1
0
Commit Graph

1072 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
9689fbd025 MFSA 2020-36 (bsc#1175686)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=855
2020-08-25 19:21:33 +00:00
Wolfgang Rosenauer
57739184dc - added mozilla-system-nspr.patch (bmo#1661096)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=854
2020-08-25 18:24:16 +00:00
Wolfgang Rosenauer
f9c0480028 - Mozilla Firefox 80.0
MFSA 2020- (bsc#1175686)
  * CVE-2020-15663 (bmo#1643199)
    Downgrade attack on the Mozilla Maintenance Service could
    have resulted in escalation of privilege
  * CVE-2020-15664 (bmo#1658214)
    Attacker-induced prompt for extension installation
  * CVE-2020-12401 (bmo#1631573)
    Timing-attack on ECDSA signature generation
  * CVE-2020-6829 (bmo#1631583)
    P-384 and P-521 vulnerable to an electro-magnetic side
    channel attack on signature generation
  * CVE-2020-12400 (bmo#1623116)
    P-384 and P-521 vulnerable to a side channel attack on
    modular inversion
  * CVE-2020-15665 (bmo#1651636)
    Address bar not reset when choosing to stay on a page after
    the beforeunload dialog is shown
  * CVE-2020-15666 (bmo#1450853)
    MediaError message property leaks cross-origin response
    status
  * CVE-2020-15667 (bmo#1653371)
    Heap overflow when processing an update file
  * CVE-2020-15668 (bmo#1651520)
    Data Race when reading certificate information
  * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
    bmo#1656957)
    Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
- requires
  * NSPR 4.27

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=853
2020-08-25 18:18:25 +00:00
Wolfgang Rosenauer
9f9bb3e928 Accepting request 828191 from home:marxin:branches:mozilla:Factory
- Use new memoryperjob _constraints instead of %limit_build macro.

OBS-URL: https://build.opensuse.org/request/show/828191
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=852
2020-08-20 13:10:52 +00:00
Wolfgang Rosenauer
185b328f4f - use ccache for build
- replace versioned RPM deps with requires_ge
- parallelize locale build

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=851
2020-08-13 22:06:03 +00:00
Wolfgang Rosenauer
50acacf655 Accepting request 824701 from home:guoyunhe:branches:mozilla:Factory2
- Change *.appdata.xml location to latest AppStream standard

OBS-URL: https://build.opensuse.org/request/show/824701
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=850
2020-08-10 09:14:34 +00:00
Dominique Leuenberger
6e9ebf409b Accepting request 823315 from mozilla:Factory
- Mozilla Firefox 79.0
  MFSA 2020-30 (bsc#1174538)
  * CVE-2020-15652 (bmo#1634872)
    Potential leak of redirect targets when loading scripts in a worker
  * CVE-2020-6514 (bmo#1642792)
    WebRTC data channel leaks internal address to peer
  * CVE-2020-15655 (bmo#1645204)
    Extension APIs could be used to bypass Same-Origin Policy
  * CVE-2020-15653 (bmo#1521542)
    Bypassing iframe sandbox when allowing popups
  * CVE-2020-6463 (bmo#1635293)
    Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
  * CVE-2020-15656 (bmo#1647293)
    Type confusion for special arguments in IonMonkey
  * CVE-2020-15658 (bmo#1637745)
    Overriding file type when saving to disk
  * CVE-2020-15657 (bmo#1644954)
    DLL hijacking due to incorrect loading path
  * CVE-2020-15654 (bmo#1648333)
    Custom cursor can overlay user interface
  * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
    bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
    bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
    Memory safety bugs fixed in Firefox 79
- updated dependency requirements:
  * mozilla-nspr >= 4.26
  * mozilla-nss >= 3.54
  * rust >= 1.43
  * rust-cbindgen >= 0.14.3
- removed obsolete patch

OBS-URL: https://build.opensuse.org/request/show/823315
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=317
2020-07-30 07:56:32 +00:00
Wolfgang Rosenauer
4c40c2f675 Accepting request 823278 from home:casiosmu:branches:openSUSE:Factory
typo in manpage: option is --safe-mode , not --save-mode

OBS-URL: https://build.opensuse.org/request/show/823278
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=848
2020-07-29 07:10:18 +00:00
Wolfgang Rosenauer
8addddfe67 - Mozilla Firefox 79.0
MFSA 2020-30 (bsc#1174538)
  * CVE-2020-15652 (bmo#1634872)
    Potential leak of redirect targets when loading scripts in a worker
  * CVE-2020-6514 (bmo#1642792)
    WebRTC data channel leaks internal address to peer
  * CVE-2020-15655 (bmo#1645204)
    Extension APIs could be used to bypass Same-Origin Policy
  * CVE-2020-15653 (bmo#1521542)
    Bypassing iframe sandbox when allowing popups
  * CVE-2020-6463 (bmo#1635293)
    Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
  * CVE-2020-15656 (bmo#1647293)
    Type confusion for special arguments in IonMonkey
  * CVE-2020-15658 (bmo#1637745)
    Overriding file type when saving to disk
  * CVE-2020-15657 (bmo#1644954)
    DLL hijacking due to incorrect loading path
  * CVE-2020-15654 (bmo#1648333)
    Custom cursor can overlay user interface
  * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
    bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
    bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
    Memory safety bugs fixed in Firefox 79
- updated dependency requirements:
  * mozilla-nspr >= 4.26
  * mozilla-nss >= 3.54
  * rust >= 1.43
  * rust-cbindgen >= 0.14.3
- removed obsolete patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=847
2020-07-29 07:07:58 +00:00
Wolfgang Rosenauer
e70345984a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=846 2020-07-22 09:58:55 +00:00
Wolfgang Rosenauer
0c32c99eba - fixed syntax issue in desktop file (boo#1174360)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=845
2020-07-21 21:32:07 +00:00
Dominique Leuenberger
dd933aa336 Accepting request 821616 from mozilla:Factory
- Add mozilla-libavcodec58_91.patch to link against updated
  soversion of libavcodec (58.91) with ffmpeg >= 4.3.
  (patch provided by Atri Bhattacharya <badshah400@gmail.com>
- enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320)
  (Plasma 5.19.3 is now in TW)

OBS-URL: https://build.opensuse.org/request/show/821616
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=316
2020-07-21 13:45:26 +00:00
Wolfgang Rosenauer
31ba8c3028 (patch provided by Atri Bhattacharya <badshah400@gmail.com>
- enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320)
  (Plasma 5.19.3 is now in TW)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=843
2020-07-17 15:09:12 +00:00
Wolfgang Rosenauer
47a7a10c4f Accepting request 821486 from home:badshah400:branches:mozilla:Factory
- Add mozilla-libavcodec58_91.patch to link against updated
  soversion of libavcodec (58.91) with ffmpeg >= 4.3.

OBS-URL: https://build.opensuse.org/request/show/821486
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=842
2020-07-17 15:04:42 +00:00
Dominique Leuenberger
0ceaa795d6 Accepting request 820688 from mozilla:Factory
- Mozilla Firefox 78.0.2
  * Fixed an accessibility regression in reader mode (bmo#1650922)
  * Made the address bar more resilient to data corruption in the
    user profile (bmo#1649981)
  * Fixed a regression opening certain external applications (bmo#1650162)
  MFSA 2020-28
  * CVE pending (bmo#1644076)
    X-Frame-Options bypass using object or embed tags
- added desktop file actions
- do not use XINPUT2 for the moment until Plasma 5.19.3 has landed
  (boo#1173993)
- rework langpack integration (boo#1173991)
  * ship XPIs instead of directories
  * allow addon sideloading
  * mark signatures for langpacks non-mandatory
  * do not autodisable user profile scopes
- Google API key is not usable for geolocation service
- fix pipewire support for TW (boo#1172903)

OBS-URL: https://build.opensuse.org/request/show/820688
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=315
2020-07-15 09:32:41 +00:00
Wolfgang Rosenauer
63bc80aa5e - Mozilla Firefox 78.0.2
* Fixed an accessibility regression in reader mode (bmo#1650922)
  * Made the address bar more resilient to data corruption in the
    user profile (bmo#1649981)
  * Fixed a regression opening certain external applications (bmo#1650162)
  MFSA 2020-28
  * CVE pending (bmo#1644076)
    X-Frame-Options bypass using object or embed tags
- Google API key is not usable for geolocation service

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=840
2020-07-13 13:15:06 +00:00
Wolfgang Rosenauer
fba870626f - added desktop file actions
- do not use XINPUT2 for the moment until Plasma 5.19.3 has landed
  (boo#1173993)
- rework langpack integration (boo#1173991)
  * ship XPIs instead of directories
  * allow addon sideloading
  * mark signatures for langpacks non-mandatory
  * do not autodisable user profile scopes
* Google API key is not usable for geolocation service

- Mozilla Firefox 78.0.2
  * Fixed an accessibility regression in reader mode (bmo#1650922)
  * Made the address bar more resilient to data corruption in the
    user profile (bmo#1649981)
  * Fixed a regression opening certain external applications (bmo#1650162)
  MFSA 2020-28
  * CVE pending (bmo#1644076)
    X-Frame-Options bypass using object or embed tags

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=839
2020-07-12 17:40:52 +00:00
Wolfgang Rosenauer
b65efa1613 - fix pipewire support for TW (boo#1172903)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=838
2020-07-06 22:08:51 +00:00
Dominique Leuenberger
a558f1ac7e Accepting request 818643 from mozilla:Factory
- Mozilla Firefox 78.0.1
  * Fixed an issue which could cause installed search engines to not
    be visible when upgrading from a previous release.
- enable MOZ_USE_XINPUT2 for TW (boo#1173320)

- Mozilla Firefox 78.0
  * startup notifications now using Gtk instead of libnotify
  * PDF downloads now show an option to open the PDF directly in Firefox
  * Protections Dashboard (about:protections)
  * WebRTC not interrupted by screensaver anymore
  * disabled TLS 1.0 and 1.1 by default
  MFSA 2020-24 (bsc#1173576)
  * CVE-2020-12415 (bmo#1586630)
    AppCache manifest poisoning due to url encoded character processing
  * CVE-2020-12416 (bmo#1639734)
    Use-after-free in WebRTC VideoBroadcaster
  * CVE-2020-12417 (bmo#1640737)
    Memory corruption due to missing sign-extension for ValueTags
    on ARM64
  * CVE-2020-12418 (bmo#1641303)
    Information disclosure due to manipulated URL object
  * CVE-2020-12419 (bmo#1643874)
    Use-after-free in nsGlobalWindowInner
  * CVE-2020-12420 (bmo#1643437)
    Use-After-Free when trying to connect to a STUN server
  * CVE-2020-12402 (bmo#1631597)
    RSA Key Generation vulnerable to side-channel attack
  * CVE-2020-12421 (bmo#1308251)
    Add-On updates did not respect the same certificate trust
    rules as software updates

OBS-URL: https://build.opensuse.org/request/show/818643
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=314
2020-07-06 14:20:26 +00:00
Wolfgang Rosenauer
7efaeba3d2 - removed obsolete patches
* mozilla-bmo1634646.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=836
2020-07-03 20:04:08 +00:00
Wolfgang Rosenauer
13e2ddea0f - Mozilla Firefox 78.0.1
* Fixed an issue which could cause installed search engines to not
    be visible when upgrading from a previous release.
- enable MOZ_USE_XINPUT2 for TW (boo#1173320)
  * Protections Dashboard (about:protections)
  * WebRTC not interrupted by screensaver anymore
  * disabled TLS 1.0 and 1.1 by default
  MFSA 2020-24 (bsc#1173576)
  * CVE-2020-12415 (bmo#1586630)
    AppCache manifest poisoning due to url encoded character processing
  * CVE-2020-12416 (bmo#1639734)
    Use-after-free in WebRTC VideoBroadcaster
  * CVE-2020-12417 (bmo#1640737)
    Memory corruption due to missing sign-extension for ValueTags
    on ARM64
  * CVE-2020-12418 (bmo#1641303)
    Information disclosure due to manipulated URL object
  * CVE-2020-12419 (bmo#1643874)
    Use-after-free in nsGlobalWindowInner
  * CVE-2020-12420 (bmo#1643437)
    Use-After-Free when trying to connect to a STUN server
  * CVE-2020-12402 (bmo#1631597)
    RSA Key Generation vulnerable to side-channel attack
  * CVE-2020-12421 (bmo#1308251)
    Add-On updates did not respect the same certificate trust
    rules as software updates
  * CVE-2020-12422 (bmo#1450353)
    Integer overflow in nsJPEGEncoder::emptyOutputBuffer
  * CVE-2020-12423 (bmo#1642400)
    DLL Hijacking due to searching %PATH% for a library

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=835
2020-07-03 06:52:59 +00:00
Wolfgang Rosenauer
d08406e896 - Mozilla Firefox 78.0
* startup notifications now using Gtk instead of libnotify
  * PDF downloads now show an option to open the PDF directly in Firefox
- requires
  * NSS >= 3.53.1
  * nodejs >= 10.21
  * Gtk+3 >= 3.14
- removed obsolete patch
  * mozilla-s390-bigendian.patch
- Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build
  WebRTC with pipewire support to enable screen sharing under
  Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3)
  appropriately (boo#1172903).
- adding SLE12 compatibility in spec file
- add patches for s390x
  * mozilla-bmo1602730.patch (bmo#1602730)
  * mozilla-bmo1626236.patch (bmo#1626236)
  * mozilla-bmo998749.patch (bmo#998749)
  * mozilla-s390x-skia-gradient.patch
- update create-tar.sh
- Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=834
2020-06-30 11:39:58 +00:00
Wolfgang Rosenauer
3d2e40a031 Accepting request 813117 from home:Guillaume_G:branches:mozilla:Factory
- Exclude armv6, since it is unbuildable since about 3 years

OBS-URL: https://build.opensuse.org/request/show/813117
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=833
2020-06-10 07:35:21 +00:00
Dominique Leuenberger
aa5bebd18f Accepting request 811277 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/811277
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=313
2020-06-05 18:04:07 +00:00
Wolfgang Rosenauer
d5337670c2 Accepting request 811243 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 77.0.1
  * Disable automatic selection of DNS over HTTPS providers during
    a test to enable wider deployment in a more controlled way
    (bmo#1642723)

OBS-URL: https://build.opensuse.org/request/show/811243
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=831
2020-06-04 06:00:26 +00:00
Wolfgang Rosenauer
5c3bb08acd - Mozilla Firefox 77.0
* view and manage web certificates more easily on the new
    about:certificate page
  * improvements in accessibility
  * significant improvements to JavaScript debugging
  MFSA 2020-20 (bsc#1172402)
  * CVE-2020-12399 (bmo#1631576)
    Timing attack on DSA signatures in NSS library
    (fixed with external NSS >= 3.52.1)
  * CVE-2020-12405 (bmo#1631618)
    Use-after-free in SharedWorkerService
  * CVE-2020-12406 (bmo#1639590)
    JavaScript type confusion with NativeTypes
  * CVE-2020-12407 (bmo#1637112)
    WebRender leaking GPU memory when using border-image CSS
    directive
  * CVE-2020-12408 (bmo#1623888)
    URL spoofing when using IP addresses
  * CVE-2020-12409 (bmo#1619305, bmo#1632717)
    Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
  * CVE-2020-12411 (bmo#1620972, bmo#1625333)
    Memory safety bugs fixed in Firefox 77
- requires
  * NSS >= 3.52.1
  * rust-cbindgen >= 1.14.1
  * clang >= 5
- added mozilla-bmo1634646.patch as part of fixing PGO build
  (still not working)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=830
2020-06-02 14:55:49 +00:00
Dominique Leuenberger
cf9f13deb8 Accepting request 805460 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/805460
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=312
2020-05-14 21:23:59 +00:00
Wolfgang Rosenauer
15bd5b7707 Accepting request 805351 from home:michel_mno:branches:mozilla:Factory
- change again _constraints for ppc64le use <physicalmemory>
  and increase limit_build in spec file to reduce max_jobs.

OBS-URL: https://build.opensuse.org/request/show/805351
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=828
2020-05-14 06:50:59 +00:00
Wolfgang Rosenauer
d5f3632780 - Mozilla Firefox 76.0.1
* Fixed a bug causing some add-ons such as Amazon Assistant to see
    multiple onConnect events, impairing functionality (bmo#1635637)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=827
2020-05-12 21:40:30 +00:00
Dominique Leuenberger
41a8e8b765 Accepting request 800451 from mozilla:Factory
- Mozilla Firefox 76.0
  * Lockwise improvements
  * Improvements in Picture-in-Picture feature
  * Support Audio Worklets
  MFSA-2020-16 (bsc#1171186)
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-12388 (bmo#1618911)
    Sandbox escape with improperly guarded Access Tokens
  * CVE-2020-12389 (bmo#1554110)
    Sandbox escape with improperly separated process types
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12390 (bmo#1141959)
    Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
  * CVE-2020-12391 (bmo#1457100)
    Content-Security-Policy bypass using object elements
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2020-12394 (bmo#1628288)
    URL spoofing in location bar when unfocussed
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
    Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
  * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
    bmo#1622291, bmo#1627644)
    Memory safety bugs fixed in Firefox 76

OBS-URL: https://build.opensuse.org/request/show/800451
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=311
2020-05-07 15:51:04 +00:00
Wolfgang Rosenauer
f1f2bf264a - Mozilla Firefox 76.0
* Lockwise improvements
  * Improvements in Picture-in-Picture feature
  * Support Audio Worklets
  MFSA-2020-16 (bsc#1171186)
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-12388 (bmo#1618911)
    Sandbox escape with improperly guarded Access Tokens
  * CVE-2020-12389 (bmo#1554110)
    Sandbox escape with improperly separated process types
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12390 (bmo#1141959)
    Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
  * CVE-2020-12391 (bmo#1457100)
    Content-Security-Policy bypass using object elements
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2020-12394 (bmo#1628288)
    URL spoofing in location bar when unfocussed
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
    Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
  * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
    bmo#1622291, bmo#1627644)
    Memory safety bugs fixed in Firefox 76

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=825
2020-05-05 19:25:39 +00:00
Dominique Leuenberger
2b36566805 Accepting request 792914 from mozilla:Factory
- Mozilla Firefox 75.0
  * https://www.mozilla.org/en-US/firefox/75.0/releasenotes
  MFSA 2020-12 (bsc#1168874)
  * CVE-2020-6821 (bmo#1625404)
    Uninitialized memory could be read when using the WebGL
    copyTexSubImage method
  * CVE-2020-6822 (bmo#1544181)
    Out of bounds write in GMPDecodeData when processing large images
  * CVE-2020-6823 (bmo#1614919)
    Malicious Extension could obtain auth codes from OAuth login flows
  * CVE-2020-6824 (bmo#1621853)
    Generated passwords may be identical on the same site between
    separate private browsing sessions
  * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203)
    Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
  * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488,
    bmo#1619229,bmo#1620719,bmo#1624897)
    Memory safety bugs fixed in Firefox 75
- removed obsolete patch
  mozilla-bmo1609538.patch
- requires
  * rust >= 1.41
  * rust-cbindgen >= 0.13.1
  * mozilla-nss >= 3.51
  * nodejs10 >= 10.19
- fix build issue in libvpx for i586 via mozilla-bmo1622013.patch

- increase _constraints memory for ppc64le

OBS-URL: https://build.opensuse.org/request/show/792914
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=310
2020-04-13 10:49:21 +00:00
Wolfgang Rosenauer
81c21d1d0f - fix build issue in libvpx for i586 via mozilla-bmo1622013.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=823
2020-04-09 17:21:52 +00:00
Wolfgang Rosenauer
65f3f19592 * https://www.mozilla.org/en-US/firefox/75.0/releasenotes
MFSA 2020-12 (bsc#1168874)
  * CVE-2020-6821 (bmo#1625404)
    Uninitialized memory could be read when using the WebGL
    copyTexSubImage method
  * CVE-2020-6822 (bmo#1544181)
    Out of bounds write in GMPDecodeData when processing large images
  * CVE-2020-6823 (bmo#1614919)
    Malicious Extension could obtain auth codes from OAuth login flows
  * CVE-2020-6824 (bmo#1621853)
    Generated passwords may be identical on the same site between
    separate private browsing sessions
  * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203)
    Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
  * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488,
    bmo#1619229,bmo#1620719,bmo#1624897)
    Memory safety bugs fixed in Firefox 75

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=822
2020-04-07 20:38:25 +00:00
Wolfgang Rosenauer
f0a9acb709 - Mozilla Firefox 75.0
- removed obsolete patch
  mozilla-bmo1609538.patch
- requires
  * rust >= 1.41
  * rust-cbindgen >= 0.13.1
  * mozilla-nss >= 3.51
  * nodejs10 >= 10.19

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=821
2020-04-07 12:21:48 +00:00
Wolfgang Rosenauer
2bd754dfc1 Accepting request 791805 from home:michel_mno:branches:mozilla:Factory
- increase _constraints memory for ppc64le

OBS-URL: https://build.opensuse.org/request/show/791805
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=820
2020-04-07 12:16:56 +00:00
Dominique Leuenberger
abcc7addb6 Accepting request 791372 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/791372
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=309
2020-04-05 18:49:59 +00:00
Wolfgang Rosenauer
d0f04f447a Accepting request 791343 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 74.0.1
  MFSA 2020-11 (boo#1168630)
  * CVE-2020-6819 (bmo#1620818)
    Use-after-free while running the nsDocShell destructor
  * CVE-2020-6820 (bmo#1626728)
    Use-after-free when handling a ReadableStream

OBS-URL: https://build.opensuse.org/request/show/791343
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=818
2020-04-04 11:23:11 +00:00
Wolfgang Rosenauer
474c698ebf - Mozilla Firefox 74.0.1
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=817
2020-04-03 15:25:40 +00:00
Dominique Leuenberger
0eadbc0091 Accepting request 788189 from mozilla:Factory
- mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled
  to be read, as openssl 1.1.1 FIPS aborts if it cannot access it
  (bsc#1167132)

OBS-URL: https://build.opensuse.org/request/show/788189
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=308
2020-03-26 22:30:31 +00:00
Wolfgang Rosenauer
945d8129f8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=815 2020-03-25 09:47:01 +00:00
Wolfgang Rosenauer
67fc595cea - mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled
to be read, as openssl 1.1.1 FIPS aborts if it cannot access it
  (bsc#1167132)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=814
2020-03-25 09:43:20 +00:00
Wolfgang Rosenauer
1fdca0de1d Accepting request 788017 from home:msmeissn:branches:mozilla:Factory
- firefox-fips.patch: allow /proc/sys/crypto/fips_enabled to be read, as openssl 1.1.1 
  FIPS aborts if it cannot access it (bsc#1167132)

OBS-URL: https://build.opensuse.org/request/show/788017
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=813
2020-03-25 09:12:06 +00:00
Dominique Leuenberger
3a194d6cf7 Accepting request 784530 from mozilla:Factory
- Mozilla Firefox 74.0
  * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
  MFSA 2020-08 (bsc#1166238)
  * CVE-2020-6805 (bmo#1610880)
    Use-after-free when removing data about origins
  * CVE-2020-6806 (bmo#1612308)
    BodyStream::OnInputStreamReady was missing protections against
    state confusion
  * CVE-2020-6807 (bmo#1614971)
    Use-after-free in cubeb during stream destruction
  * CVE-2020-6808 (bmo#1247968)
    URL Spoofing via javascript: URL
  * CVE-2020-6809 (bmo#1420296)
    Web Extensions with the all-urls permission could access local
    files
  * CVE-2020-6810 (bmo#1432856)
    Focusing a popup while in fullscreen could have obscured the
    fullscreen notification
  * CVE-2020-6811 (bmo#1607742)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2019-20503 (bmo#1613765)
    Out of bounds reads in sctp_load_addresses_from_init
  * CVE-2020-6812 (bmo#1616661)
    The names of AirPods with personally identifiable information
    were exposed to websites with camera or microphone permission
  * CVE-2020-6813 (bmo#1605814)
    @import statements in CSS could bypass the Content Security
    Policy nonce feature
  * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,

OBS-URL: https://build.opensuse.org/request/show/784530
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=307
2020-03-18 11:16:26 +00:00
Wolfgang Rosenauer
cc93ded0eb OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=811 2020-03-12 22:08:39 +00:00
Wolfgang Rosenauer
aafd1faf85 (bmo#1609538, boo#1166471)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=810
2020-03-12 19:15:11 +00:00
Wolfgang Rosenauer
a9628fa6ae - Mozilla Firefox 74.0
* https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
  MFSA 2020-08 (bsc#1166238)
  * CVE-2020-6805 (bmo#1610880)
    Use-after-free when removing data about origins
  * CVE-2020-6806 (bmo#1612308)
    BodyStream::OnInputStreamReady was missing protections against
    state confusion
  * CVE-2020-6807 (bmo#1614971)
    Use-after-free in cubeb during stream destruction
  * CVE-2020-6808 (bmo#1247968)
    URL Spoofing via javascript: URL
  * CVE-2020-6809 (bmo#1420296)
    Web Extensions with the all-urls permission could access local
    files
  * CVE-2020-6810 (bmo#1432856)
    Focusing a popup while in fullscreen could have obscured the
    fullscreen notification
  * CVE-2020-6811 (bmo#1607742)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2019-20503 (bmo#1613765)
    Out of bounds reads in sctp_load_addresses_from_init
  * CVE-2020-6812 (bmo#1616661)
    The names of AirPods with personally identifiable information
    were exposed to websites with camera or microphone permission
  * CVE-2020-6813 (bmo#1605814)
    @import statements in CSS could bypass the Content Security
    Policy nonce feature
  * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=809
2020-03-12 19:14:24 +00:00
Dominique Leuenberger
93a3a001b0 Accepting request 779878 from mozilla:Factory
- big endian fixes
- Fix build on aarch64/armv7 with:
  * mozilla-bmo1610814.patch (boo#1164845, bmo#1610814)

OBS-URL: https://build.opensuse.org/request/show/779878
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=306
2020-02-29 20:20:30 +00:00
Wolfgang Rosenauer
0844347457 - big endian fixes
* mozilla-bmo1610814.patch (boo#1164845, bmo#1610814)
    (bmo#1614535, boo#1164646)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=807
2020-02-26 08:14:44 +00:00
Wolfgang Rosenauer
b72b8e1049 Accepting request 779145 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Fix build on aarch64/armv7 with:
  * mozilla-bmo1610814.patch - boo#1164845

OBS-URL: https://build.opensuse.org/request/show/779145
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=806
2020-02-26 08:05:26 +00:00