1
0
Commit Graph

500 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
6156a55b00 - update to Firefox 58.0 (bsc#1077291)
MFSA 2018-02
  * CVE-2018-5091 (bmo#1423086)
    Use-after-free with DTMF timers
  * CVE-2018-5092 (bmo#1418074)
    Use-after-free in Web Workers
  * CVE-2018-5093 (bmo#1415291)
    Buffer overflow in WebAssembly during Memory/Table resizing
  * CVE-2018-5094 (bmo#1415883)
    Buffer overflow in WebAssembly with garbage collection on
    uninitialized memory
  * CVE-2018-5095 (bmo#1418447)
    Integer overflow in Skia library during edge builder allocation
  * CVE-2018-5097 (bmo#1387427)
    Use-after-free when source document is manipulated during XSLT
  * CVE-2018-5098 (bmo#1399400)
    Use-after-free while manipulating form input elements
  * CVE-2018-5099 (bmo#1416878)
    Use-after-free with widget listener
  * CVE-2018-5100 (bmo#1417405)
    Use-after-free when IsPotentiallyScrollable arguments are freed
    from memory
  * CVE-2018-5101 (bmo#1417661)
    Use-after-free with floating first-letter style elements
  * CVE-2018-5102 (bmo#1419363)
    Use-after-free in HTML media elements
  * CVE-2018-5103 (bmo#1423159)
    Use-after-free during mouse event handling
  * CVE-2018-5104 (bmo#1425000)
    Use-after-free during font face manipulation

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=629
2018-01-23 20:56:02 +00:00
Wolfgang Rosenauer
725614f48e - update to Firefox 58.0
* Added Nepali (ne-NP) locale
  * Added support for form autofill for credit card
  * Optimize page load by caching JavaScript internal representation
- requires NSS 3.34.1
- requires rust 1.21
- removed obsolete patches:
  mozilla-bindgen-systemlibs.patch
  mozilla-bmo1360278.patch
  mozilla-bmo1399611-csd.patch
  mozilla-rust-1.23.patch
- rebased patches
- updated man-page

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=628
2018-01-23 09:55:12 +00:00
Wolfgang Rosenauer
339fcf649a - fixed build with latest rust (mozilla-rust-1.23.patch)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=626
2018-01-09 18:50:27 +00:00
Wolfgang Rosenauer
0cced0c0f9 - update to Firefox 57.0.4:
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=624
2018-01-04 22:21:28 +00:00
Wolfgang Rosenauer
b2bf73f33f - fixed regression introduced Oct 10th which made Firefox crash
when cancelling the KDE file dialog (boo#1069962)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=623
2018-01-03 13:39:46 +00:00
Wolfgang Rosenauer
a958854f92 Accepting request 560783 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 57.0.3 bsc#1074235

OBS-URL: https://build.opensuse.org/request/show/560783
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=622
2017-12-31 08:46:35 +00:00
Wolfgang Rosenauer
ef7f78afd2 Accepting request 555580 from home:AndreasStieger:branches:mozilla:Factory
amend changelog

OBS-URL: https://build.opensuse.org/request/show/555580
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=620
2017-12-11 08:35:28 +00:00
Wolfgang Rosenauer
5ab1f22724 Accepting request 555271 from home:dimstar:Factory
- Explicitly buildrequires python2-xml: The build system relies on
  it. We wrongly relied on other packages pulling it in for us.

- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.

OBS-URL: https://build.opensuse.org/request/show/555271
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=619
2017-12-11 08:32:40 +00:00
Wolfgang Rosenauer
0eb4f70103 - update to Firefox 57.0.1
* Fix a video color distortion issue on YouTube and other video
    sites with some AMD devices (bmo#1417442)
  * Fix an issue with prefs.js when the profile path has non-ascii
    characters (bmo#1420427)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=617
2017-12-03 16:35:26 +00:00
Wolfgang Rosenauer
06e8aeb58c - Add mozilla-bmo1360278.patch
The new config entry is named ui.context_menus.after_mouseup
  (default : false).

- Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled
  widget.allow-client-side-decoration=true
  (mozilla-bmo1399611-csd.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=615
2017-11-24 22:07:36 +00:00
Wolfgang Rosenauer
e0fb118b81 Accepting request 544148 from home:cgiboudeaux:branches:mozilla:Factory
- Add firefox-show-context-menu-on-mouse-release.patch
  This is upstream's version of the previous patch creating a
  preference to restore the Firefox < 57 behaviour.
  The new config entry is named ui.context_menus.after_mouseup
  (default : false). Fixes bmo#1360278.

OBS-URL: https://build.opensuse.org/request/show/544148
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=614
2017-11-24 21:53:29 +00:00
Wolfgang Rosenauer
fe9ab0007d Accepting request 542056 from home:cgiboudeaux:branches:mozilla:Factory
- Add show-context-menu-on-mouse-release.patch.
  Starting with Firefox 57, the context menu appears on key press.
  This patch creates a config entry to restore the
  old behaviour. Without the patch, the mouse gesture extensions
  require 2 clicks to work (bmo#1360278). The config entry is named
  "input.contextMenu.onRelease" (default: false).

OBS-URL: https://build.opensuse.org/request/show/542056
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=613
2017-11-18 08:20:26 +00:00
Wolfgang Rosenauer
1975148d10 fix changelog
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=611
2017-11-15 06:46:35 +00:00
Wolfgang Rosenauer
c3624659ef - update to Firefox 57.0b14
* Firefox Quantum
  * Photon UI
  * Unified address and search bar
  * AMD VP9 hardware video decoder support
  * Added support for Date/Time input
  * stricter security sandbox blocking filesystem reading and
    writing on Linux systems
  * middle mouse paste in the content area no longer navigates to
    URLs by default on Unix systems
  MFSA 2017-24
  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
    Use-after-free of PressShell while restyling layout
  * CVE-2017-7830 (bmo#1408990)
    Cross-origin URL information leak through Resource Timing API
  * CVE-2017-7831 (bmo#1392026)
    Information disclosure of exposed properties on JavaScript proxy
    objects
  * CVE-2017-7832 (bmo#1408782)
    Domain spoofing through use of dotless 'i' character followed
    by accent markers
  * CVE-2017-7833 (bmo#1370497)
    Domain spoofing with Arabic and Indic vowel marker characters
  * CVE-2017-7834 (bmo#1358009)
    data: URLs opened in new tabs bypass CSP protections
  * CVE-2017-7835 (bmo#1402363)
    Mixed content blocking incorrectly applies with redirects
  * CVE-2017-7836 (bmo#1401339)
    Pingsender dynamically loads libcurl on Linux and OS X
  * CVE-2017-7837 (bmo#1325923)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=610
2017-11-14 23:17:59 +00:00
Wolfgang Rosenauer
238d2bd9f9 - update to Firefox 56.0.2
* Disable Form Autofill completely on user request (bmo#1404531)
  * Fix for video-related crashes on Windows 7 (bmo#1409141)
  * Correct detection for 64-bit GSSAPI authentication (bmo#1409275)
  * Fix for shutdown crash (bmo#1404105)

- update to Firefox 56.0.1
  * Block D3D11 when using Intel drivers on Windows 7 systems with
    partial AVX support (bmo#1403353)
  -> just to sync the version number
- enable stylo for TW (requires LLVM >= 3.9)
- queue KDE filepicker requests to avoid non-opening file dialogs
  happening in certain situations (contributed by Ignaz Forster)
- the placeholder dot in KDE file dialog in case of empty filenames
  was removed, apparently not required (anymore)
  (contributed by Ignaz Forster)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=609
2017-10-30 06:56:57 +00:00
Wolfgang Rosenauer
520970847d - Correct plugin directory for aarch64 (boo#1061207). The wrapper
script was not detecting aarch64 as a 64 bit architecture, thus
  used /usr/lib/browser-plugins/.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=607
2017-10-01 21:17:54 +00:00
Wolfgang Rosenauer
263c14d0f3 Accepting request 530202 from home:Zaitor:branches:mozilla:Factory
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
  pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
  pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
  pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
  looks for.

OBS-URL: https://build.opensuse.org/request/show/530202
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=605
2017-10-01 21:08:36 +00:00
Wolfgang Rosenauer
1bfb30f717 * Firefox Screenshots
MFSA 2017-21
  * CVE-2017-7793 (bmo#1371889)
    Use-after-free with Fetch API
  * CVE-2017-7817 (bmo#1356596) (Android-only)
    Firefox for Android address bar spoofing through fullscreen mode
  * CVE-2017-7818 (bmo#1363723)
    Use-after-free during ARIA array manipulation
  * CVE-2017-7819 (bmo#1380292)
    Use-after-free while resizing images in design mode
  * CVE-2017-7824 (bmo#1398381)
    Buffer overflow when drawing and validating elements with ANGLE
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
    Use-after-free in TLS 1.2 generating handshake hashes
  * CVE-2017-7812 (bmo#1379842)
    Drag and drop of malicious page content to the tab bar can open locally stored files
  * CVE-2017-7814 (bmo#1376036)
    Blob and data URLs bypass phishing and malware protection warnings
  * CVE-2017-7813 (bmo#1383951)
    Integer truncation in the JavaScript parser
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
  * CVE-2017-7815 (bmo#1368981)
    Spoofing attack with modal dialogs on non-e10s installations
  * CVE-2017-7816 (bmo#1380597)
    WebExtensions can load about: URLs in extension UI
  * CVE-2017-7821 (bmo#1346515)
    WebExtensions can download and open non-executable files without user interaction
  * CVE-2017-7823 (bmo#1396320)
    CSP sandbox directive did not create a unique origin

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=604
2017-09-29 06:26:35 +00:00
Wolfgang Rosenauer
9b2ce29f83 - update to Firefox 56.0 (boo#1060445)
* Find Options/Preferences more quickly with new search function
  * Media is no longer auto-played when opened in a background tab
  * Enable CSS Grid Layout View
- requires NSPR 4.16 and NSS 3.32.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=603
2017-09-28 08:44:46 +00:00
Wolfgang Rosenauer
8462a9b8f6 Accepting request 529098 from home:dimstar:Factory
- Add alsa-devel BuildRequires: we care for ALSA support to be
  built and thus need to ensure we get the dependencies in place.
  In the past, alsa-devel was pulled in by accident: we
  buildrequire libgnome-devel. This required esound-devel and that
  in turn pulled in alsa-devel for us. libgnome is being fixed to
  no longer require esound-devel.

OBS-URL: https://build.opensuse.org/request/show/529098
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=602
2017-09-28 08:27:23 +00:00
Wolfgang Rosenauer
f0b77e0133 - update to Firefox 55.0.3
* Fix an issue with addons when using a path containing non-ascii
    characters (bmo#1389160)
  * Fix file uploads to some websites, including YouTube (bmo#1383518)
- fix Google API key build integration
- add mozilla-ucontext.patch to fix Tumbleweed build
- do not enable XINPUT2 for now (boo#1053959)

- update to Firefox 55.0.1
  * Fix a regression the tab restoration process (bmo#1388160)
  * Fix a problem causing What's new pages not to be displayed (bmo#1386224)
  * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370)
  * Disable the predictor prefetch (bmo#1388160)

- update to Firefox 55.0 (boo#1052829)
  * Browsing sessions with a high number of tabs are now restored
    in an instant
  * Sidebar (bookmarks, history, synced tabs) can now be moved to
    the right edge of the window
  * Fine-tune your browser performance from the Preferences/Options page.
  * Make screenshots of webpages, and save them locally or upload
    them to the cloud. This feature will undergo A/B testing and
    will not be visible for some users.
  * Added Belarusian (be) locale
  * Simplify print jobs from within print preview
  * Use virtual reality devices with the web with the introduction
    of WebVR
  * Search suggestions are now enabled by default for users who
    haven't explicitly opted-out
  * Search with any installed search engine directly from the

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=601
2017-09-05 10:10:37 +00:00
Wolfgang Rosenauer
00cbc455c9 Accepting request 515330 from home:Andreas_Schwab:Factory
- mozilla-ucontext.patch: use ucontext_t instead of struct ucontext

OBS-URL: https://build.opensuse.org/request/show/515330
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=599
2017-08-09 10:10:53 +00:00
Wolfgang Rosenauer
b7e1035064 - update to Firefox 52.3esr (boo#1052829)
MFSA 2017-19
  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
    XUL injection in the style editor in devtools
  * CVE-2017-7800 (bmo#1374047)
    Use-after-free in WebSockets during disconnection
  * CVE-2017-7801 (bmo#1371259)
    Use-after-free with marquee during window resizing
  * CVE-2017-7784 (bmo#1376087)
    Use-after-free with image observers
  * CVE-2017-7802 (bmo#1378147)
    Use-after-free resizing image elements
  * CVE-2017-7785 (bmo#1356985)
    Buffer overflow manipulating ARIA attributes in DOM
  * CVE-2017-7786 (bmo#1365189)
    Buffer overflow while painting non-displayable SVG
  * CVE-2017-7753 (bmo#1353312)
    Out-of-bounds read with cached style data and pseudo-elements#
  * CVE-2017-7787 (bmo#1322896)
    Same-origin policy bypass with iframes through page reloads
  * CVE-2017-7807 (bmo#1376459)
    Domain hijacking through AppCache fallback
  * CVE-2017-7792 (bmo#1368652)
    Buffer overflow viewing certificates with an extremely long OID
  * CVE-2017-7804 (bmo#1372849)
    Memory protection bypass through WindowsDllDetourPatcher
  * CVE-2017-7791 (bmo#1365875)
    Spoofing following page navigation with data: protocol and modal alerts
  * CVE-2017-7782 (bmo#1344034)
    WindowsDllDetourPatcher allocates memory without DEP protections

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=598
2017-08-08 19:59:47 +00:00
Wolfgang Rosenauer
39f69ee80f Accepting request 508300 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 52.2.1esr, with a slightly faster create-tar.sh

OBS-URL: https://build.opensuse.org/request/show/508300
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=596
2017-07-14 07:51:30 +00:00
Wolfgang Rosenauer
09b85d1e80 - update to Firefox 52.2esr (boo#1043960)
MFSA 2017-16
  * CVE-2017-5472 (bmo#1365602)
    Use-after-free using destroyed node when regenerating trees
  * CVE-2017-7749 (bmo#1355039)
    Use-after-free during docshell reloading
  * CVE-2017-7750 (bmo#1356558)
    Use-after-free with track elements
  * CVE-2017-7751 (bmo#1363396)
    Use-after-free with content viewer listeners
  * CVE-2017-7752 (bmo#1359547)
    Use-after-free with IME input
  * CVE-2017-7754 (bmo#1357090)
    Out-of-bounds read in WebGL with ImageInfo object
  * CVE-2017-7755 (bmo#1361326)
    Privilege escalation through Firefox Installer with same
    directory DLL files (Windows only)
  * CVE-2017-7756 (bmo#1366595)
    Use-after-free and use-after-scope logging XHR header errors
  * CVE-2017-7757 (bmo#1356824)
    Use-after-free in IndexedDB
  * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
    CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
    CVE-2017-7777
    Vulnerabilities in the Graphite 2 library
  * CVE-2017-7758 (bmo#1368490)
    Out-of-bounds read in Opus encoder
  * CVE-2017-7760 (bmo#1348645)
    File manipulation and privilege escalation via callback parameter
    in Mozilla Windows Updater and Maintenance Service (Windows only)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=594
2017-06-14 09:43:07 +00:00
Wolfgang Rosenauer
1dc1d33afa - remove -fno-inline-small-functions and explicitely optimize with
-O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=592
2017-05-24 18:34:48 +00:00
Wolfgang Rosenauer
cce32d5c86 - remove -fno-inline-small-functions which breaks with gcc7
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=591
2017-05-24 14:54:04 +00:00
Wolfgang Rosenauer
278dea96e3 - remove -fno-inline-small-functions
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=590
2017-05-23 14:01:40 +00:00
Wolfgang Rosenauer
878eeecd5a - only optimize with -O2 for openSUSE > 13.2/Leap 42 (gcc7)
(boo#1040105)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=589
2017-05-22 11:55:44 +00:00
Wolfgang Rosenauer
f3477f70fa - update to Firefox 52.1.1
MFSA 2017-14
  * CVE-2017-5031: Use after free in ANGLE (bmo#1328762)
                   (Windows only, Linux not affected)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=587
2017-05-09 05:56:43 +00:00
Wolfgang Rosenauer
7578571bec - switch to Mozilla's geolocation service (boo#1026989)
- removed mozilla-preferences.patch obsoleted by overriding via
  firefox.js
- fixed KDE integration to avoid crash caused by filepicker
  (boo#1015998)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=584
2017-04-28 21:32:26 +00:00
Wolfgang Rosenauer
fcfd6f2d1c - update to Firefox 52.1.0esr (boo#1035082)
MFSA 2017-12
  * CVE-2017-5443 (bmo#1342661)
    Out-of-bounds write during BinHex decoding
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
    Firefox ESR 52.1
  * CVE-2017-5464 (bmo#1347075)
    Memory corruption with accessibility and DOM manipulation
  * CVE-2017-5465 (bmo#1347617)
    Out-of-bounds read in ConvolvePixel
  * CVE-2017-5466 (bmo#1353975)
    Origin confusion when reloading isolated data:text/html URL
  * CVE-2017-5467 (bmo#1347262)
    Memory corruption when drawing Skia content
  * CVE-2017-5460 (bmo#1343642)
    Use-after-free in frame selection
  * CVE-2017-5461 (bmo#1344380)
    Out-of-bounds write in Base64 encoding in NSS
  * CVE-2017-5448 (bmo#1346648)
    Out-of-bounds write in ClearKeyDecryptor
  * CVE-2017-5449 (bmo#1340127)
    Crash during bidirectional unicode manipulation with animation
  * CVE-2017-5446 (bmo#1343505)
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
  * CVE-2017-5447 (bmo#1343552)
    Out-of-bounds read during glyph processing
  * CVE-2017-5444 (bmo#1344461)
    Buffer overflow while parsing application/http-index-format content

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=583
2017-04-20 21:02:48 +00:00
Wolfgang Rosenauer
ef1a98917f - update to Firefox 52.0.2
* Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787)
  * Fix loading tab icons on session restore (bmo#1338009)
  * Fix a crash on startup on Linux (bmo#1345413)
  * Fix new installs erroneously not prompting to change the default
    browser setting (bmo#1343938)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=581
2017-04-03 07:23:02 +00:00
Wolfgang Rosenauer
e7dba2d7e9 - explicitely add libffi build requirement
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=579
2017-03-20 16:28:50 +00:00
Wolfgang Rosenauer
ae8683e30d - disable rust usage for everything but x86(-64)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=578
2017-03-20 16:07:00 +00:00
Wolfgang Rosenauer
43203c9622 - disable rust usage for PPC64LE
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=577
2017-03-20 15:41:53 +00:00
Wolfgang Rosenauer
39f56adaf0 - update to Firefox 52.0.1 (boo#1029822)
MFSA 2017-08
  CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=576
2017-03-17 22:39:31 +00:00
Wolfgang Rosenauer
6ea21fb6f9 - reenable ALSA support which was removed by default upstream
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=575
2017-03-09 12:31:02 +00:00
Wolfgang Rosenauer
6602a2cc2b - update to Firefox 52.0 (boo#1028391)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=574
2017-03-07 23:18:25 +00:00
Wolfgang Rosenauer
2249818fd8 Accepting request 477653 from home:AndreasStieger:branches:mozilla:Factory
add boo#1028391 and CVEs

OBS-URL: https://build.opensuse.org/request/show/477653
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=573
2017-03-07 23:15:47 +00:00
Wolfgang Rosenauer
14ce29297b - update to Firefox 52.0
* requires NSS >= 3.28.3
  * Pages containing insecure password fields now display a warning
    directly within username and password fields.
  * Windows 8 touch screen support for multiprocess Firefox
  * Send and open a tab from one device to another with Sync
  * Removed NPAPI support for plugins other than Flash. Silverlight,
    Java, Acrobat and the like are no longer supported.
  * Removed Battery Status API to reduce fingerprinting of users by
    trackers
- removed obsolete patches
  * mozilla-binutils-visibility.patch
  * mozilla-check_return.patch
  * mozilla-disable-skia-be.patch
  * mozilla-skia-overflow.patch
  * mozilla-skia-ppc-endianess.patch
- rebased patches
- enable rust usage for Tumbleweed

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=572
2017-03-07 08:35:10 +00:00
Wolfgang Rosenauer
3ce0e89892 Accepting request 453042 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 51.0.1

OBS-URL: https://build.opensuse.org/request/show/453042
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=570
2017-01-27 21:48:32 +00:00
Wolfgang Rosenauer
4a4070a0e9 - fix build without skia (big endian archs) (bmo#1319374)
(mozilla-disable-skia-be.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=569
2017-01-27 17:39:50 +00:00
Wolfgang Rosenauer
d2c8956ec2 - add upstream patch to fix PPC64LE (bmo#1319389)
(mozilla-skia-ppc-endianess.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=568
2017-01-27 15:01:24 +00:00
Wolfgang Rosenauer
0f2d4906dd - update to Firefox 51.0
* requires NSPR >= 4.13.1, NSS >= 3.28.1
  * Added support for FLAC (Free Lossless Audio Codec) playback
  * Added support for WebGL 2
  * Added Georgian (ka) and Kabyle (kab) locales
  * Support saving passwords for forms without 'submit' events
  * Improved video performance for users without GPU acceleration
  * Zoom indicator is shown in the URL bar if the zoom level is not
    at default level
  * View passwords from the prompt before saving them
  * Remove Belarusian (be) locale
  * Use Skia for content rendering (Linux)
  * MFSA 2017-01
    CVE-2017-5375: Excessive JIT code allocation allows bypass of
                   ASLR and DEP (bmo#1325200, boo#1021814)
    CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
    CVE-2017-5377: Memory corruption with transforms to create
                   gradients in Skia (bmo#1306883, boo#1021826)
    CVE-2017-5378: Pointer and frame data leakage of Javascript objects
                   (bmo#1312001, bmo#1330769, boo#1021818)
    CVE-2017-5379: Use-after-free in Web Animations
                   (bmo#1309198,boo#1021827)
    CVE-2017-5380: Potential use-after-free during DOM manipulations
                   (bmo#1322107, boo#1021819)
    CVE-2017-5390: Insecure communication methods in Developer Tools
                   JSON viewer (bmo#1297361, boo#1021820)
    CVE-2017-5389: WebExtensions can install additional add-ons via
                   modified host requests (bmo#1308688, boo#1021828)
    CVE-2017-5396: Use-after-free with Media Decoder
                   (bmo#1329403, boo#1021821)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=567
2017-01-25 10:27:08 +00:00
Wolfgang Rosenauer
f6f1953e39 Accepting request 451698 from home:bjoernv:branches:mozilla:Factory
Firefox could not open Google, Wikipedia etc. with HTTPS anymore after update of NSS to 3.28
Sources:
- https://bugs.gentoo.org/show_bug.cgi?id=603622
- https://bugzilla.redhat.com/show_bug.cgi?id=1413303#c5
- https://bugzilla.mozilla.org/show_bug.cgi?id=1290037

OBS-URL: https://build.opensuse.org/request/show/451698
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=566
2017-01-21 08:10:15 +00:00
Wolfgang Rosenauer
47ea133150 - update to Firefox 50.1.0 (boo#1015422)
* MFSA 2016-94
    CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628)
    CVE-2016-9899: Use-after-free while manipulating DOM events and
                   audio elements (bmo#1317409)
    CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
    CVE-2016-9896: Use-after-free with WebVR (bmo#1315543)
    CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
    CVE-2016-9898: Use-after-free in Editor while manipulating
                   DOM subtrees (bmo#1314442)
    CVE-2016-9900: Restricted external resources can be loaded by
                   SVG images through data URLs (bmo#1319122)
    CVE-2016-9904: Cross-origin information leak in shared atoms
                   (bmo#1317936)
    CVE-2016-9901: Data from Pocket server improperly sanitized
                   before execution (bmo#1320057)
    CVE-2016-9902: Pocket extension does not validate the origin
                   of events (bmo#1320039)
    CVE-2016-9903: XSS injection vulnerability in add-ons SDK
                   (bmo#1315435)
    CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
    CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and
                   Firefox ESR 45.6

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=564
2016-12-13 21:10:19 +00:00
Wolfgang Rosenauer
0e804587d5 - update to Firefox 50.1.0 (boo#)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=563
2016-12-12 21:26:20 +00:00
Wolfgang Rosenauer
a7b507dd76 Accepting request 445492 from home:cgrobertson:branches:mozilla:Factory
- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)

OBS-URL: https://build.opensuse.org/request/show/445492
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=562
2016-12-12 18:36:34 +00:00
Wolfgang Rosenauer
120a7e8724 Accepting request 443012 from home:AndreasStieger:branches:mozilla:Factory
Add boo#1012964 to 50.0.2 changelog

OBS-URL: https://build.opensuse.org/request/show/443012
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=560
2016-12-01 17:33:12 +00:00
Wolfgang Rosenauer
01729d0fbe * Firefox crashes with 3rd party Chinese IME when using IME text
(50.0.1)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=559
2016-12-01 03:07:00 +00:00
Wolfgang Rosenauer
3b8276a497 - update to Firefox 50.0.2
security fixes (in 50.0.1): (boo#1012807)
  * MFSA 2016-91
    CVE-2016-9078: data: URL can inherit wrong origin after an
                   HTTP redirect (bmo#1317641)
  security fixes (in 50.0.2)
  * MFSA 2016-92
    CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=558
2016-12-01 03:05:24 +00:00
Wolfgang Rosenauer
a1ebdac66f - update to Firefox 50.0 (boo#1009026)
* requires NSS 3.26.2
  new features
  * Updates to keyboard shortcuts
    Set a preference to have Ctrl+Tab cycle through tabs in recently
    used order
    View a page in Reader Mode by using Ctrl+Alt+R
  * Added option to Find in page that allows users to limit search to
    whole words only
  * Added download protection for a large number of executable file
    types on Windows, Mac and Linux
  * Fixed rendering of dashed and dotted borders with rounded corners
    (border-radius)
  * Added a built-in Emoji set for operating systems without native
    Emoji fonts (Windows 8.0 and lower and Linux)
  * Blocked versions of libavcodec older than 54.35.1
  * additional locale
  security fixes:
  * MFSA 2016-89
    CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
                   (bmo#1292443)
    CVE-2016-5292: URL parsing causes crash (bmo#1288482)
    CVE-2016-5293: Write to arbitrary file with updater and moz
                   maintenance service using updater.log hardlink
		   (Windows only) (bmo#1246945)
    CVE-2016-5294: Arbitrary target directory for result files of
                   update process (Windows only) (bmo#1246972)
    CVE-2016-5297: Incorrect argument length checking in Javascript
                   (bmo#1303678)
    CVE-2016-9064: Addons update must verify IDs match between

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=555
2016-11-15 18:06:29 +00:00
Wolfgang Rosenauer
6f15368db9 Accepting request 437089 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 49.0.2
  * CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
  * CVE-2016-5288: Web content can read cache entries (bsc#1006476)

OBS-URL: https://build.opensuse.org/request/show/437089
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=553
2016-10-24 11:40:07 +00:00
Wolfgang Rosenauer
140f76446a Accepting request 434641 from home:badshah400:firefox-gtk3
**Please wait until successful builds

- Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0
  and fixes have been incorporated by upstream.

OBS-URL: https://build.opensuse.org/request/show/434641
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=551
2016-10-17 13:11:43 +00:00
Wolfgang Rosenauer
9afb5946e2 Accepting request 429896 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 49.0.1

OBS-URL: https://build.opensuse.org/request/show/429896
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=549
2016-09-24 06:25:23 +00:00
Wolfgang Rosenauer
ad9a2b532d new features
* Updated Firefox Login Manager to allow HTTPS pages to use saved
    HTTP logins.
  * Added features to Reader Mode that make it easier on the eyes and
    the ears
  * Improved video performance for users on systems that support
    SSE3 without hardware acceleration
  * Added context menu controls to HTML5 audio and video that let users
    loops files or play files at 1.25x speed
  * Improvements in about:memory reports for tracking font memory usage
  security related
  * MFSA 2016-85
    CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
    mozilla::net::IsValidReferrerPolicy
    CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
    nsCaseTransformTextRunFactory::TransformString
    CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
    PropertyProvider::GetSpacingInternal
    CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
    CVE-2016-5273 (bmo#1280387) - crash in
    mozilla::a11y::HyperTextAccessible::GetChildOffset
    CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
    mozilla::a11y::DocAccessible::ProcessInvalidationList
    CVE-2016-5274 (bmo#1282076) - use-after-free in
    nsFrameManager::CaptureFrameState
    CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
    CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
    mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
    CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
    nsBMPEncoder::AddImageFrame

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=548
2016-09-21 21:34:48 +00:00
Wolfgang Rosenauer
23d3134ccb - update to Firefox 49.0 (boo#999701)
- removed obsolete patches:
  * mozilla-aarch64-48bit-va.patch
  * mozilla-exclude-nametablecpp.patch
  * mozilla-old_configure-bmo1282843.patch
- requires NSS 3.25

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=547
2016-09-20 16:19:47 +00:00
Wolfgang Rosenauer
8f3a8c45f5 Accepting request 423949 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 48.0.2

OBS-URL: https://build.opensuse.org/request/show/423949
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=545
2016-08-31 08:13:42 +00:00
Wolfgang Rosenauer
7c9c7e7cc9 Accepting request 420691 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 48.0.1

OBS-URL: https://build.opensuse.org/request/show/420691
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=543
2016-08-20 21:38:42 +00:00
Wolfgang Rosenauer
d47b90bdde - added upstream patch so system plugins/extensions are correctly
loaded again on x86-64 (bmo#1282843)
  (mozilla-old_configure-bmo1282843.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=542
2016-08-18 06:59:29 +00:00
Wolfgang Rosenauer
0982f0206c Accepting request 417428 from home:pcerny:mozilla:Factory
flex hotfix - changelog update

OBS-URL: https://build.opensuse.org/request/show/417428
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=540
2016-08-08 09:15:08 +00:00
Wolfgang Rosenauer
b20061a222 Accepting request 417132 from home:pcerny:mozilla:Factory
flex hotfix

OBS-URL: https://build.opensuse.org/request/show/417132
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=539
2016-08-05 19:11:43 +00:00
Wolfgang Rosenauer
1728408aaa Accepting request 416757 from home:badshah400:firefox-gtk3
Builds for 42.1 with patch enabled (or disabled), and should do for Factory too

OBS-URL: https://build.opensuse.org/request/show/416757
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=538
2016-08-04 13:49:10 +00:00
Wolfgang Rosenauer
f0b7b2b431 security fixes:
* MFSA 2016-62/CVE-2016-2835/CVE-2016-2836
    Miscellaneous memory safety hazards
  * MFSA 2016-63/CVE-2016-2830 (bmo#1255270)
    Favicon network connection can persist when page is closed
  * MFSA 2016-64/CVE-2016-2838 (bmo#1279814)
    Buffer overflow rendering SVG with bidirectional content
  * MFSA 2016-65/CVE-2016-2839 (bmo#1275339)
    Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
  * MFSA 2016-66/CVE-2016-5251 (bmo#1255570)
    Location bar spoofing via data URLs with malformed/invalid mediatypes
  * MFSA 2016-67/CVE-2016-5252 (bmo#1268854)
    Stack underflow during 2D graphics rendering
  * MFSA 2016-68/CVE-2016-0718 (bmo#1236923)
    Out-of-bounds read during XML parsing in Expat library
  * MFSA 2016-69/CVE-2016-5253 (bmo#1246944)
    Arbitrary file manipulation by local user through Mozilla updater
    and callback application path parameter (Windows-only)
  * MFSA 2016-70/CVE-2016-5254 (bmo#1266963)
    Use-after-free when using alt key and toplevel menus
  * MFSA 2016-71/CVE-2016-5255 (bmo#1212356)
    Crash in incremental garbage collection in JavaScript
  * MFSA 2016-72/CVE-2016-5258 (bmo#1279146)
    Use-after-free in DTLS during WebRTC session shutdown
  * MFSA 2016-73/CVE-2016-5259 (bmo#1282992)
    Use-after-free in service workers with nested sync events
  * MFSA 2016-74/CVE-2016-5260 (bmo#1280294)
    Form input type change from password to text can store plain
    text password in session restore file
  * MFSA 2016-75/CVE-2016-5261 (bmo#1287266)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=537
2016-08-03 04:49:19 +00:00
Wolfgang Rosenauer
fba117331c - update to Firefox 48.0 (boo#991809)
* requires NSS 3.24
  * Process separation (e10s) is enabled for some of you
  * Add-ons that have not been verified and signed by Mozilla will not load
  * WebRTC embetterments
  * The media parser has been redeveloped using the Rust programming
    language
  * better Canvas performance with speedy Skia support
- removed obsolete mozilla-gcc6.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=536
2016-08-03 04:34:40 +00:00
Wolfgang Rosenauer
31e1944594 Accepting request 415720 from home:badshah400:branches:mozilla:Factory
- Update description and screenshots in appdata.xml file.

OBS-URL: https://build.opensuse.org/request/show/415720
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=534
2016-07-29 08:19:31 +00:00
Wolfgang Rosenauer
2c7b769dd2 -fno-inline-small-functions to CFLAGS
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=532
2016-07-24 20:58:14 +00:00
Wolfgang Rosenauer
1d67894392 Accepting request 414914 from home:1Antoine1:branches:mozilla:Factory
Disable some GCC optimizations to fix sigsev at startup on i586. boo#986541

OBS-URL: https://build.opensuse.org/request/show/414914
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=531
2016-07-24 20:38:24 +00:00
Wolfgang Rosenauer
a0dc99e46e Accepting request 412212 from home:Mailaender:branches:mozilla:Factory
Revamped the AppData file:
* less advertisy description
* replaced Windows XP screenshot with GNOME
* HTTPS everywhere
* Update URL to actually show Firefox and not everyone is en_US
* This will never be maintained upstream (see bugzilla) so live with it.

OBS-URL: https://build.opensuse.org/request/show/412212
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=530
2016-07-20 07:26:43 +00:00
Wolfgang Rosenauer
3052298781 Accepting request 405481 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 47.0.1

OBS-URL: https://build.opensuse.org/request/show/405481
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=528
2016-06-29 13:54:41 +00:00
Wolfgang Rosenauer
336127b83a Accepting request 402731 from home:AndreasStieger:branches:mozilla:Factory
patch for boo#984637 can be applied on all targets
add reference to boo#984637

OBS-URL: https://build.opensuse.org/request/show/402731
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=527
2016-06-16 14:00:48 +00:00
Wolfgang Rosenauer
1f8e55111d - mozilla-binutils-visibility.patch to fix build issues with
gcc/binutils combination used in Leap 42.2

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=524
2016-06-15 07:55:15 +00:00
Wolfgang Rosenauer
7441e7733c * add patch mozilla-aarch64-48bit-va.patch
- fix XUL dialog button order under KDE session (boo#984403)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=523
2016-06-14 20:12:53 +00:00
Wolfgang Rosenauer
9fdd4cf285 Accepting request 402022 from home:badshah400:firefox-gtk3
Update gtk3 patch to latest version from Fedora

OBS-URL: https://build.opensuse.org/request/show/402022
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=522
2016-06-14 20:07:58 +00:00
Wolfgang Rosenauer
0f3c39840c Accepting request 401909 from home:algraf:branches:mozilla:Factory
- Fix running on 48bit va aarch64 (bsc#984126)
  - Add patch mozilla-aarch64-48bit-va.patch

OBS-URL: https://build.opensuse.org/request/show/401909
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=521
2016-06-14 19:48:50 +00:00
Wolfgang Rosenauer
b9792ce771 - update to Firefox 47.0 (boo#983549)
* Enable VP9 video codec for users with fast machines
  * Embedded YouTube videos now play with HTML5 video if Flash is
    not installed
  * View and search open tabs from your smartphone or another
    computer in a sidebar
  * Allow no-cache on back/forward navigations for https resources
  security fixes:
  * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
    (boo#983638)
    (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
     bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
     bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
     bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
     bmo#1269729, bmo#1273202, bmo#1273701)
    Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
  * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
    Buffer overflow parsing HTML5 fragments
  * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
    Use-after-free deleting tables from a contenteditable document
  * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
    Addressbar spoofing though the SELECT element
  * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
    Out-of-bounds write with WebGL shader
  * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
    Partial same-origin-policy through setting location.host
    through data URI
  * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
    Use-after-free when textures are used in WebGL operations
    after recycle pool destruction

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=518
2016-06-08 12:26:29 +00:00
Wolfgang Rosenauer
424ee97030 Accepting request 398058 from home:badshah400:branches:mozilla:Factory
Fix building for non-factory openSUSE. The patches have guards themselves wherever needed, we don't need to be paranoid about applying them unconditionally. Sorry for breaking the build earlier.

OBS-URL: https://build.opensuse.org/request/show/398058
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=516
2016-05-26 05:57:29 +00:00
Wolfgang Rosenauer
a5bfddd988 Accepting request 397775 from home:badshah400:branches:openSUSE:Factory:Rings:2-TestDVD
Add patches to build against gcc6, apply these patches only if gcc >= 6 is actually used during compilation.

OBS-URL: https://build.opensuse.org/request/show/397775
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=515
2016-05-25 07:27:59 +00:00
Wolfgang Rosenauer
44ae32c807 Accepting request 396840 from home:dsterba:branches:mozilla:Factory
- enable build with PIE and full relro on x86_64 (boo#980384)

OBS-URL: https://build.opensuse.org/request/show/396840
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=513
2016-05-20 11:04:12 +00:00
Wolfgang Rosenauer
55af92fdfe - update to Firefox 46.0.1
Fixed:
  * Search plugin issue for various locales
  * Add-on signing certificate expiration
  * Service worker update issue
  * Build issue when jit is disabled
  * Limit Sync registration updates
- removed now obsolete mozilla-jit_branch64.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=510
2016-05-07 19:37:00 +00:00
Wolfgang Rosenauer
3779639588 - add mozilla-jit_branch64.patch to avoid PowerPC build failure
(from bmo#1266366)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=508
2016-05-03 20:35:52 +00:00
Wolfgang Rosenauer
e9dadb94d7 Accepting request 393478 from home:michel_mno:branches:mozilla:Factory
new mozilla_add_branch64.patch to avoid PowerPC build failure.
to complete previous request that failed on staging:F

OBS-URL: https://build.opensuse.org/request/show/393478
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=507
2016-05-03 20:02:49 +00:00
Wolfgang Rosenauer
3b138f7f73 (boo#977373, boo#977375, boo#977376)
* MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377)
  * MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378)
  * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812
    (bmo#1252330, bmo#1261776, boo#977379)
  * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380)
  * MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381)
  * MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382)
  * MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384)
  * MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386)
  * MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=506
2016-04-30 07:08:42 +00:00
Wolfgang Rosenauer
41b5455c64 Accepting request 391871 from home:badshah400:firefox-gtk3
Update gtk3 patch so that if applies against ffx 46.0.

OBS-URL: https://build.opensuse.org/request/show/391871
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=502
2016-04-27 23:32:34 +00:00
Wolfgang Rosenauer
97bd16c7cb - update to Firefox 46.0 (boo#977333)
* Improved security of the JavaScript Just In Time (JIT) Compiler
  * WebRTC fixes to improve performance and stability
  * Added support for document.elementsFromPoint
  * Added HKDF support for Web Crypto API
  * requires NSPR 4.12 and NSS 3.22.3
  * added patch to fix unchecked return value
    mozilla-check_return.patch
  * Gtk3 builds not supported at the moment
  security fixes:
  * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807
    Miscellaneous memory safety hazards
  * MFSA 2016-40/CVE-2016-2809 (bmo#1212939)
    Privilege escalation through file deletion by Maintenance Service updater
    (Windows only)
  * MFSA 2016-41/CVE-2016-2810 (bmo#1229681)
    Content provider permission bypass allows malicious application
    to access data (Android only)
  * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 (bmo#1252330, bmo#1261776)
    Use-after-free and buffer overflow in Service Workers
  * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650)
    Disclosure of user actions through JavaScript with motion and
    orientation sensors (only affects mobile variants)
  * MFSA 2016-44/CVE-2016-2814 (bmo#1254721)
    Buffer overflow in libstagefright with CENC offsets
  * MFSA 2016-45/CVE-2016-2816 (bmo#1223743)
    CSP not applied to pages sent with multipart/x-mixed-replace
  * MFSA 2016-46/CVE-2016-2817 (bmo#1227462)
    Elevation of privilege with chrome.tabs.update API in web extensions
  * MFSA 2016-47/CVE-2016-2808 (bmo#1246061)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=500
2016-04-27 07:09:13 +00:00
Wolfgang Rosenauer
e165f239a4 Accepting request 391154 from home:badshah400:branches:mozilla:Factory
mozilla-gtk3_20.patch synced to latest fedora's to fix some scrollbar issues when using gtk 3.20

OBS-URL: https://build.opensuse.org/request/show/391154
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=499
2016-04-24 06:17:46 +00:00
Wolfgang Rosenauer
946a2cf79c Accepting request 389750 from devel:ARM:Factory
- build fixes for arm/aarch64:
  * disable webrtc for arm/aarch64
  * switch away from openGL-ES backend to default for arm/aarch64
   since it almost never builds
  * reenable neon
- reenable webrtc for powerpc as it seems to build

OBS-URL: https://build.opensuse.org/request/show/389750
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=497
2016-04-14 10:14:02 +00:00
Wolfgang Rosenauer
58d2070b38 - Compile against gtk3 depending on whether the macro
%firefox_use_gtk3 is defined or not (e.g., at the prjconf
  level); macro is undefined by default and so gtk2 is used as the
  default toolkit.
- Add BuildRequires for additional packages needed when building
  against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0),
  pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0).
- Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20;
  patch taken from Fedora (bmo#1230955).

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=496
2016-04-12 21:13:00 +00:00
Wolfgang Rosenauer
bb1a23845f Accepting request 387816 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 45.0.2

OBS-URL: https://build.opensuse.org/request/show/387816
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=495
2016-04-12 16:26:19 +00:00
Wolfgang Rosenauer
f9d87d6387 Accepting request 375147 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 45.0.1

OBS-URL: https://build.opensuse.org/request/show/375147
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=493
2016-03-19 08:13:45 +00:00
Wolfgang Rosenauer
a4caa64ef9 - update to Firefox 45.0 (boo#969894)
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
    Miscellaneous memory safety hazards
  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
    Local file overwriting and potential privilege escalation through
    CSP reports
  * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
    CSP reports fail to strip location information for embedded iframe pages
  * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
    Linux video memory DOS with Intel drivers
  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
    Memory leak in libstagefright when deleting an array during MP4
    processing
  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
    Displayed page address can be overridden
  * MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
    Service Worker Manager out-of-bounds read in Service Worker Manager
  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
    Use-after-free in HTML5 string parser
  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
    Use-after-free in SetBody
  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
    Use-after-free when using multiple WebRTC data channels
  * MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
    Memory corruption when modifying a file being read by FileReader
  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
    Use-after-free during XML transformations
  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
    Addressbar spoofing though history navigation and Location protocol
    property

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=491
2016-03-08 22:37:32 +00:00
Wolfgang Rosenauer
2d4b618151 - update to Firefox 45.0
* requires NSPR 4.12 / NSS 3.21.1
  * Instant browser tab sharing through Hello
  * Synced Tabs button in button bar
  * Tabs synced via Firefox Accounts from other devices are now shown
    in dropdown area of Awesome Bar when searching
  * Introduce a new preference (network.dns.blockDotOnion) to allow
    blocking .onion at the DNS level
  * Tab Groups (Panorama) feature removed

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=490
2016-03-07 16:25:29 +00:00
Wolfgang Rosenauer
f75dc0e2d0 Accepting request 366570 from home:olh:branches:mozilla:Factory
- Remove B_CNT from symbols.zip filename to reduce build-compare noise

OBS-URL: https://build.opensuse.org/request/show/366570
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=489
2016-03-06 16:21:37 +00:00
Wolfgang Rosenauer
17c09e6be5 units - adding mozilla-reduce-files-per-UnifiedBindings.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=487
2016-02-26 22:35:32 +00:00
Wolfgang Rosenauer
a3bc9c3699 Accepting request 361943 from home:AndreasStieger:branches:mozilla:Factory
- fix build problems on i586, caused by too large unified compile units


Server build is still running, let's see...

OBS-URL: https://build.opensuse.org/request/show/361943
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=486
2016-02-26 21:04:29 +00:00
Wolfgang Rosenauer
3253c98249 - update to Firefox 44.0.2
* MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438)
    Same-origin-policy violation using Service Workers with plugins
  * Fix issue which could lead to the removal of stored passwords
    under certain circumstances (bmo#1242176)
  * Allows spaces in cookie names (bmo#1244505)
  * Disable opus/vorbis audio with H.264 (bmo#1245696)
  * Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
  * Fix a crash in cache networking (bmo#1244076)
  * Fix using WebSockets in service worker controlled pages (bmo#1243942)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=484
2016-02-12 14:47:06 +00:00
Wolfgang Rosenauer
12d483420b Accepting request 356195 from home:AndreasStieger:branches:OBS_Maintained:MozillaFirefox
update bug tracking

OBS-URL: https://build.opensuse.org/request/show/356195
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=481
2016-01-28 06:43:56 +00:00
Wolfgang Rosenauer
2ea3069057 - update to Firefox 44.0 (boo#963520)
* MFSA 2016-01/CVE-2016-1930/CVE-2016-1931
    Miscellaneous memory safety hazards
  * MFSA 2016-02/CVE-2016-1933 (bmo#1231761)
    Out of Memory crash when parsing GIF format images
  * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
    Buffer overflow in WebGL after out of memory allocation
  * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784)
    Firefox allows for control characters to be set in cookie names
  * MFSA 2016-06/CVE-2016-1937 (bmo#724353)
    Missing delay following user click events in protocol handler dialog
  * MFSA 2016-07/CVE-2016-1938 (bmo#1190248)
    Errors in mp_div and mp_exptmod cryptographic functions in NSS
    (fixed by requiring NSS 3.21)
  * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)
    Addressbar spoofing attacks
  * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
    (bmo#1186621, bmo#1214782, bmo#1232096)
    Unsafe memory manipulation found through code inspection
  * MFSA 2016-11/CVE-2016-1947 (bmo#1237103)
    Application Reputation service disabled in Firefox 43
  * requires NSPR 4.11
  * requires NSS 3.21
- prepare mozilla-kde.patch for Gtk3 builds
- rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=480
2016-01-26 22:39:03 +00:00
Wolfgang Rosenauer
38f5c0b4e7 Accepting request 352991 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 43.0.4

OBS-URL: https://build.opensuse.org/request/show/352991
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=478
2016-01-11 08:19:52 +00:00
Wolfgang Rosenauer
913aba2599 - explicitely requires libXcomposite-devel
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=477
2015-12-29 20:30:21 +00:00
Wolfgang Rosenauer
947695d633 - update to Firefox 43.0.3
* requires NSS 3.20.2 to fix
    MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
    MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
    server signature
  * various changes to support Windows update (SHA-1 vs. SHA-2)
  * workaround Youtube user agent detection issue (bmo#1233970)
- fix file download regression for multi user systems
  (bmo#1233434) (mozilla-bmo1233434.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=475
2015-12-26 13:06:31 +00:00
Wolfgang Rosenauer
5fcce29637 - update to Firefox 43.0 (bnc#959277)
* Improved API support for m4v video playback
  * Users can opt-in to receive search suggestions from the Awesome Bar
  * WebRTC streaming on multiple monitors
  * User selectable second block list for Private Browsing's Tracking
    Protection
  security fixes:
  * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
    Miscellaneous memory safety hazards
  * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
    Crash with JavaScript variable assignment with unboxed objects
  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
    Same-origin policy violation using perfomance.getEntries and
    history navigation
  * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
    Firefox allows for control characters to be set in cookies
  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
    Use-after-free in WebRTC when datachannel is used after being
    destroyed
  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
    Integer overflow allocating extremely large textures
  * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
    Cross-origin information leak through web workers error events
  * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
    Hash in data URI is incorrectly parsed
  * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
    DOS due to malformed frames in HTTP/2
  * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
    Linux file chooser crashes on malformed images due to flaws in
    Jasper library

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=473
2015-12-17 00:06:36 +00:00
Wolfgang Rosenauer
d7dbc2da9b - Add desktop menu action for private browsing window to desktop
- remove obsolete patch mozilla-bmo1005535.patch completely from
  source package to avoid automatic check failures

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=471
2015-11-15 19:53:12 +00:00
Wolfgang Rosenauer
479484011d - Add desktop menu action for private browsing window to desktop
file (boo#954747)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=470
2015-11-12 19:04:14 +00:00
Wolfgang Rosenauer
69197f5305 security fixes:
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
    Miscellaneous memory safety hazards
  * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
    Information disclosure through NTLM authentication
  * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
    CSP bypass due to permissive Reader mode whitelist
  * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
    Firefox for Android addressbar can be removed after fullscreen mode
  * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
    Reading sensitive profile files through local HTML file on Android
  * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
    disabling scripts in Add-on SDK panels has no effect
  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
    Trailing whitespace in IP address hostnames can bypass same-origin policy
  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
    Buffer overflow during image interactions in canvas
  * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
    Android intents can be used on Firefox for Android to open privileged files
  * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
    XSS attack through intents on Firefox for Android
  * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
    Crash when accessing HTML tables with accessibility tools on OS X
  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
    CORS preflight is bypassed when non-standard Content-Type headers
    are received
  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
    Memory corruption in libjar through zip files
  * MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
    Certain escaped characters in host of Location-header are being

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=468
2015-11-03 17:24:31 +00:00
Wolfgang Rosenauer
4461643420 - update to Firefox 42.0 (bnc#952810)
* Private Browsing with Tracking Protection blocks certain Web
    elements that could be used to record your behavior across sites
  * Control Center that contains site security and privacy controls
  * Login Manager improvements
  * WebRTC improvements
  * Indicator added to tabs that play audio with one-click muting
  * Media Source Extension for HTML5 video available for all sites
- requires NSPR 4.10.10 and NSS 3.19.4
- removed obsolete patches
  * mozilla-arm-disable-edsp.patch
  * mozilla-icu-strncat.patch
  * mozilla-skia-be-le.patch
  * toolkit-download-folder.patch
- fixed build with enable-libproxy (bmo#1220399)
  * mozilla-libproxy.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=467
2015-11-03 15:49:03 +00:00
Wolfgang Rosenauer
2de666dd50 - update to Firefox 41.0.2 (bnc#950686)
* MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669)
    Cross-origin restriction bypass using Fetch
- added explicit appdata provides (bnc#949983)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=465
2015-10-16 10:49:41 +00:00
Wolfgang Rosenauer
0e6478e65d - do not build with --enable-stdcxx-compat
(this starts to fail build on various toolchain combinations
  and is not required for openSUSE builds in general

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=463
2015-10-04 09:21:58 +00:00
Wolfgang Rosenauer
a49d69320c - update to Firefox 41.0.1
* Fix a startup crash related to Yandex toolbar and Adblock Plus
    (bmo#1209124)
  * Fix potential hangs with Flash plugins (bmo#1185639)
  * Fix a regression in the bookmark creation (bmo#1206376)
  * Fix a startup crash with some Intel Media Accelerator 3150
    graphic cards (bmo#1207665)
  * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=462
2015-10-01 18:39:43 +00:00
Wolfgang Rosenauer
e6232894a5 ------------------------------------------------------------------
- update to Firefox 40.0.3 (bnc#943550)
  * Disable the asynchronous plugin initialization (bmo#1198590)
  * Fix a segmentation fault in the GStreamer support (bmo#1145230)
  * Fix a regression with some Japanese fonts used in the <input>
    field (bmo#1194055)
  * On some sites, the selection in a select combox box using the
    mouse could be broken (bmo#1194733)
  security fixes
  * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
    Use-after-free when resizing canvas element during restyling
  * MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
    Add-on notification bypass through data URLs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=460
2015-09-23 05:41:29 +00:00
Wolfgang Rosenauer
e28bb154cb - update to Firefox 41.0 (bnc#947003)
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
    Miscellaneous memory safety hazards
  * MFSA 2015-97/CVE-2015-4503 (bmo#994337)
    Memory leak in mozTCPSocket to servers
  * MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
    Out of bounds read in QCMS library with ICC V4 profile attributes
  * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
    Site attribute spoofing on Android by pasting URL with unknown scheme
  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
    Arbitrary file manipulation by local user through Mozilla updater
  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
    Buffer overflow in libvpx while parsing vp9 format video
  * MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
    Crash when using debugger with SavedStacks in JavaScript
  * MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
    URL spoofing in reader mode
  * MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
    Use-after-free with shared workers and IndexedDB
  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
    Buffer overflow while decoding WebM video
  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
    Use-after-free while manipulating HTML media content
  * MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
    Out-of-bounds read during 2D canvas display on Linux 16-bit
    color depth systems
  * MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
    Scripted proxies can access inner window
  * MFSA 2015-109/CVE-2015-4516 (bmo#904886)
    JavaScript immutable property enforcement can be bypassed

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=459
2015-09-23 05:39:21 +00:00
Wolfgang Rosenauer
7ffa28996e - update to Firefox 41.0 (bnc#)
- rebased patches
- removed obsolete patches
  * mozilla-arm64-libjpeg-turbo.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=458
2015-09-22 06:10:40 +00:00
Wolfgang Rosenauer
97ab9cb840 - update to Firefox 40.0.3 (bnc#943550)
* Disable the asynchronous plugin initialization (bmo#1198590)
  * Fix a segmentation fault in the GStreamer support (bmo#1145230)
  * Fix a regression with some Japanese fonts used in the <input>
    field (bmo#1194055)
  * On some sites, the selection in a select combox box using the
    mouse could be broken (bmo#1194733)
  security fixes
  * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
    Use-after-free when resizing canvas element during restyling
  * MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
    Add-on notification bypass through data URLs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=456
2015-08-28 05:30:26 +00:00
Wolfgang Rosenauer
c24ccd4afb - update to Firefox 40.0 (bnc#940806)
* Added protection against unwanted software downloads
  * Suggested Tiles show sites of interest, based on categories
    from your recent browsing history
  * Hello allows adding a link to conversations to provide context
    on what the conversation will be about
  * New style for add-on manager based on the in-content
    preferences style
  * Improved scrolling, graphics, and video playback performance
    with off main thread compositing (GNU/Linux only)
  * Graphic blocklist mechanism improved: Firefox version ranges
    can be specified, limiting the number of devices blocked
  security fixes:
  * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
    Miscellaneous memory safety hazards
  * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
    Out-of-bounds read with malformed MP3 file
  * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
    Use-after-free in MediaStream playback
  * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
    Redefinition of non-configurable JavaScript object properties
  * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
    Overflow issues in libstagefright
  * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
    Arbitrary file overwriting through Mozilla Maintenance Service
    with hard links (only affected Windows)
  * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
    Out-of-bounds write with Updater and malicious MAR file
    (does not affect openSUSE RPM packages which do not ship the
     updater)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=454
2015-08-12 07:11:49 +00:00
Wolfgang Rosenauer
5cd9f0a774 - security update to Firefox 39.0.3 (bnc#940918)
* MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
    Same origin violation and local file stealing via PDF reader

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=452
2015-08-07 10:23:02 +00:00
Wolfgang Rosenauer
ea519de414 - update to Firefox 39.0 (bnc#935979)
security fixes:
  * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726
    Miscellaneous memory safety hazards
  * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
    Local files or privileged URLs in pages can be opened into new tabs
  * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
    Type confusion in Indexed Database Manager
  * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
    Out-of-bound read while computing an oscillator rendering range in Web Audio
  * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
    Use-after-free in Content Policy due to microtask execution error
  * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
    ECDSA signature validation fails to handle some signatures correctly
    (this fix is shipped by NSS 3.19.1 externally)
  * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
    Use-after-free in workers while using XMLHttpRequest
  * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
    CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
    Vulnerabilities found through code inspection
  * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
    Key pinning is ignored when overridable errors are encountered
  * MFSA 2015-68/CVE-2015-2742 (bmo#1138669)
    OS X crash reports may contain entered key press information
    (not relevant under Linux)
  * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
    Privilege escalation in PDF.js
  * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
    NSS accepts export-length DHE keys with regular DHE cipher suites
    (this fix is shipped by NSS 3.19.1 externally)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=450
2015-07-03 06:21:15 +00:00
Wolfgang Rosenauer
9353554b5d - update to Firefox 39.0
* Share Hello URLs with social networks
  * Support for 'switch' role in ARIA 1.1 (web accessibility)
  * SafeBrowsing malware detection lookups enabled for downloads
    (Mac OS X and Linux)
  * Support for new Unicode 8.0 skin tone emoji
  * Removed support for insecure SSLv3 for network communications
  * Disable use of RC4 except for temporarily whitelisted hosts
  * NPAPI Plug-in performance improved via asynchronous initialization
- dropped mozilla-prefer_plugin_pref.patch as this feature is
  likely not worth maintaining further
- rebased patches
- require NSS 3.19.2

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=449
2015-06-24 19:26:58 +00:00
Wolfgang Rosenauer
51e2af5d00 Accepting request 312501 from home:Andreas_Schwab:Factory
- mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration

OBS-URL: https://build.opensuse.org/request/show/312501
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=448
2015-06-19 06:08:19 +00:00
Wolfgang Rosenauer
d0dd48e06c - update to Firefox 38.0.6
* fixes bmo#1171730 which is not really relevant to oS builds
- fix KDE regression from 38.0.5 builds (bsc#933439)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=447
2015-06-07 20:02:48 +00:00
Wolfgang Rosenauer
e03f1ffc2d - update to Firefox 38.0.5
* Keep track of articles and videos with Pocket
  * Clean formatting for articles and blog posts with Reader View
  * Share the active tab or window in a Hello conversation
- add changes file as source for SRPM (bsc#932142)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=445
2015-06-01 08:32:35 +00:00
Wolfgang Rosenauer
13fb8d74ed Accepting request 307277 from home:michel_mno:branches:mozilla:Factory
- add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from
  https://bugzilla.mozilla.org/show_bug.cgi?id=1153109
  This is for Firefox version 38.0
  similar request as sr #307269 previously done for version 37.0.2

OBS-URL: https://build.opensuse.org/request/show/307277
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=442
2015-05-15 11:08:59 +00:00
Wolfgang Rosenauer
a9fdf6b5ec - update to Firefox 38.0.1
stability and regression fixes
  * Systems with first generation NVidia Optimus graphics cards
    may crash on start-up
  * Users who import cookies from Google Chrome can end up with
    broken websites
  * Large animated images may fail to play and may stop other
    images from loading
- update to Firefox 38.0 (bnc#930622)
  * New tab-based preferences
  * Ruby annotation support
  * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
  security fixes:
  * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
    Miscellaneous memory safety hazards
  * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
    Buffer overflow parsing H.264 video with Linux Gstreamer
  * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
    Buffer overflow with SVG content and CSS
  * MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
    Referrer policy ignored when links opened by middle-click and
    context menu
  * MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
    Out-of-bounds read and write in asm.js validation
  * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
    Use-after-free during text processing with vertical text enabled
  * MFSA 2015-53/CVE-2015-2715 (bmo#988698)
    Use-after-free due to Media Decoder Thread creation during shutdown
  * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
    Buffer overflow when parsing compressed XML

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=441
2015-05-15 09:20:13 +00:00
Wolfgang Rosenauer
8a0ded8a29 - update to 31.7.0 (bnc#)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=440
2015-05-10 20:12:38 +00:00
Wolfgang Rosenauer
98f546d89a - update to Firefox 37.0.2 (bnc#928116)
* MFSA 2015-45/CVE-2015-2706 (bmo#1141081)
    Memory corruption during failed plugin initialization

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=438
2015-04-22 14:54:45 +00:00
Wolfgang Rosenauer
3f9a2a2e9d - update to Firefox 37.0.1 (bnc#926166)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=436
2015-04-07 10:01:31 +00:00
Wolfgang Rosenauer
aece7ba539 - update to Firefox 37.0.1
* MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only)
    Loading privileged content through Reader mode
  * MFSA 2015-44/CVE-2015-0799 (bmo#1148328)
    Certificate verification bypass through the HTTP/2 Alt-Svc header

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=435
2015-04-07 07:34:55 +00:00
Wolfgang Rosenauer
9f194c0737 - update to Firefox 37.0 (bnc#925368)
* Heartbeat user rating system
  * Yandex set as default search provider for the Turkish locale
  * Bing search now uses HTTPS for secure searching
  * Improved protection against site impersonation via OneCRL
    centralized certificate revocation
  * Opportunistically encrypt HTTP traffic where the server supports
    HTTP/2 AltSvc
  * some more behaviour changes for TLS
  security fixes:
  * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
    Miscellaneous memory safety hazards
  * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
    Use-after-free when using the Fluendo MP3 GStreamer plugin
  * MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
    Add-on lightweight theme installation approval bypassed through
    MITM attack
  * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
    resource:// documents can load privileged pages
  * MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
    Out of bounds read in QCMS library
  * MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
    Cursor clickjacking with flash and images (OS X only)
  * MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
    Incorrect memory management for simple-type arrays in WebRTC
  * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
    CORS requests should not follow 30x redirections after preflight
  * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
    Memory corruption crashes in Off Main Thread Compositing
  * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=433
2015-04-01 11:31:46 +00:00
Wolfgang Rosenauer
c579f3ef60 - update to Firefox 37.0
- removed obsolete patches
  * mozilla-bmo1088588.patch
  * mozilla-bmo1108834.patch
- requires NSPR 4.10.8
  mozilla-bmo1005535.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=432
2015-04-01 05:22:19 +00:00
Wolfgang Rosenauer
04d84121d1 Accepting request 292717 from home:k0da:branches:mozilla:Factory
- Fix builds with skia on Power
  mozilla-skia-be-le.patch (patch from #bmo1136958)
  mozilla-bmo1108834.patch
  mozilla-bmo1005535.patch

OBS-URL: https://build.opensuse.org/request/show/292717
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=431
2015-03-28 09:50:17 +00:00
Wolfgang Rosenauer
94f9237755 - update to Firefox 36.0.4 (bnc#923534)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=429
2015-03-22 12:51:39 +00:00
Wolfgang Rosenauer
e8c38e0801 - update to Firefox 36.0.4 (bnc#923495)
* MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
    Privilege escalation through SVG navigation
  * MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
    Code execution through incorrect JavaScript bounds checking
    elimination

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=428
2015-03-22 09:37:21 +00:00
Wolfgang Rosenauer
257d91825b Accepting request 292105 from home:dimstar:Factory
OBS-URL: https://build.opensuse.org/request/show/292105
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=427
2015-03-21 12:49:29 +00:00
Wolfgang Rosenauer
cabc64ee55 - update to Firefox 36.0.1
Bugfixes:
  * Disable the usage of the ANY DNS query type (bmo#1093983)
  * Hello may become inactive until restart (bmo#1137469)
  * Print preferences may not be preserved (bmo#1136855)
  * Hello contact tabs may not be visible (bmo#1137141)
  * Accept hostnames that include an underscore character ("_")
    (bmo#1136616)
  * WebGL may use significant memory with Canvas2d (bmo#1137251)
  * Option -remote has been restored (bmo#1080319)
- added mozilla-skia-bmo1136958.patch to fix build issues for
  ARM and PPC

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=425
2015-03-07 12:10:06 +00:00
Wolfgang Rosenauer
0079985d4c security fixes:
* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
    Miscellaneous memory safety hazards
  * MFSA 2015-12/CVE-2015-0833 (bmo#945192)
    Invoking Mozilla updater will load locally stored DLL files
    (Windows only)
  * MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
    Appended period to hostnames can bypass HPKP and HSTS protections
  * MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
    Malicious WebGL content crash when writing strings
  * MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
    TLS TURN and STUN connections silently fail to simple TCP connections
  * MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
    Use-after-free in IndexedDB
  * MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
    Buffer overflow in libstagefright during MP4 video playback
  * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
    Double-free when using non-default memory allocators with a
    zero-length XHR
  * MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
    Out-of-bounds read and write while rendering SVG content
  * MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
    Buffer overflow during CSS restyling
  * MFSA 2015-21/CVE-2015-0825 (bmo#1092370)
    Buffer underflow during MP3 playback
  * MFSA 2015-22/CVE-2015-0824 (bmo#1095925)
    Crash using DrawTarget in Cairo graphics library
  * MFSA 2015-23/CVE-2015-0823 (bmo#1098497)
    Use-after-free in Developer Console date with OpenType Sanitiser
  * MFSA 2015-24/CVE-2015-0822 (bmo#1110557)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=423
2015-02-25 06:18:57 +00:00
Wolfgang Rosenauer
e38465171c - update to Firefox 36.0 (bnc#917597)
* mozilla-xremote-client was removed
  * added libclearkey.so media plugin
  * Pinned tiles on the new tab page can be synced
  * Support for the full HTTP/2 protocol. HTTP/2 enables a faster,
    more scalable, and more responsive web.
  * Locale added: Uzbek (uz)
- rebased patches
- requires NSS 3.17.4

- update to Firefox 35.0.1
  * With the Enhanced Steam extension, Firefox could crash (bmo#1123732)
  * Kerberos authentication did not work with alias (bmo#1108971)
  * SVG / CSS animation had a regression causing rendering issues on
    websites like openstreemap.org (bmo#1083079)
  * On Godaddy webmail, Firefox could crash (bmo#1113121)
  * document.baseURI did not get updated to document.location after
    base tag was removed from DOM for site with a CSP (bmo#1121857)
  * With a Right-to-left (RTL) version of Firefox, the text selection
    could be broken (bmo#1104036)
  * CSP had a change in behavior with regard to case sensitivity
    resources loading (bmo#1122445)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=422
2015-02-23 20:32:13 +00:00
Wolfgang Rosenauer
ed1e6f20d0 security fixes:
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
    Miscellaneous memory safety hazards
  * MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
    Uninitialized memory use during bitmap rendering
  * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
    sendBeacon requests lack an Origin header
  * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
    Cookie injection through Proxy Authenticate responses
  * MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
    Read of uninitialized memory in Web Audio
  * MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
    Read-after-free in WebRTC
  * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
    Gecko Media Plugin sandbox escape
  * MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
    Delegated OCSP responder certificates failure with
    id-pkix-ocsp-nocheck extension
  * MFSA 2015-09/CVE-2014-8636 (bmo#987794)
    XrayWrapper bypass through DOM objects

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=420
2015-01-15 06:02:33 +00:00
Wolfgang Rosenauer
1bda786938 - update to Firefox 35.0 (bnc#910669)
notable features:
  * Firefox Hello with new rooms-based conversations model
  * Implemented HTTP Public Key Pinning Extension (for enhanced
    authentication of encrypted connections)
- rebased patches
- dropped explicit support for everything older than 12.3
  (including SLES11)
  * merge firefox-kde.patch and firefox-kde-114.patch
  * dropped mozilla-sle11.patch
- reworked specfile to build conditionally based on release channel
  either Firefox or Firefox Developer Edition
- added mozilla-openaes-decl.patch to fix implicit declarations
- obsolete tracker-miner-firefox < 0.15 because it leads to startup
  crashes (bnc#908892)
- rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=419
2015-01-14 18:32:16 +00:00
Wolfgang Rosenauer
d89c587eeb Accepting request 265117 from home:Ledest:bashisms
fix bashism in mozilla.sh script

OBS-URL: https://build.opensuse.org/request/show/265117
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=417
2014-12-15 18:32:23 +00:00
Wolfgang Rosenauer
4a13134b83 - update to Firefox 34.0.5 (bnc#908009)
* Default search engine changed to Yahoo! for North America
  * Default search engine changed to Yandex for Belarusian, Kazakh,
    and Russian locales
  * Improved search bar (en-US only)
  * Firefox Hello real-time communication client
  * Easily switch themes/personas directly in the Customizing mode
  * Implementation of HTTP/2 (draft14) and ALPN
  * Disabled SSLv3
  * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
    Miscellaneous memory safety hazards
  * MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
    XBL bindings accessible via improper CSS declarations
  * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
    XMLHttpRequest crashes with some input streams
  * MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
    CSP leaks redirect data via violation reports
  * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
    Use-after-free during HTML5 parsing
  * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
    Buffer overflow while parsing media content
  * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
    Bad casting from the BasicThebesLayer to BasicContainerLayer
- rebased patches
- limit linker memory usage for %ix86

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=415
2014-12-02 22:01:52 +00:00
Wolfgang Rosenauer
140e4a12ee - requires NSS 3.17.2
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=414
2014-11-10 16:05:57 +00:00
Wolfgang Rosenauer
b5acd11036 - update to Firefox 33.1
* Adding DuckDuckGo as a search option (upstream)
  * Forget Button added
  * Enhanced Tiles
  * Privacy tour introduced
- fix typo in GStreamer Recommends
- use proper macros for ARM

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=413
2014-11-10 15:49:04 +00:00
Wolfgang Rosenauer
849a660683 Accepting request 259749 from home:Guillaume_G:branches:mozilla:Factory
- Disable elf-hack for aarch64
- Enable EGL for aarch64
- Limit RAM usage during link for %arm
- Fix _constraints for ARM

OBS-URL: https://build.opensuse.org/request/show/259749
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=411
2014-11-06 20:54:53 +00:00
Wolfgang Rosenauer
ab979e2eb7 Accepting request 259483 from devel:ARM:Factory
- use proper macros for ARM 

- use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too
  to fix compiling.
- pass '-Wl,--no-keep-memory' to linker to reduce required memory during
  linking on arm.

OBS-URL: https://build.opensuse.org/request/show/259483
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=410
2014-11-04 23:02:38 +00:00
Wolfgang Rosenauer
113f1f2433 - update to Firefox 33.0.2
* Fix a startup crash with some combination of hardware and drivers
  33.0.1
  * Firefox displays a black screen at start-up with certain
    graphics drivers
- adjusted _constraints for ARM

- added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=408
2014-10-30 12:43:09 +00:00
Wolfgang Rosenauer
b0bbfbf8c8 - define /usr/share/myspell as additional dictionary location
and remove add-plugins.sh finally (bnc#900639)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=407
2014-10-25 08:51:04 +00:00
Wolfgang Rosenauer
fd45b34aba - use Firefox default optimization flags instead of -Os
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=405
2014-10-19 19:45:31 +00:00
Wolfgang Rosenauer
159486ad08 Accepting request 257650 from home:Vindex17:branches:mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/257650
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=404
2014-10-19 19:40:39 +00:00
Wolfgang Rosenauer
3d4d28e3ed - fix build for all ppc by not enabling elf-hack
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=402
2014-10-15 14:13:02 +00:00
Wolfgang Rosenauer
8cec21d43a - fix build for ppc64 and ppc64le by not enabling elf-hack
(bnc#901213)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=401
2014-10-15 08:16:22 +00:00