1
0
Commit Graph

124 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
206b6f2820 - update to Firefox 61.0
* Performance enhancements
  * Various improvements for dark theme support will provide a more
    consistent experience across the entire Firefox UI
  * OpenSearch plugins offered by web pages can now be added from the
    page action menu for easier installation
  * Improved support for allowing WebExtensions to manage and hide tabs
- requires NSS 3.37.3
- requires python >= 3.5 to build
- removed obsolete patches
  mozilla-i586-DecoderDoctorLogger.patch
  mozilla-i586-domPrefs.patch
  mozilla-fix-skia-aarch64.patch
  mozilla-bmo1375074.patch
  mozilla-enable-csd.patch
- patch for new no-return warnings (mozilla-no-return.patch)
- do not disable system installed locales (mozilla-bmo1464766.patch)

- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
  conditional --disable-gconf to configure: no longer pull in
  obsolete gconf2 for Tumbleweed.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=673
2018-06-25 20:56:47 +00:00
Wolfgang Rosenauer
ea8e2a80bd - update to Firefox 60.0.2
* requires NSS 3.36.4
  MFSA 2018-14 (bsc#1096449)
  * CVE-2018-6126 (bmo#1462682)
    Heap buffer overflow rasterizing paths in SVG with Skia

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=671
2018-06-07 14:08:54 +00:00
Wolfgang Rosenauer
9915e415f7 - update to Firefox 60.0.1
* Avoid overly long cycle collector pauses with some add-ons installed
    (bmo#1449033)
  * After unckecking the "Sponsored Stories" option, the New Tab page
    now immediately stops displaying "Sponsored content" cards (bmo#1458906)
  * On touchscreen devices, fixed momentum scrolling on non-zoomable pages
    (bmo#1457743)
  * Use the right default background when opening tabs or windows in
    high contrast mode (bmo#1458956)
  * Restored translations of the Preferences panels when using a
    language pack (bmo#1461590)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=661
2018-05-17 14:35:18 +00:00
Wolfgang Rosenauer
57e0eca548 - use upstream source archive and detached signature for
source verification

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=657
2018-05-09 09:46:09 +00:00
Wolfgang Rosenauer
0344382ac8 - update to Firefox 60.0
* Added a policy engine that allows customized Firefox deployments
    in enterprise environments, using Windows Group Policy or a
    cross-platform JSON file
  * Applied Quantum CSS to render browser UI
  * Added support for Web Authentication, allowing the use of USB
    tokens for authentication to web sites
  * Locale added: Occitan (oc)
- removed obsolete patches
  0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
- requires NSPR 4.19 and NSS 3.36.1
- requires rust 1.24 or higher

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=655
2018-05-08 13:14:23 +00:00
Wolfgang Rosenauer
f1dc5639b2 Accepting request 602833 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 59.0.3

OBS-URL: https://build.opensuse.org/request/show/602833
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=649
2018-05-01 17:13:15 +00:00
Wolfgang Rosenauer
f3956c8162 - update to Firefox 59.0.2
* Invalid page rendering with hardware acceleration enabled (bmo#1435472)
  * Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites
    that use those keys with resistFingerprinting enabled (bmo#1433592)
  * High CPU / memory churn caused by third-party software on some
    computers (bmo#1446280)
  * Users who have configured an "automatic proxy configuration URL"
    and want to reload their proxy settings from the URL will find
    the Reload button disabled in the Connection Settings dialog when
    they select Preferences/Options>Network Proxy>Settings... (bmo#1445991)
  * URL Fragment Identifiers Break Service Worker Responses (bmo#1443850)
  * User's trying to cancel a print around the time it completes will
    continue to get intermittent crashes (bmo#1441598)
  MFSA 2018-10 (bsc#1087059)
  * CVE-2018-5148 (bmo#1440717)
    Use-after-free in compositor
- removed obsolete patch mozilla-bmo1446062.patch
  * mozilla-i586-domPrefs.patch - DOMPrefs.h

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=642
2018-03-27 12:10:14 +00:00
Wolfgang Rosenauer
5257d425d0 - update to Firefox 59.0.1 (bsc#1085671)
MFSA 2018-08
  * CVE-2018-5146 (bmo#1446062)
    Vorbis audio processing out of bounds write
  * CVE-2018-5147 (bmo#1446365)
    Out of bounds memory write in libtremor

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=638
2018-03-16 18:58:54 +00:00
Wolfgang Rosenauer
3f1ee3498d - update to Firefox 59.0
* Performance enhancements
  * Drag-and-drop to rearrange Top Sites on the Firefox Home page
  * added features for Firefox Screenshots
  * Enhanced WebExtensions API
  * Improved RTC capabilities
  MFSA 2018-06 (bsc#1085130)
  * CVE-2018-5127 (bmo#1430557)
    Buffer overflow manipulating SVG animatedPathSegList
  * CVE-2018-5128 (bmo#1431336)
    Use-after-free manipulating editor selection ranges
  * CVE-2018-5129 (bmo#1428947)
    Out-of-bounds write with malformed IPC messages
  * CVE-2018-5130 (bmo#1433005)
    Mismatched RTP payload type can trigger memory corruption
  * CVE-2018-5131 (bmo#1440775)
    Fetch API improperly returns cached copies of no-store/no-cache resources
  * CVE-2018-5132 (bmo#1408194)
    WebExtension Find API can search privileged pages
  * CVE-2018-5133 (bmo#1430511, bmo#1430974)
    Value of the app.support.baseURL preference is not properly sanitized
  * CVE-2018-5134 (bmo#1429379)
    WebExtensions may use view-source: URLs to bypass content restrictions
  * CVE-2018-5135 (bmo#1431371)
    WebExtension browserAction can inject scripts into unintended contexts
  * CVE-2018-5136 (bmo#1419166)
    Same-origin policy violation with data: URL shared workers
  * CVE-2018-5137 (bmo#1432870)
    Script content can access legacy extension non-contentaccessible resources
  * CVE-2018-5138 (bmo#1432624) (Android only)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=636
2018-03-13 19:46:06 +00:00
Wolfgang Rosenauer
3ad3fa88d2 Accepting request 574856 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 58.0.2

OBS-URL: https://build.opensuse.org/request/show/574856
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=634
2018-02-09 22:45:30 +00:00
Wolfgang Rosenauer
dd53ed18ec - update to Firefox 58.0.1
MFSA 2018-05
  *  Arbitrary code execution through unsanitized browser UI (bmo#1432966)
- fixed language packs (boo#1077590)
- readd mozilla-enable-csd.patch as it only lands for FF59 upstream
- allow larger number of nested elements (mozilla-bmo256180.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=630
2018-01-29 22:56:59 +00:00
Wolfgang Rosenauer
725614f48e - update to Firefox 58.0
* Added Nepali (ne-NP) locale
  * Added support for form autofill for credit card
  * Optimize page load by caching JavaScript internal representation
- requires NSS 3.34.1
- requires rust 1.21
- removed obsolete patches:
  mozilla-bindgen-systemlibs.patch
  mozilla-bmo1360278.patch
  mozilla-bmo1399611-csd.patch
  mozilla-rust-1.23.patch
- rebased patches
- updated man-page

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=628
2018-01-23 09:55:12 +00:00
Wolfgang Rosenauer
0cced0c0f9 - update to Firefox 57.0.4:
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=624
2018-01-04 22:21:28 +00:00
Wolfgang Rosenauer
a958854f92 Accepting request 560783 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 57.0.3 bsc#1074235

OBS-URL: https://build.opensuse.org/request/show/560783
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=622
2017-12-31 08:46:35 +00:00
Wolfgang Rosenauer
0eb4f70103 - update to Firefox 57.0.1
* Fix a video color distortion issue on YouTube and other video
    sites with some AMD devices (bmo#1417442)
  * Fix an issue with prefs.js when the profile path has non-ascii
    characters (bmo#1420427)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=617
2017-12-03 16:35:26 +00:00
Wolfgang Rosenauer
c3624659ef - update to Firefox 57.0b14
* Firefox Quantum
  * Photon UI
  * Unified address and search bar
  * AMD VP9 hardware video decoder support
  * Added support for Date/Time input
  * stricter security sandbox blocking filesystem reading and
    writing on Linux systems
  * middle mouse paste in the content area no longer navigates to
    URLs by default on Unix systems
  MFSA 2017-24
  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
    Use-after-free of PressShell while restyling layout
  * CVE-2017-7830 (bmo#1408990)
    Cross-origin URL information leak through Resource Timing API
  * CVE-2017-7831 (bmo#1392026)
    Information disclosure of exposed properties on JavaScript proxy
    objects
  * CVE-2017-7832 (bmo#1408782)
    Domain spoofing through use of dotless 'i' character followed
    by accent markers
  * CVE-2017-7833 (bmo#1370497)
    Domain spoofing with Arabic and Indic vowel marker characters
  * CVE-2017-7834 (bmo#1358009)
    data: URLs opened in new tabs bypass CSP protections
  * CVE-2017-7835 (bmo#1402363)
    Mixed content blocking incorrectly applies with redirects
  * CVE-2017-7836 (bmo#1401339)
    Pingsender dynamically loads libcurl on Linux and OS X
  * CVE-2017-7837 (bmo#1325923)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=610
2017-11-14 23:17:59 +00:00
Wolfgang Rosenauer
238d2bd9f9 - update to Firefox 56.0.2
* Disable Form Autofill completely on user request (bmo#1404531)
  * Fix for video-related crashes on Windows 7 (bmo#1409141)
  * Correct detection for 64-bit GSSAPI authentication (bmo#1409275)
  * Fix for shutdown crash (bmo#1404105)

- update to Firefox 56.0.1
  * Block D3D11 when using Intel drivers on Windows 7 systems with
    partial AVX support (bmo#1403353)
  -> just to sync the version number
- enable stylo for TW (requires LLVM >= 3.9)
- queue KDE filepicker requests to avoid non-opening file dialogs
  happening in certain situations (contributed by Ignaz Forster)
- the placeholder dot in KDE file dialog in case of empty filenames
  was removed, apparently not required (anymore)
  (contributed by Ignaz Forster)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=609
2017-10-30 06:56:57 +00:00
Wolfgang Rosenauer
9b2ce29f83 - update to Firefox 56.0 (boo#1060445)
* Find Options/Preferences more quickly with new search function
  * Media is no longer auto-played when opened in a background tab
  * Enable CSS Grid Layout View
- requires NSPR 4.16 and NSS 3.32.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=603
2017-09-28 08:44:46 +00:00
Wolfgang Rosenauer
f0b77e0133 - update to Firefox 55.0.3
* Fix an issue with addons when using a path containing non-ascii
    characters (bmo#1389160)
  * Fix file uploads to some websites, including YouTube (bmo#1383518)
- fix Google API key build integration
- add mozilla-ucontext.patch to fix Tumbleweed build
- do not enable XINPUT2 for now (boo#1053959)

- update to Firefox 55.0.1
  * Fix a regression the tab restoration process (bmo#1388160)
  * Fix a problem causing What's new pages not to be displayed (bmo#1386224)
  * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370)
  * Disable the predictor prefetch (bmo#1388160)

- update to Firefox 55.0 (boo#1052829)
  * Browsing sessions with a high number of tabs are now restored
    in an instant
  * Sidebar (bookmarks, history, synced tabs) can now be moved to
    the right edge of the window
  * Fine-tune your browser performance from the Preferences/Options page.
  * Make screenshots of webpages, and save them locally or upload
    them to the cloud. This feature will undergo A/B testing and
    will not be visible for some users.
  * Added Belarusian (be) locale
  * Simplify print jobs from within print preview
  * Use virtual reality devices with the web with the introduction
    of WebVR
  * Search suggestions are now enabled by default for users who
    haven't explicitly opted-out
  * Search with any installed search engine directly from the

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=601
2017-09-05 10:10:37 +00:00
Wolfgang Rosenauer
b7e1035064 - update to Firefox 52.3esr (boo#1052829)
MFSA 2017-19
  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
    XUL injection in the style editor in devtools
  * CVE-2017-7800 (bmo#1374047)
    Use-after-free in WebSockets during disconnection
  * CVE-2017-7801 (bmo#1371259)
    Use-after-free with marquee during window resizing
  * CVE-2017-7784 (bmo#1376087)
    Use-after-free with image observers
  * CVE-2017-7802 (bmo#1378147)
    Use-after-free resizing image elements
  * CVE-2017-7785 (bmo#1356985)
    Buffer overflow manipulating ARIA attributes in DOM
  * CVE-2017-7786 (bmo#1365189)
    Buffer overflow while painting non-displayable SVG
  * CVE-2017-7753 (bmo#1353312)
    Out-of-bounds read with cached style data and pseudo-elements#
  * CVE-2017-7787 (bmo#1322896)
    Same-origin policy bypass with iframes through page reloads
  * CVE-2017-7807 (bmo#1376459)
    Domain hijacking through AppCache fallback
  * CVE-2017-7792 (bmo#1368652)
    Buffer overflow viewing certificates with an extremely long OID
  * CVE-2017-7804 (bmo#1372849)
    Memory protection bypass through WindowsDllDetourPatcher
  * CVE-2017-7791 (bmo#1365875)
    Spoofing following page navigation with data: protocol and modal alerts
  * CVE-2017-7782 (bmo#1344034)
    WindowsDllDetourPatcher allocates memory without DEP protections

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=598
2017-08-08 19:59:47 +00:00
Wolfgang Rosenauer
39f69ee80f Accepting request 508300 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 52.2.1esr, with a slightly faster create-tar.sh

OBS-URL: https://build.opensuse.org/request/show/508300
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=596
2017-07-14 07:51:30 +00:00
Wolfgang Rosenauer
09b85d1e80 - update to Firefox 52.2esr (boo#1043960)
MFSA 2017-16
  * CVE-2017-5472 (bmo#1365602)
    Use-after-free using destroyed node when regenerating trees
  * CVE-2017-7749 (bmo#1355039)
    Use-after-free during docshell reloading
  * CVE-2017-7750 (bmo#1356558)
    Use-after-free with track elements
  * CVE-2017-7751 (bmo#1363396)
    Use-after-free with content viewer listeners
  * CVE-2017-7752 (bmo#1359547)
    Use-after-free with IME input
  * CVE-2017-7754 (bmo#1357090)
    Out-of-bounds read in WebGL with ImageInfo object
  * CVE-2017-7755 (bmo#1361326)
    Privilege escalation through Firefox Installer with same
    directory DLL files (Windows only)
  * CVE-2017-7756 (bmo#1366595)
    Use-after-free and use-after-scope logging XHR header errors
  * CVE-2017-7757 (bmo#1356824)
    Use-after-free in IndexedDB
  * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
    CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
    CVE-2017-7777
    Vulnerabilities in the Graphite 2 library
  * CVE-2017-7758 (bmo#1368490)
    Out-of-bounds read in Opus encoder
  * CVE-2017-7760 (bmo#1348645)
    File manipulation and privilege escalation via callback parameter
    in Mozilla Windows Updater and Maintenance Service (Windows only)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=594
2017-06-14 09:43:07 +00:00
Wolfgang Rosenauer
f3477f70fa - update to Firefox 52.1.1
MFSA 2017-14
  * CVE-2017-5031: Use after free in ANGLE (bmo#1328762)
                   (Windows only, Linux not affected)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=587
2017-05-09 05:56:43 +00:00
Wolfgang Rosenauer
fcfd6f2d1c - update to Firefox 52.1.0esr (boo#1035082)
MFSA 2017-12
  * CVE-2017-5443 (bmo#1342661)
    Out-of-bounds write during BinHex decoding
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
    Firefox ESR 52.1
  * CVE-2017-5464 (bmo#1347075)
    Memory corruption with accessibility and DOM manipulation
  * CVE-2017-5465 (bmo#1347617)
    Out-of-bounds read in ConvolvePixel
  * CVE-2017-5466 (bmo#1353975)
    Origin confusion when reloading isolated data:text/html URL
  * CVE-2017-5467 (bmo#1347262)
    Memory corruption when drawing Skia content
  * CVE-2017-5460 (bmo#1343642)
    Use-after-free in frame selection
  * CVE-2017-5461 (bmo#1344380)
    Out-of-bounds write in Base64 encoding in NSS
  * CVE-2017-5448 (bmo#1346648)
    Out-of-bounds write in ClearKeyDecryptor
  * CVE-2017-5449 (bmo#1340127)
    Crash during bidirectional unicode manipulation with animation
  * CVE-2017-5446 (bmo#1343505)
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
  * CVE-2017-5447 (bmo#1343552)
    Out-of-bounds read during glyph processing
  * CVE-2017-5444 (bmo#1344461)
    Buffer overflow while parsing application/http-index-format content

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=583
2017-04-20 21:02:48 +00:00
Wolfgang Rosenauer
ef1a98917f - update to Firefox 52.0.2
* Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787)
  * Fix loading tab icons on session restore (bmo#1338009)
  * Fix a crash on startup on Linux (bmo#1345413)
  * Fix new installs erroneously not prompting to change the default
    browser setting (bmo#1343938)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=581
2017-04-03 07:23:02 +00:00
Wolfgang Rosenauer
39f56adaf0 - update to Firefox 52.0.1 (boo#1029822)
MFSA 2017-08
  CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=576
2017-03-17 22:39:31 +00:00
Wolfgang Rosenauer
14ce29297b - update to Firefox 52.0
* requires NSS >= 3.28.3
  * Pages containing insecure password fields now display a warning
    directly within username and password fields.
  * Windows 8 touch screen support for multiprocess Firefox
  * Send and open a tab from one device to another with Sync
  * Removed NPAPI support for plugins other than Flash. Silverlight,
    Java, Acrobat and the like are no longer supported.
  * Removed Battery Status API to reduce fingerprinting of users by
    trackers
- removed obsolete patches
  * mozilla-binutils-visibility.patch
  * mozilla-check_return.patch
  * mozilla-disable-skia-be.patch
  * mozilla-skia-overflow.patch
  * mozilla-skia-ppc-endianess.patch
- rebased patches
- enable rust usage for Tumbleweed

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=572
2017-03-07 08:35:10 +00:00
Wolfgang Rosenauer
3ce0e89892 Accepting request 453042 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 51.0.1

OBS-URL: https://build.opensuse.org/request/show/453042
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=570
2017-01-27 21:48:32 +00:00
Wolfgang Rosenauer
0f2d4906dd - update to Firefox 51.0
* requires NSPR >= 4.13.1, NSS >= 3.28.1
  * Added support for FLAC (Free Lossless Audio Codec) playback
  * Added support for WebGL 2
  * Added Georgian (ka) and Kabyle (kab) locales
  * Support saving passwords for forms without 'submit' events
  * Improved video performance for users without GPU acceleration
  * Zoom indicator is shown in the URL bar if the zoom level is not
    at default level
  * View passwords from the prompt before saving them
  * Remove Belarusian (be) locale
  * Use Skia for content rendering (Linux)
  * MFSA 2017-01
    CVE-2017-5375: Excessive JIT code allocation allows bypass of
                   ASLR and DEP (bmo#1325200, boo#1021814)
    CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
    CVE-2017-5377: Memory corruption with transforms to create
                   gradients in Skia (bmo#1306883, boo#1021826)
    CVE-2017-5378: Pointer and frame data leakage of Javascript objects
                   (bmo#1312001, bmo#1330769, boo#1021818)
    CVE-2017-5379: Use-after-free in Web Animations
                   (bmo#1309198,boo#1021827)
    CVE-2017-5380: Potential use-after-free during DOM manipulations
                   (bmo#1322107, boo#1021819)
    CVE-2017-5390: Insecure communication methods in Developer Tools
                   JSON viewer (bmo#1297361, boo#1021820)
    CVE-2017-5389: WebExtensions can install additional add-ons via
                   modified host requests (bmo#1308688, boo#1021828)
    CVE-2017-5396: Use-after-free with Media Decoder
                   (bmo#1329403, boo#1021821)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=567
2017-01-25 10:27:08 +00:00
Wolfgang Rosenauer
0e804587d5 - update to Firefox 50.1.0 (boo#)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=563
2016-12-12 21:26:20 +00:00
Wolfgang Rosenauer
3b8276a497 - update to Firefox 50.0.2
security fixes (in 50.0.1): (boo#1012807)
  * MFSA 2016-91
    CVE-2016-9078: data: URL can inherit wrong origin after an
                   HTTP redirect (bmo#1317641)
  security fixes (in 50.0.2)
  * MFSA 2016-92
    CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=558
2016-12-01 03:05:24 +00:00
Wolfgang Rosenauer
a1ebdac66f - update to Firefox 50.0 (boo#1009026)
* requires NSS 3.26.2
  new features
  * Updates to keyboard shortcuts
    Set a preference to have Ctrl+Tab cycle through tabs in recently
    used order
    View a page in Reader Mode by using Ctrl+Alt+R
  * Added option to Find in page that allows users to limit search to
    whole words only
  * Added download protection for a large number of executable file
    types on Windows, Mac and Linux
  * Fixed rendering of dashed and dotted borders with rounded corners
    (border-radius)
  * Added a built-in Emoji set for operating systems without native
    Emoji fonts (Windows 8.0 and lower and Linux)
  * Blocked versions of libavcodec older than 54.35.1
  * additional locale
  security fixes:
  * MFSA 2016-89
    CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
                   (bmo#1292443)
    CVE-2016-5292: URL parsing causes crash (bmo#1288482)
    CVE-2016-5293: Write to arbitrary file with updater and moz
                   maintenance service using updater.log hardlink
		   (Windows only) (bmo#1246945)
    CVE-2016-5294: Arbitrary target directory for result files of
                   update process (Windows only) (bmo#1246972)
    CVE-2016-5297: Incorrect argument length checking in Javascript
                   (bmo#1303678)
    CVE-2016-9064: Addons update must verify IDs match between

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=555
2016-11-15 18:06:29 +00:00
Wolfgang Rosenauer
6f15368db9 Accepting request 437089 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 49.0.2
  * CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
  * CVE-2016-5288: Web content can read cache entries (bsc#1006476)

OBS-URL: https://build.opensuse.org/request/show/437089
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=553
2016-10-24 11:40:07 +00:00
Wolfgang Rosenauer
9afb5946e2 Accepting request 429896 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 49.0.1

OBS-URL: https://build.opensuse.org/request/show/429896
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=549
2016-09-24 06:25:23 +00:00
Wolfgang Rosenauer
23d3134ccb - update to Firefox 49.0 (boo#999701)
- removed obsolete patches:
  * mozilla-aarch64-48bit-va.patch
  * mozilla-exclude-nametablecpp.patch
  * mozilla-old_configure-bmo1282843.patch
- requires NSS 3.25

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=547
2016-09-20 16:19:47 +00:00
Wolfgang Rosenauer
8f3a8c45f5 Accepting request 423949 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 48.0.2

OBS-URL: https://build.opensuse.org/request/show/423949
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=545
2016-08-31 08:13:42 +00:00
Wolfgang Rosenauer
7c9c7e7cc9 Accepting request 420691 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 48.0.1

OBS-URL: https://build.opensuse.org/request/show/420691
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=543
2016-08-20 21:38:42 +00:00
Wolfgang Rosenauer
cde22f592f OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=535 2016-08-02 22:00:28 +00:00
Wolfgang Rosenauer
3052298781 Accepting request 405481 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 47.0.1

OBS-URL: https://build.opensuse.org/request/show/405481
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=528
2016-06-29 13:54:41 +00:00
Wolfgang Rosenauer
b9792ce771 - update to Firefox 47.0 (boo#983549)
* Enable VP9 video codec for users with fast machines
  * Embedded YouTube videos now play with HTML5 video if Flash is
    not installed
  * View and search open tabs from your smartphone or another
    computer in a sidebar
  * Allow no-cache on back/forward navigations for https resources
  security fixes:
  * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
    (boo#983638)
    (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
     bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
     bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
     bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
     bmo#1269729, bmo#1273202, bmo#1273701)
    Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
  * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
    Buffer overflow parsing HTML5 fragments
  * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
    Use-after-free deleting tables from a contenteditable document
  * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
    Addressbar spoofing though the SELECT element
  * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
    Out-of-bounds write with WebGL shader
  * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
    Partial same-origin-policy through setting location.host
    through data URI
  * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
    Use-after-free when textures are used in WebGL operations
    after recycle pool destruction

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=518
2016-06-08 12:26:29 +00:00
Wolfgang Rosenauer
55af92fdfe - update to Firefox 46.0.1
Fixed:
  * Search plugin issue for various locales
  * Add-on signing certificate expiration
  * Service worker update issue
  * Build issue when jit is disabled
  * Limit Sync registration updates
- removed now obsolete mozilla-jit_branch64.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=510
2016-05-07 19:37:00 +00:00
Wolfgang Rosenauer
97bd16c7cb - update to Firefox 46.0 (boo#977333)
* Improved security of the JavaScript Just In Time (JIT) Compiler
  * WebRTC fixes to improve performance and stability
  * Added support for document.elementsFromPoint
  * Added HKDF support for Web Crypto API
  * requires NSPR 4.12 and NSS 3.22.3
  * added patch to fix unchecked return value
    mozilla-check_return.patch
  * Gtk3 builds not supported at the moment
  security fixes:
  * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807
    Miscellaneous memory safety hazards
  * MFSA 2016-40/CVE-2016-2809 (bmo#1212939)
    Privilege escalation through file deletion by Maintenance Service updater
    (Windows only)
  * MFSA 2016-41/CVE-2016-2810 (bmo#1229681)
    Content provider permission bypass allows malicious application
    to access data (Android only)
  * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 (bmo#1252330, bmo#1261776)
    Use-after-free and buffer overflow in Service Workers
  * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650)
    Disclosure of user actions through JavaScript with motion and
    orientation sensors (only affects mobile variants)
  * MFSA 2016-44/CVE-2016-2814 (bmo#1254721)
    Buffer overflow in libstagefright with CENC offsets
  * MFSA 2016-45/CVE-2016-2816 (bmo#1223743)
    CSP not applied to pages sent with multipart/x-mixed-replace
  * MFSA 2016-46/CVE-2016-2817 (bmo#1227462)
    Elevation of privilege with chrome.tabs.update API in web extensions
  * MFSA 2016-47/CVE-2016-2808 (bmo#1246061)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=500
2016-04-27 07:09:13 +00:00
Wolfgang Rosenauer
bb1a23845f Accepting request 387816 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 45.0.2

OBS-URL: https://build.opensuse.org/request/show/387816
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=495
2016-04-12 16:26:19 +00:00
Wolfgang Rosenauer
f9d87d6387 Accepting request 375147 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 45.0.1

OBS-URL: https://build.opensuse.org/request/show/375147
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=493
2016-03-19 08:13:45 +00:00
Wolfgang Rosenauer
2d4b618151 - update to Firefox 45.0
* requires NSPR 4.12 / NSS 3.21.1
  * Instant browser tab sharing through Hello
  * Synced Tabs button in button bar
  * Tabs synced via Firefox Accounts from other devices are now shown
    in dropdown area of Awesome Bar when searching
  * Introduce a new preference (network.dns.blockDotOnion) to allow
    blocking .onion at the DNS level
  * Tab Groups (Panorama) feature removed

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=490
2016-03-07 16:25:29 +00:00
Wolfgang Rosenauer
3253c98249 - update to Firefox 44.0.2
* MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438)
    Same-origin-policy violation using Service Workers with plugins
  * Fix issue which could lead to the removal of stored passwords
    under certain circumstances (bmo#1242176)
  * Allows spaces in cookie names (bmo#1244505)
  * Disable opus/vorbis audio with H.264 (bmo#1245696)
  * Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
  * Fix a crash in cache networking (bmo#1244076)
  * Fix using WebSockets in service worker controlled pages (bmo#1243942)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=484
2016-02-12 14:47:06 +00:00
Wolfgang Rosenauer
2ea3069057 - update to Firefox 44.0 (boo#963520)
* MFSA 2016-01/CVE-2016-1930/CVE-2016-1931
    Miscellaneous memory safety hazards
  * MFSA 2016-02/CVE-2016-1933 (bmo#1231761)
    Out of Memory crash when parsing GIF format images
  * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
    Buffer overflow in WebGL after out of memory allocation
  * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784)
    Firefox allows for control characters to be set in cookie names
  * MFSA 2016-06/CVE-2016-1937 (bmo#724353)
    Missing delay following user click events in protocol handler dialog
  * MFSA 2016-07/CVE-2016-1938 (bmo#1190248)
    Errors in mp_div and mp_exptmod cryptographic functions in NSS
    (fixed by requiring NSS 3.21)
  * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)
    Addressbar spoofing attacks
  * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
    (bmo#1186621, bmo#1214782, bmo#1232096)
    Unsafe memory manipulation found through code inspection
  * MFSA 2016-11/CVE-2016-1947 (bmo#1237103)
    Application Reputation service disabled in Firefox 43
  * requires NSPR 4.11
  * requires NSS 3.21
- prepare mozilla-kde.patch for Gtk3 builds
- rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=480
2016-01-26 22:39:03 +00:00
Wolfgang Rosenauer
38f5c0b4e7 Accepting request 352991 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 43.0.4

OBS-URL: https://build.opensuse.org/request/show/352991
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=478
2016-01-11 08:19:52 +00:00
Wolfgang Rosenauer
947695d633 - update to Firefox 43.0.3
* requires NSS 3.20.2 to fix
    MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
    MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
    server signature
  * various changes to support Windows update (SHA-1 vs. SHA-2)
  * workaround Youtube user agent detection issue (bmo#1233970)
- fix file download regression for multi user systems
  (bmo#1233434) (mozilla-bmo1233434.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=475
2015-12-26 13:06:31 +00:00
Wolfgang Rosenauer
5fcce29637 - update to Firefox 43.0 (bnc#959277)
* Improved API support for m4v video playback
  * Users can opt-in to receive search suggestions from the Awesome Bar
  * WebRTC streaming on multiple monitors
  * User selectable second block list for Private Browsing's Tracking
    Protection
  security fixes:
  * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
    Miscellaneous memory safety hazards
  * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
    Crash with JavaScript variable assignment with unboxed objects
  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
    Same-origin policy violation using perfomance.getEntries and
    history navigation
  * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
    Firefox allows for control characters to be set in cookies
  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
    Use-after-free in WebRTC when datachannel is used after being
    destroyed
  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
    Integer overflow allocating extremely large textures
  * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
    Cross-origin information leak through web workers error events
  * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
    Hash in data URI is incorrectly parsed
  * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
    DOS due to malformed frames in HTTP/2
  * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
    Linux file chooser crashes on malformed images due to flaws in
    Jasper library

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=473
2015-12-17 00:06:36 +00:00