1
0
Commit Graph

481 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
f1f2bf264a - Mozilla Firefox 76.0
* Lockwise improvements
  * Improvements in Picture-in-Picture feature
  * Support Audio Worklets
  MFSA-2020-16 (bsc#1171186)
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-12388 (bmo#1618911)
    Sandbox escape with improperly guarded Access Tokens
  * CVE-2020-12389 (bmo#1554110)
    Sandbox escape with improperly separated process types
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12390 (bmo#1141959)
    Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
  * CVE-2020-12391 (bmo#1457100)
    Content-Security-Policy bypass using object elements
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2020-12394 (bmo#1628288)
    URL spoofing in location bar when unfocussed
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
    Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
  * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
    bmo#1622291, bmo#1627644)
    Memory safety bugs fixed in Firefox 76

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=825
2020-05-05 19:25:39 +00:00
Wolfgang Rosenauer
81c21d1d0f - fix build issue in libvpx for i586 via mozilla-bmo1622013.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=823
2020-04-09 17:21:52 +00:00
Wolfgang Rosenauer
f0a9acb709 - Mozilla Firefox 75.0
- removed obsolete patch
  mozilla-bmo1609538.patch
- requires
  * rust >= 1.41
  * rust-cbindgen >= 0.13.1
  * mozilla-nss >= 3.51
  * nodejs10 >= 10.19

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=821
2020-04-07 12:21:48 +00:00
Wolfgang Rosenauer
474c698ebf - Mozilla Firefox 74.0.1
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=817
2020-04-03 15:25:40 +00:00
Wolfgang Rosenauer
945d8129f8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=815 2020-03-25 09:47:01 +00:00
Wolfgang Rosenauer
67fc595cea - mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled
to be read, as openssl 1.1.1 FIPS aborts if it cannot access it
  (bsc#1167132)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=814
2020-03-25 09:43:20 +00:00
Wolfgang Rosenauer
1fdca0de1d Accepting request 788017 from home:msmeissn:branches:mozilla:Factory
- firefox-fips.patch: allow /proc/sys/crypto/fips_enabled to be read, as openssl 1.1.1 
  FIPS aborts if it cannot access it (bsc#1167132)

OBS-URL: https://build.opensuse.org/request/show/788017
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=813
2020-03-25 09:12:06 +00:00
Wolfgang Rosenauer
a9628fa6ae - Mozilla Firefox 74.0
* https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
  MFSA 2020-08 (bsc#1166238)
  * CVE-2020-6805 (bmo#1610880)
    Use-after-free when removing data about origins
  * CVE-2020-6806 (bmo#1612308)
    BodyStream::OnInputStreamReady was missing protections against
    state confusion
  * CVE-2020-6807 (bmo#1614971)
    Use-after-free in cubeb during stream destruction
  * CVE-2020-6808 (bmo#1247968)
    URL Spoofing via javascript: URL
  * CVE-2020-6809 (bmo#1420296)
    Web Extensions with the all-urls permission could access local
    files
  * CVE-2020-6810 (bmo#1432856)
    Focusing a popup while in fullscreen could have obscured the
    fullscreen notification
  * CVE-2020-6811 (bmo#1607742)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2019-20503 (bmo#1613765)
    Out of bounds reads in sctp_load_addresses_from_init
  * CVE-2020-6812 (bmo#1616661)
    The names of AirPods with personally identifiable information
    were exposed to websites with camera or microphone permission
  * CVE-2020-6813 (bmo#1605814)
    @import statements in CSS could bypass the Content Security
    Policy nonce feature
  * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=809
2020-03-12 19:14:24 +00:00
Wolfgang Rosenauer
b72b8e1049 Accepting request 779145 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Fix build on aarch64/armv7 with:
  * mozilla-bmo1610814.patch - boo#1164845

OBS-URL: https://build.opensuse.org/request/show/779145
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=806
2020-02-26 08:05:26 +00:00
Wolfgang Rosenauer
32b74d8c4c - Mozilla Firefox 73.0.1
* Resolved problems connecting to the RBC Royal Bank website
    (bmo#1613943)
  * Fixed Firefox unexpectedly exiting when leaving Print Preview mode
    (bmo#1611133)
  * Fixed crashes when playing encrypted content on some Linux systems
    (bmo#1614535)
- start in wayland mode when running under wayland session

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=804
2020-02-20 13:56:27 +00:00
Wolfgang Rosenauer
82f4bf17d0 - Mozilla Firefox 73.0
* Added support for setting a default zoom level applicable for all
    web content
  * High-contrast mode has been updated to allow background images
  * Improved audio quality when playing back audio at a faster or
    slower speed
  * Added NextDNS as alternative option for DNS over HTTPS
  MFSA 2020-05 (bsc#1163368)
  * CVE-2020-6796 (bmo#1610426)
    Missing bounds check on shared memory read in the parent process
  * CVE-2020-6797 (bmo#1596668) (MacOS X only)
    Extensions granted downloads.open permission could open arbitrary
    applications on Mac OSX
  * CVE-2020-6798 (bmo#1602944)
    Incorrect parsing of template tag could result in JavaScript injection
  * CVE-2020-6799 (bmo#1606596) (Windows only)
    Arbitrary code execution when opening pdf links from other
    applications, when Firefox is configured as default pdf reader
  * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
    bmo#1608580,bmo#1608785,bmo#1605777)
    Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
  * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492)
    Memory safety bugs fixed in Firefox 73
- updated requirements
  * rust >= 1.39
  * NSS >= 3.49.2
  * rust-cbindgen >= 0.12.0
- rebased patches
- removed obsolete patch
  * mozilla-bmo1601707.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=802
2020-02-12 14:14:39 +00:00
Wolfgang Rosenauer
0ed6fb0b03 Accepting request 767929 from home:hellcp:branches:mozilla:Factory
- Use a symbolic icon from branding internals
- Pixmaps no longer required for the desktops

OBS-URL: https://build.opensuse.org/request/show/767929
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=800
2020-02-02 19:26:07 +00:00
Wolfgang Rosenauer
f7f1c3fabe - Mozilla Firefox 72.0.2
* Various stability fixes
  * Fixed issues opening files with spaces in their path (bmo#1601905)
  * Fixed a hang opening about:logins when a master password is set
    (bmo#1606992)
  * Fixed a web compatibility issue with CSS Shadow Parts which
    shipped in Firefox 72 (bmo#1604989)
  * Fixed inconsistent playback performance for fullscreen 1080p
    videos on some systems (bmo#1608485)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=798
2020-01-22 10:33:47 +00:00
Wolfgang Rosenauer
abdc4f99a4 Accepting request 766087 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Fix build for aarch64/ppc64le (do not update config.sub file
  for libbacktrace)

OBS-URL: https://build.opensuse.org/request/show/766087
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=797
2020-01-22 10:26:26 +00:00
Wolfgang Rosenauer
31f1b363df - Mozilla Firefox 72.0.1
- Mozilla Firefox 72.0
  * block fingerprinting scripts by default
  * new notification pop-ups
  * Picture-in-picture video
  MFSA 2020-01
  * CVE-2019-17016 (bmo#1599181)
    Bypass of @namespace CSS sanitization during pasting
  * CVE-2019-17017 (bmo#1603055)
    Type Confusion in XPCVariant.cpp
  * CVE-2019-17020 (bmo#1597645)
    Content Security Policy not applied to XSL stylesheets applied
    to XML documents
  * CVE-2019-17022 (bmo#1602843)
    CSS sanitization does not escape HTML tags
  * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME)
    NSS may negotiate TLS 1.2 or below after a TLS 1.3
    HelloRetryRequest had been sent
  * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826)
    Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
  * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965
    bmo#1595692,bmo#1597321,bmo#1597481)
    Memory safety bugs fixed in Firefox 72
- update create-tar.sh to skip compare-locales
- requires NSPR 4.24 and NSS 3.48
- removed usage of browser-plugins convention for NPAPI plugins
  from start wrapper and changed the RPM macro to the
  /usr/$LIB/mozilla/plugins location (boo#1160302)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=793
2020-01-08 11:59:18 +00:00
Wolfgang Rosenauer
5863c2f0e9 - added mozilla-bmo1601707.patch to fix gcc/LTO builds
(bmo#1601707, boo#1158466)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=791
2019-12-18 17:50:22 +00:00
Wolfgang Rosenauer
474457216d - Mozilla Firefox 71.0
* Improvements to Lockwise, our integrated password manager
  * More information about Enhanced Tracking Protection in action
  * Native MP3 decoding on Windows, Linux, and macOS
  * Configuration page (about:config) reimplemented in HTML
  * New kiosk mode functionality, which allows maximum screen space
    for customer-facing displays
  MFSA 2019-36
  * CVE-2019-11756 (bmo#1508776)
    Use-after-free of SFTKSession object
  * CVE-2019-17008 (bmo#1546331)
    Use-after-free in worker destruction
  * CVE-2019-13722 (bmo#1580156) (Windows only)
    Stack corruption due to incorrect number of arguments in WebRTC code
  * CVE-2019-17014 (bmo#1322864)
    Dragging and dropping a cross-origin resource, incorrectly loaded
    as an image, could result in information disclosure
  * CVE-2019-17010 (bmo#1581084)
    Use-after-free when performing device orientation checks
  * CVE-2019-17005 (bmo#1584170)
    Buffer overflow in plain text serializer
  * CVE-2019-17011 (bmo#1591334)
    Use-after-free when retrieving a document in antitracking
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209
    bmo#1580288, bmo#1585760, bmo#1592502)
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
  * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937
    bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865
    bmo#1594181)
    Memory safety bugs fixed in Firefox 71

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=789
2019-12-09 07:58:52 +00:00
Wolfgang Rosenauer
c5265ac327 - Mozilla Firefox 70.0.1
* Fix for an issue that caused some websites or page elements using
    dynamic JavaScript to fail to load. (bmo#1592136)
  * Title bar no longer shows in full screen view (bmo#1588747)
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
  big endian platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=787
2019-11-01 14:24:05 +00:00
Wolfgang Rosenauer
9b8d4398e7 - Mozilla Firefox 70.0
* more privacy protections from Enhanced Tracking Protection
  * Firefox Lockwise passwordmanager
  * Improvements to core engine components, for better browsing on more sites
  * Improved privacy and security indicators
  MFSA 2019-34
  * CVE-2018-6156 (bmo#1480088)
    Heap buffer overflow in FEC processing in WebRTC
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11765 (bmo#1562582)
    Incorrect permissions could be granted to a website
  * CVE-2019-17000 (bmo#1441468)
    CSP bypass using object tag with data: URI
  * CVE-2019-17001 (bmo#1587976)
    CSP bypass using object tag when script-src 'none' is specified
  * CVE-2019-17002 (bmo#1561056)
    upgrade-insecure-requests was not being honored for links dragged and dropped

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=786
2019-10-25 09:13:30 +00:00
Wolfgang Rosenauer
3a8861dc21 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=784 2019-10-13 16:17:42 +00:00
Wolfgang Rosenauer
929b941313 - Mozilla Firefox 69.0.3
* Fixed Yahoo mail users being prompted to download files when
    clicking on emails (bmo#1582848)
- devel package build can easily be disabled now

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=783
2019-10-13 16:07:47 +00:00
Wolfgang Rosenauer
13cc39d491 - Mozilla Firefox 69.0.2
- updated supported locale list
- remove obsolete kde.js setting (boo#1151186) and related patch
  firefox-add-kde.js-in-order-to-survive-PGO-build.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=778
2019-10-03 08:42:59 +00:00
Wolfgang Rosenauer
a2d0f13928 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=776 2019-09-25 12:32:43 +00:00
Wolfgang Rosenauer
8de2295280 - add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=775
2019-09-25 12:32:05 +00:00
Wolfgang Rosenauer
0d5b4a33d0 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=774 2019-09-25 12:13:22 +00:00
Wolfgang Rosenauer
84a21a1533 (contributed by Bernhard Wiedemann)
- Make build verbose (contributed by Martin Liška)
- remove obsolete kde.js setting (boo#1151186)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=772
2019-09-25 11:38:27 +00:00
Wolfgang Rosenauer
b4dcd00367 Accepting request 733089 from home:bmwiedemann:branches:mozilla:Factory
Allow to build without profile guided optimizations (boo#1040589)

OBS-URL: https://build.opensuse.org/request/show/733089
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=771
2019-09-25 08:59:57 +00:00
Wolfgang Rosenauer
1ff1de7746 Accepting request 732112 from home:marxin:branches:mozilla:Factory
- Make build verbose.

OBS-URL: https://build.opensuse.org/request/show/732112
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=769
2019-09-20 10:17:52 +00:00
Wolfgang Rosenauer
1f7d350ac4 - Mozilla Firefox 69.0.1
* Fixed external programs launching in the background when clicking
    a link from inside Firefox to launch them (bmo#1570845)
  * Usability improvements to the Add-ons Manager for users with
    screen readers (bmo#1567600)
  * Fixed the Captive Portal notification bar not being dismissable
    in some situations after login is complete (bmo#1578633)
  * Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454)
  * Fixed missing stacks in the Developer Tools Performance section
    (bmo#1578354)
  MFSA 2019-31
  * CVE-2019-11754 (bmo#1580506)
    Pointer Lock is enabled with no user notification
- disable DOH by default

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=768
2019-09-20 07:16:58 +00:00
Wolfgang Rosenauer
c460d1e56f * mozilla-bmo1504834-part1.patch
* mozilla-bmo1504834-part2.patch
  * mozilla-bmo1504834-part3.patch
  * mozilla-bmo1512162.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=766
2019-09-12 21:14:35 +00:00
Wolfgang Rosenauer
0c3a6afdc4 - Mozilla Firefox 69.0
* Enhanced Tracking Protection (ETP) for stronger privacy protections
  * Block Autoplay feature is enhanced to give users the option to block
    any video
  * Users in the US or using the en-US browser, can get a new “New Tab”
    page experience connecting to the best of Pocket's content.
  * Support for the Web Authentication HmacSecret extension via
    Windows Hello introduced.
  * Support for receiving multiple video codecs with this release makes
    it easier for WebRTC conferencing services to mix video from
    different clients.
- requires
  * rust/cargo >= 1.35
  * rust-cbindgen >= 0.9.0
  * mozilla-nss >= 3.45
- rebased patches
  * mozilla-bmo1504834-part1.patch (currently unused as it breaks LE)
  * mozilla-bmo1504834-part2.patch (currently unused as it breaks LE)
  * mozilla-bmo1504834-part3.patch (currently unused as it breaks LE)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=765
2019-09-09 06:28:12 +00:00
Wolfgang Rosenauer
e72a516450 - added a bunch of patches mainly for big endian platforms
* mozilla-bmo1504834-part1.patch
  * mozilla-bmo1504834-part2.patch
  * mozilla-bmo1504834-part3.patch
  * mozilla-bmo1511604.patch
  * mozilla-bmo1554971.patch
  * mozilla-bmo1573381.patch
  * mozilla-nestegg-big-endian.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=763
2019-09-05 12:57:01 +00:00
Wolfgang Rosenauer
99d30a30d4 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=762 2019-09-04 08:53:33 +00:00
Wolfgang Rosenauer
67a884d22d OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=761 2019-09-04 08:45:18 +00:00
Wolfgang Rosenauer
a552e67ce1 - Mozilla Firefox 68.1.0
MFSA 2019-26
  * CVE-2019-11751 (bmo#1572838; Windows only)
    Malicious code execution through command line parameters
  * CVE-2019-11746 (bmo#1564449)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033)
    XSS by breaking out of title and textarea elements using innerHTML
  * CVE-2019-11742 (bmo#1559715)
    Same-origin policy violation with SVG filters and canvas to steal
    cross-origin images
  * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
    File manipulation and privilege escalation in Mozilla Maintenance Service
  * CVE-2019-11753 (bmo#1574980; Windows only)
    Privilege escalation with Mozilla Maintenance Service in custom
    Firefox installation location
  * CVE-2019-11752 (bmo#1501152)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-9812 (bmo#1538008, bmo#1538015)
    Sandbox escape through Firefox Sync
  * CVE-2019-11743 (bmo#1560495)
    Cross-origin access to unload event attributes
  * CVE-2019-11748 (bmo#1564588)
    Persistence of WebRTC permissions in a third party context
  * CVE-2019-11749 (bmo#1565374)
    Camera information available without prompting using getUserMedia
  * CVE-2019-11750 (bmo#1568397)
    Type confusion in Spidermonkey
  * CVE-2019-11738 (bmo#1452037)
    Content security policy bypass through hash-based sources in directives

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=760
2019-09-04 08:35:37 +00:00
Wolfgang Rosenauer
10fec342e6 Accepting request 724187 from home:jbrielmaier:ppc64le
Sadly there is now better solution at the moment. A deeper look from upstream is necessary, it also could be some compiler bug. I'll watch the upstream bug closely.

I verified that the workaround actually fixes the problem on my ppc64le workstation :)

OBS-URL: https://build.opensuse.org/request/show/724187
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=758
2019-08-20 07:58:20 +00:00
Wolfgang Rosenauer
91c849f4d1 Accepting request 724472 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 68.0.2 MFSA 2019-24 (boo#1145665) CVE-2019-11733

OBS-URL: https://build.opensuse.org/request/show/724472
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=757
2019-08-19 06:30:53 +00:00
Wolfgang Rosenauer
1022830b45 Accepting request 720873 from home:Guillaume_G:branches:mozilla:Factory
Update build constraints to fix arm builds

OBS-URL: https://build.opensuse.org/request/show/720873
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=755
2019-08-06 07:53:11 +00:00
Wolfgang Rosenauer
e50c943778 - Mozilla Firefox 68.0.1
* Fixed missing Full Screen button when watching videos in full
    screen mode on HBO GO (bmo#1562837)
  * Fixed a bug causing incorrect messages to appear for some
    locales when sites try to request the use of the Storage
    Access API (bmo#1558503)
  * Users in Russian regions may have their default search engine
    changed (bmo#1565315)
  * Built-in search engines in some locales do not function
    correctly (bmo#1565779)
  * SupportMenu policy doesn't always work (bmo#1553290)
  * Allow the privacy.file_unique_origin pref to be controlled by
    policy (bmo#1563759)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=753
2019-07-19 14:43:08 +00:00
Wolfgang Rosenauer
e62fe7e3d9 Accepting request 714628 from home:jirislaby:branches:mozilla:Factory
- add fix-build-after-y2038-changes-in-glibc.patch

OBS-URL: https://build.opensuse.org/request/show/714628
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=752
2019-07-15 15:15:08 +00:00
Wolfgang Rosenauer
c66dced2e8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=751 2019-07-11 15:10:52 +00:00
Wolfgang Rosenauer
668f506a0c Accepting request 714438 from home:bmwiedemann:branches:mozilla:Factory
Generate langpacks sequentially to avoid file corruption from racy file writes (boo#1137970)

OBS-URL: https://build.opensuse.org/request/show/714438
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=750
2019-07-11 13:04:54 +00:00
Wolfgang Rosenauer
c4b62217a3 - Mozilla Firefox 68.0
* Dark mode in reader view
  * Improved extension security and discovery
  * Cryptomining and fingerprinting protections are added to strict
    content blocking settings in Privacy & Security preferences
  * Camera and microphone access now require an HTTPS connection
  MFSA 2019-21 (bsc#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11714 (bmo#1542593)
    NeckoChild can trigger crash when accessed off of main thread
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11716 (bmo#1552632)
    globalThis not enumerable until accessed
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11718 (bmo#1408349)
    Activity Stream writes unsanitized content to innerHTML
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=748
2019-07-09 21:21:11 +00:00
Wolfgang Rosenauer
2be5772ed8 Accepting request 713071 from home:marxin:branches:mozilla:Factory
- Enable PGO for x86_64.

OBS-URL: https://build.opensuse.org/request/show/713071
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=746
2019-07-02 20:43:20 +00:00
Wolfgang Rosenauer
0ef859ba7d - Mozilla Firefox 67.0.4
MFSA 2019-19 (boo#1138872)
  * CVE-2019-11708 (bmo#1559858)
    sandbox escape using Prompt:Open

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=744
2019-06-20 19:02:43 +00:00
Wolfgang Rosenauer
2a64714492 - Mozilla Firefox 67.0.3
MFSA 2019-18
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=742
2019-06-18 18:51:07 +00:00
Wolfgang Rosenauer
55599abb93 - Mozilla Firefox 67.0.2
* Fixed: Fix JavaScript error ("TypeError: data is null in
    PrivacyFilter.jsm") in console which may significantly degrade
    sessionstore reliability and performance (bmo#1553413)
  * Fixed: Proxy authentication dialog box repeatedly pops up
    asking to authenticate after upgrading to Firefox 67 (bmo#1548804)
  * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's
    implementation (bmo#1551282)
  * Fixed: Starting in safe mode on Linux or macOS causes Firefox
    to think on the subsequent launch that the profile is too
    recent to be used with this version of Firefox (bmo#1556612)
  * Fixed: Linux distribution users can't easily install/use
    additional/different languages using the built-in preferences
    UI (bmo#1554744)
  * Fixed: Developer tools users can't copy the href/src content
    from various HTML tags via the context menu in the Inspector
    markup view (bmo#1552275)
  * Fixed: Custom home page is broken with clearing data on shutdown
    settings applied (bmo#1554167)
  * Fixed: Performance-regression for eclipse RAP based applications
    (bmo#1555962)
  * Fixed: macOS 10.15 crash fix (bmo#1556076)
  * Fixed: Can't start two downloads in parallel via <a download>
    anymore (bmo#1542912)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=741
2019-06-12 21:30:01 +00:00
Wolfgang Rosenauer
fc63e9e0d5 - Mozilla Firefox 67.0.1
* enable enhanced tracking protection by default for new users
  * upgrade of Facebook container to version 2.0
  * new version of Firefox Lockwise (password management)
  * new version of Firefox Monitor
  * Firefox Send improvements

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=740
2019-06-09 08:21:04 +00:00
Wolfgang Rosenauer
3a4466d1cf - Mozilla Firefox 67.0
* Firefox 67 will be able to run different Firefox installs side by side
    https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
  * Tabs can now be pinned from the Page Actions menu in the address bar
  * Users can block known cryptominers and fingerprinters in the
    Custom settings or their Content Blocking preferences
  * The Import Data from Another Browser feature is now also available
    from the File menu
  * Firefox will now protect you against running older versions which
    can lead to data corruption and stability issues
  * Easier access to your list of saved logins from the main menu and
    login autocomplete
  * We’ve added a toolbar menu for your Firefox Account to provide more
    transparency for when you are synced, sharing data across devices
    and with Firefox. Personalize the appearance of the menu with your
    own avatar
  * Enable FIDO U2F API, and permit registrations for Google Accounts
  * Enabled AV1 support on Linux
  MFSA 2019-13
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=736
2019-05-22 20:38:29 +00:00
Wolfgang Rosenauer
c6af23c61b - Mozilla Firefox 66.0.5
* Fixed: Further improvements to re-enable web extensions which
    had been disabled for users with a master password set (bmo#1549249)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=734
2019-05-10 19:46:56 +00:00