply look for the new context menu
    option Move Picture-in-Picture Toggle to Left (Right) Side.
  * To better protect Firefox users against side-channel attacks such
    as Spectre, Site Isolation is now enabled for all Firefox 95 users.
  * https://www.mozilla.org/en-US/firefox/95.0/releasenotes
  MFSA 2021-52 (bsc#1193485)
  * CVE-2021-43536 (bmo#1730120)
    URL leakage when navigating while executing asynchronous
    function
  * CVE-2021-43537 (bmo#1738237)
    Heap buffer overflow when using structured clone
  * CVE-2021-43538 (bmo#1739091)
    Missing fullscreen and pointer lock notification when
    requesting both
  * CVE-2021-43539 (bmo#1739683)
    GC rooting failure when calling wasm instance methods
  * MOZ-2021-0010 (bmo#1735852)
    Use-after-free in fullscreen objects on MacOS
  * CVE-2021-43540 (bmo#1636629)
    WebExtensions could have installed persistent ServiceWorkers
  * CVE-2021-43541 (bmo#1696685)
    External protocol handler parameters were unescaped
  * CVE-2021-43542 (bmo#1723281)
    XMLHttpRequest error codes could have leaked the existence of
    an external protocol handler
  * CVE-2021-43543 (bmo#1738418)
    Bypass of CSP sandbox directive when embedding
  * CVE-2021-43544 (bmo#1739934)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=947
2021-12-07 21:12:25 +00:00
Wolfgang Rosenauer
a4862dbb50 Accepting request 934031 from home:iznogood:branches:mozilla:Factory
- Drop unused libidl-devel BuildRequires.

OBS-URL: https://build.opensuse.org/request/show/934031
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=945
2021-11-30 07:53:04 +00:00
Wolfgang Rosenauer
4e8a9f546c Accepting request 933349 from home:AndreasStieger:branches:mozilla:Factory
94.0.2 boo#1193014

OBS-URL: https://build.opensuse.org/request/show/933349
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=944
2021-11-23 22:50:02 +00:00
Wolfgang Rosenauer
e36ee00a57 Accepting request 929747 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 94.0.1

OBS-URL: https://build.opensuse.org/request/show/929747
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=943
2021-11-06 10:32:26 +00:00
Wolfgang Rosenauer
8739ae12dd - Mozilla Firefox 94.0
* https://www.mozilla.org/en-US/firefox/94.0/releasenotes
  MFSA 2021-48 (bsc#1192250)
  * CVE-2021-38503 (bmo#1729517)
    iframe sandbox rules did not apply to XSLT stylesheets
  * CVE-2021-38504 (bmo#1730156)
    Use-after-free in file picker dialog
  * CVE-2021-38505 (bmo#1730194)
    Windows 10 Cloud Clipboard may have recorded sensitive user data
  * CVE-2021-38506 (bmo#1730750)
    Firefox could be coaxed into going into fullscreen mode
    without notification or warning
  * CVE-2021-38507 (bmo#1730935)
    Opportunistic Encryption in HTTP2 could be used to bypass the
    Same-Origin-Policy on services hosted on other ports
  * MOZ-2021-0003 (bmo#1736886)
    Universal XSS in Firefox for Android via QR Code URLs
  * CVE-2021-38508 (bmo#1366818)
    Permission Prompt could be overlaid, resulting in user
    confusion and potential spoofing
  * MOZ-2021-0004 (bmo#1659155)
    Web Extensions could access pre-redirect URL when their
    context menu was triggered by a user
  * CVE-2021-38509 (bmo#1718571)
    Javascript alert box could have been spoofed onto an
    arbitrary domain
  * CVE-2021-38510 (bmo#1731779)
    Download Protections were bypassed by .inetloc files on Mac OS
  * MOZ-2021-0005 (bmo#1719203)
    'Copy Image Link' context menu action could have been abused

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=942
2021-11-02 13:51:34 +00:00
Wolfgang Rosenauer
ae15405da4 Accepting request 927437 from home:iznogood:branches:mozilla:Factory
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires.

OBS-URL: https://build.opensuse.org/request/show/927437
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=940
2021-10-27 15:31:55 +00:00
Wolfgang Rosenauer
7f5ab49250 Accepting request 927257 from home:marxin:branches:mozilla:Factory
- Enable LTO for openSUSE Tumbleweed.

OBS-URL: https://build.opensuse.org/request/show/927257
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=939
2021-10-27 15:31:17 +00:00
Wolfgang Rosenauer
d9fccc7f41 Accepting request 926012 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Add patch to fix build on aarch64 - bmo#1729124 
  * mozilla-bmo1729124.patch

OBS-URL: https://build.opensuse.org/request/show/926012
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=937
2021-10-18 14:39:26 +00:00
Wolfgang Rosenauer
317e7b9c84 - Mozilla Firefox 93.0
* supports the new AVIF image format
  * PDF viewer now supports filling more forms (XFA-based forms)
  * now blocks downloads that rely on insecure connections,
    protecting against potentially malicious or unsafe downloads
  * Improved web compatibility for privacy protections with SmartBlock 3.0
  * Introducing a new referrer tracking protection in Strict Tracking
    Protection and Private Browsing
  * TLS ciphersuites that use 3DES have been disabled. Such
    ciphersuites can only be enabled when deprecated versions of
    TLS are also enabled
  * The download panel now follows the Firefox visual styles
  MFSA 2021-43 (bsc#1191332)
  * CVE-2021-38496 (bmo#1725335)
    Use-after-free in MessageTask
  * CVE-2021-38497 (bmo#1726621)
    Validation message could have been overlaid on another origin
  * CVE-2021-38498 (bmo#1729642)
    Use-after-free of nsLanguageAtomService object
  * CVE-2021-32810 (bmo#1729813)
    https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
    Data race in crossbeam-deque
  * CVE-2021-38500 (bmo#1725854, bmo#1728321)
    Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
  * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
    Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
  * CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
    Memory safety bugs fixed in Firefox 93
- removed obsolete mozilla-bmo1708709.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=936
2021-10-06 07:02:07 +00:00
Wolfgang Rosenauer
d7bcd62a7b Accepting request 921886 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 92.0.1
  * Fixed: Fixes an issue where audio playback was not working on
    some Linux systems (bmo#1730499)
  * Fixed: Fixes issues with the findbar close button on
    different operating systems (bmo#1728368)

OBS-URL: https://build.opensuse.org/request/show/921886
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=935
2021-09-27 20:21:10 +00:00
Wolfgang Rosenauer
655acc0f45 - Mozilla Firefox 92.0
* More secure connections: Firefox can now automatically upgrade to
    HTTPS using HTTPS RR as Alt-Svc headers
  * Full-range color levels are now supported for video playback on
    many systems
  MFSA 2021-38 (bsc#1190269)
  * CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240,
    bmo#1712242, bmo#1729259)
    Handling custom intents could lead to crashes and UI spoofs
  * CVE-2021-38491 (bmo#1551886)
    Mixed-Content-Blocking was unable to check opaque origins
  * CVE-2021-38492 (bmo#1721107)
    Navigating to `mk:` URL scheme could load Internet Explorer
  * CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107)
    Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and
    Firefox ESR 91.1
  * CVE-2021-38494 (bmo#1723920, bmo#1725638)
    Memory safety bugs fixed in Firefox 92
- updated appdata
- remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
  (does not apply anymore; unclear if obsolete)
- bring back mozilla-silence-no-return-type.patch and
  run post-build-checks everywhere again
- requires NSS 3.69.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=934
2021-09-07 19:29:05 +00:00
Wolfgang Rosenauer
5dfb50213d Accepting request 915209 from home:badshah400:branches:mozilla:Factory
Fixes a nasty bug, introduced in firefox version 91.x, on wayland systems with font-scaling greater than 1 that causes pop-up menus (clicking on bookmark icon in address bar, for example) to incessantly flicker. Patch taken from upstream bug report and rebased to apply cleanly against current version. Tested to work on GNOME on Wayland on TW 20210829.

OBS-URL: https://build.opensuse.org/request/show/915209
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=933
2021-09-02 06:57:55 +00:00
Wolfgang Rosenauer
13628da26b Accepting request 913358 from home:marxin:branches:mozilla:Factory
- Bump using with GCC (tested locally).

OBS-URL: https://build.opensuse.org/request/show/913358
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=931
2021-08-29 14:45:03 +00:00
Wolfgang Rosenauer
b349085c8c Accepting request 914701 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 91.0.2

OBS-URL: https://build.opensuse.org/request/show/914701
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=930
2021-08-28 14:28:05 +00:00
Wolfgang Rosenauer
d4f253eebc - Mozilla Firefox 91.0.1
MFSA 2021-37 (bsc#1189547)
  * CVE-2021-29991 (bmo#1724896)
    Header Splitting possible with HTTP/3 Responses

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=928
2021-08-18 06:41:08 +00:00
Wolfgang Rosenauer
4da575923b - Mozilla Firefox 91.0
MFSA 2021-?? (boo#1188891)
- requires
  * rustc/cargo >= 1.51
  * NSPR >= 4.32
  * NSS >= 3.68
- force-disable webrender on BE platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=926
2021-08-11 20:19:19 +00:00
Wolfgang Rosenauer
788b177a3e Accepting request 908072 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 90.0.2

OBS-URL: https://build.opensuse.org/request/show/908072
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=925
2021-07-24 09:18:43 +00:00
Wolfgang Rosenauer
8b6bd667de Accepting request 907190 from home:AndreasStieger:branches:mozilla:Factory
90.0.1

OBS-URL: https://build.opensuse.org/request/show/907190
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=923
2021-07-19 21:56:47 +00:00
Wolfgang Rosenauer
1ef79265b6 - Mozilla Firefox 90.0
MFSA 2021-28 (bsc#1188275)
  * CVE-2021-29970 (bmo#1709976)
    Use-after-free in accessibility features of a document
  * CVE-2021-29971 (bmo#1713638)
    Granted permissions only compared host; omitting scheme and
    port on Android
  * CVE-2021-30547 (bmo#1715766)
    Out of bounds write in ANGLE
  * CVE-2021-29972 (bmo#1696816)
    Use of out-of-date library included use-after-free
    vulnerability
  * CVE-2021-29973 (bmo#1701932)
    Password autofill on HTTP websites was enabled without user
    interaction on Android
  * CVE-2021-29974 (bmo#1704843)
    HSTS errors could be overridden when network partitioning was
    enabled
  * CVE-2021-29975 (bmo#1713259)
    Text message could be overlaid on top of another website
  * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
    bmo#1711576, bmo#1714391)
    Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
  * CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316,
    bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357,
    bmo#1714066)
    Memory safety bugs fixed in Firefox 90
- requires
  NSPR 4.31
  NSS 3.66

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=922
2021-07-15 21:12:05 +00:00
Wolfgang Rosenauer
ab800db342 Accepting request 901577 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 89.0.1 (boo#1187648):
  * Fixed: Fix occasional hangs with Software WebRender on Linux
    (bmo#1708224)

OBS-URL: https://build.opensuse.org/request/show/901577
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=919
2021-06-23 19:56:32 +00:00
Wolfgang Rosenauer
537d85fe11 Accepting request 900942 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 89.0.1

OBS-URL: https://build.opensuse.org/request/show/900942
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=918
2021-06-19 15:20:27 +00:00
Wolfgang Rosenauer
006265e486 - switched TW/x86_64 to clang as the last platform due to
https://bugs.gentoo.org/792705
- but LTO with clang is broken in TW so disable LTO for it
  https://bugs.llvm.org/show_bug.cgi?id=47872

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=916
2021-06-05 11:13:48 +00:00
Wolfgang Rosenauer
7b9642bf40 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=915 2021-06-05 07:34:47 +00:00
Wolfgang Rosenauer
cc06761f2f OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=914 2021-06-05 07:08:44 +00:00
Wolfgang Rosenauer
f3c1fa05f9 - Mozilla Firefox 89.0
- require
  NSS >= 3.64
  rust-cbindgen >= 0.19.0
- do not rely on nodejs10 packagename anymore

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=912
2021-06-01 13:39:35 +00:00
Wolfgang Rosenauer
39e811e051 Accepting request 890804 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 88.0.1
bsc#1185633
boo#1185658

OBS-URL: https://build.opensuse.org/request/show/890804
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=908
2021-05-05 21:12:50 +00:00
Wolfgang Rosenauer
9b2c9b32ce - Mozilla Firefox 88.0
* New: PDF forms now support JavaScript embedded in PDF files.
    Some PDF forms use JavaScript for validation and other
    interactive features
  * New: Print updates: Margin units are now localized
  * New: Smooth pinch-zooming using a touchpad is now supported
    on Linux
  * New: To protect against cross-site privacy leaks, Firefox now
    isolates window.name data to the website that created it.
    Learn more
  * Changed: Firefox will not prompt for access to your
    microphone or camera if you’ve already granted access to the
    same device on the same site in the same tab within the past
    50 seconds. This new grace period reduces the number of times
    you’re prompted to grant device access
  * Changed: The ‘Take a Screenshot’ feature was removed from the
    Page Actions menu in the url bar. To take a screenshot,
    right-click to open the context menu. You can also add a
    screenshots shortcut directly to your toolbar via the
    Customize menu. Open the Firefox menu and select Customize…
  * Changed: FTP support has been disabled, and its full removal
    is planned for an upcoming release. Addressing this security
    risk reduces the likelihood of an attack while also removing
    support for a non-encrypted protocol
  * Developer: Introduced a new toggle button in the Network
    panel for switching between JSON formatted HTTP response and
    raw data (as received over the wire).
    !enter image description here
  * Enterprise: Various bug fixes and new policies have been
    implemented in the latest version of Firefox. You can see

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=904
2021-04-20 07:57:25 +00:00
Wolfgang Rosenauer
106ed5cb05 - Switch to clang_build globally; just on TW/x86_64 it does not work
due to unreolved externals `__rust_probestack' - disable clang_build
  then.
- useccache: Add conditionals to enable/disable ccache.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=902
2021-03-27 14:02:10 +00:00
Wolfgang Rosenauer
d51fd4059a - Mozilla Firefox 87.0
* requires NSS 3.62
  * removed obsolete BigEndian ICU build workaround
  * rebased patches
  MFSA 2021-10 (bsc#1183942)
  * CVE-2021-23981 (bmo#1692832)
    Texture upload into an unbound backing buffer resulted in an
    out-of-bound read
  * CVE-2021-23982 (bmo#1677046)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2021-23983 (bmo#1692684)
    Transitions for invalid ::marker properties resulted in memory
    corruption
  * CVE-2021-23984 (bmo#1693664)
    Malicious extensions could have spoofed popup information
  * CVE-2021-23985 (bmo#1659129)
    Devtools remote debugging feature could have been enabled
    without indication to the user
  * CVE-2021-23986 (bmo#1692623)
    A malicious extension could have performed credential-less
    same origin policy violations
  * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
    bmo#1690718)
    Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
  * CVE-2021-23988 (bmo#1684994, bmo#1686653)
    Memory safety bugs fixed in Firefox 87

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=901
2021-03-25 21:32:32 +00:00
Wolfgang Rosenauer
598016be52 Accepting request 879494 from home:marxin:branches:mozilla:Factory
- Set memory limits for DWZ to 4x.

OBS-URL: https://build.opensuse.org/request/show/879494
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=900
2021-03-17 08:41:08 +00:00
Wolfgang Rosenauer
c538f7d283 Accepting request 878726 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 86.0.1

OBS-URL: https://build.opensuse.org/request/show/878726
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=898
2021-03-13 09:26:25 +00:00
Wolfgang Rosenauer
e8a1c7a40b - Mozilla Firefox 86.0
* requires NSS >= 3.61
  * requires rust-cbindgen >= 0.16.0
  * Firefox now supports simultaneously watching multiple videos in
    Picture-in-Picture.
  * Total Cookie Protection to Strict Mode
  * https://www.mozilla.org/en-US/firefox/86.0/releasenotes
  MSFA 2021-07 (bsc#1182614)
  * CVE-2021-23969 (bmo#1542194)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23970 (bmo#1681724)
    Multithreaded WASM triggered assertions validating separation
    of script domains
  * CVE-2021-23968 (bmo#1687342)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23974 (bmo#1528997, bmo#1683627)
    noscript elements could have led to an HTML Sanitizer bypass
  * CVE-2021-23971 (bmo#1678545)
    A website's Referrer-Policy could have been be overridden,
    potentially resulting in the full URL being sent as a Referrer
  * CVE-2021-23976 (bmo#1684627)
    Local spoofing of web manifests for arbitrary pages in
    Firefox for Android
  * CVE-2021-23977 (bmo#1684761)
    Malicious application could read sensitive data from Firefox
    for Android's application directories
  * CVE-2021-23972 (bmo#1683536)
    HTTP Auth phishing warning was omitted when a redirect is

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=895
2021-02-24 11:49:39 +00:00
Wolfgang Rosenauer
326240ab1d Accepting request 873214 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 85.0.2

OBS-URL: https://build.opensuse.org/request/show/873214
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=893
2021-02-17 21:15:35 +00:00
Wolfgang Rosenauer
2d0a314ecf Accepting request 873173 from home:michel_mno:branches:mozilla:Factory
- Use %limit_build macros for PowerPC to avoid oom build failure

OBS-URL: https://build.opensuse.org/request/show/873173
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=892
2021-02-17 21:14:36 +00:00
Wolfgang Rosenauer
1744f2efc7 Accepting request 870516 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 85.0.1

OBS-URL: https://build.opensuse.org/request/show/870516
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=890
2021-02-09 12:40:21 +00:00
Wolfgang Rosenauer
ee9c609811 - Mozilla Firefox 85.0
* Adobe Flash is completely history
  * supercookie protection
  * new bookmark handling and features
  MFSA 2021-03 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2021-23955 (bmo#1684837)
    Clickjacking across tabs through misusing requestPointerLock
  * CVE-2021-23956 (bmo#1338637)
    File picker dialog could have been used to disclose a
    complete directory
  * CVE-2021-23957 (bmo#1584582)
    Iframe sandbox could have been bypassed on Android via the
    intent URL scheme
  * CVE-2021-23958 (bmo#1642747)
    Screen sharing permission leaked across tabs
  * CVE-2021-23959 (bmo#1659035)
    Cross-Site Scripting in error pages on Firefox for Android
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23962 (bmo#1677194)
    Use-after-poison in

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=888
2021-01-26 21:38:39 +00:00
Wolfgang Rosenauer
fbf027988a Accepting request 861463 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 84.0.2
  MFSA 2021-01 (bsc#1180623)
  * CVE-2020-16044 (bmo#1683964)
    Use-after-free write when handling a malicious COOKIE-ECHO
    SCTP chunk

OBS-URL: https://build.opensuse.org/request/show/861463
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=884
2021-01-07 20:33:44 +00:00
Wolfgang Rosenauer
17c9d3e87b - Mozilla Firefox 84.0.1
* Fixed problems loading secure websites and crashes for users
    with certain third-party PKCS11 modules and smartcards installed
    (bmo#1682881) (fixed in NSS 3.59.1)
  * Fixed a bug causing some Unity JS games to not load on Apple
    Silicon devices due to improper detection of the OS version
    (bmo#1680516)
- requires NSS 3.59.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=882
2021-01-02 09:24:42 +00:00