1
0
Commit Graph

647 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
850afd3a6f Accepting request 852867 from home:marxin:branches:mozilla:Factory
- Enable again LTO as gcc10 package is fixed.

Fixed gcc10 is in devel project and is approaching openSUSE:Factory
in a staging project.

OBS-URL: https://build.opensuse.org/request/show/852867
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=877
2020-12-03 17:48:21 +00:00
Wolfgang Rosenauer
c7f8f5880d - Add/Enable GNOME search provider
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=875
2020-11-21 08:13:23 +00:00
Wolfgang Rosenauer
200347945f Accepting request 845404 from home:kkirill:branches:mozilla:Factory
Enable GNOME Shell search provider akin to Fedora by
- providing firefox-search-provider.ini file for GNOME Shell search provider (copy from Fedora)
- setting the browser.gnome-search-provider.enabled to true

OBS-URL: https://build.opensuse.org/request/show/845404
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=874
2020-11-21 08:10:39 +00:00
Wolfgang Rosenauer
74592d9c27 - disable LTO on TW because of ICEs in gcc
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=873
2020-11-20 06:19:02 +00:00
Wolfgang Rosenauer
75f3df970c - switch to build with clang (as gcc produces only ICEs on TW)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=872
2020-11-19 22:03:00 +00:00
Wolfgang Rosenauer
695b9a520a - Mozilla Firefox 83.0
* major update for SpiderMonkey improving performance significantly
  * optional HTTPS-Only mode
  * more improvements
    https://www.mozilla.org/en-US/firefox/83.0/releasenotes/
  MFSA 2020-50 (bsc#1178824))
  * CVE-2020-26951 (bmo#1667113)
    Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code
  * CVE-2020-26952 (bmo#1667685)
    Out of memory handling of JITed, inlined functions could lead
    to a memory corruption
  * CVE-2020-16012 (bmo#1642028)
    Variable time processing of cross-origin images during
    drawImage calls
  * CVE-2020-26953 (bmo#1656741)
    Fullscreen could be enabled without displaying the security UI
  * CVE-2020-26954 (bmo#1657026)
    Local spoofing of web manifests for arbitrary pages in
    Firefox for Android
  * CVE-2020-26955 (bmo#1663261)
    Cookies set during file downloads are shared between normal
    and Private Browsing Mode in Firefox for Android
  * CVE-2020-26956 (bmo#1666300)
    XSS through paste (manual and clipboard API)
  * CVE-2020-26957 (bmo#1667179)
    OneCRL was not working in Firefox for Android
  * CVE-2020-26958 (bmo#1669355)
    Requests intercepted through ServiceWorkers lacked MIME type
    restrictions

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=871
2020-11-19 13:09:37 +00:00
Wolfgang Rosenauer
baf1e862b5 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=869 2020-11-09 18:18:26 +00:00
Wolfgang Rosenauer
cc6291512a - Mozilla Firefox 82.0.3
MSFA 2020-49
  * CVE-2020-26950 (bmo#1675905)
    Write side effects in MCallGetProperty opcode not accounted for

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=868
2020-11-09 16:14:06 +00:00
Wolfgang Rosenauer
a33735930f - Mozilla Firefox 82.0.2
* few bugfixes for introduced regressions

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=867
2020-11-02 09:07:47 +00:00
Wolfgang Rosenauer
07ba0d6bad MFSA 2020-45 (bsc#1177872)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=865
2020-10-21 20:15:44 +00:00
Wolfgang Rosenauer
9d0a0f0165 * https://www.mozilla.org/en-US/firefox/82.0/releasenotes/
MFSA 2020-45 (bsc#1177872)
  * CVE-2020-15969 (bmo#1666570)
    Use-after-free in usersctp
  * CVE-2020-15254 (bmo#1668514)
    Undefined behavior in bounded channel of crossbeam rust crate
  * CVE-2020-15680 (bmo#1658881)
    Presence of external protocol handlers could be determined
    through image tags
  * CVE-2020-15681 (bmo#1666568)
    Multiple WASM threads may have overwritten each others' stub
    table entries
  * CVE-2020-15682 (bmo#1636654)
    The domain associated with the prompt to open an external
    protocol could be spoofed to display the incorrect origin
  * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954,
    bmo#1662760, bmo#1663439, bmo#1666140)
    Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
  * CVE-2020-15684 (bmo#1653764, bmo#1661402, bmo#1662259,
    bmo#1664257)
    Memory safety bugs fixed in Firefox 82

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=864
2020-10-21 09:43:59 +00:00
Wolfgang Rosenauer
3505fbb031 - Mozilla Firefox 82.0
- requires
  * NSPR 4.29
  * NSS 3.57

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=863
2020-10-19 20:37:04 +00:00
Wolfgang Rosenauer
2032051695 - Mozilla Firefox 81.0.1
* https://www.mozilla.org/en-US/firefox/81.0.1/releasenotes/
- remove obsolete python2 build requires

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=861
2020-10-01 20:03:49 +00:00
Wolfgang Rosenauer
fd799ac59e Accepting request 838827 from home:Guillaume_G:branches:mozilla:Factory
- Increase disk requirements in _constraints to match current needs

OBS-URL: https://build.opensuse.org/request/show/838827
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=860
2020-10-01 09:04:20 +00:00
Wolfgang Rosenauer
0250e894cb - require python3-curses as workaround to fix i586 build
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=859
2020-09-29 10:48:52 +00:00
Wolfgang Rosenauer
5afd51282e - Mozilla Firefox 81.0
* https://www.mozilla.org/en-US/firefox/81.0/releasenotes
  MFSA 2020-42 (bsc#1176756)
  * CVE-2020-15675 (bmo#1654211)
    Use-After-Free in WebGL
  * CVE-2020-15677 (bmo#1641487)
    Download origin spoofing via redirect
  * CVE-2020-15676 (bmo#1646140)
    XSS when pasting attacker-controlled data into a
    contenteditable element
  * CVE-2020-15678 (bmo#1660211)
    When recursing through layers while scrolling, an iterator
    may have become invalid, resulting in a potential use-after-
    free scenario
  * CVE-2020-15673 (bmo#1648493, bmo#1660800)
    Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
  * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293)
    Memory safety bugs fixed in Firefox 81
- requires
  NSPR 4.28
  NSS 3.56
- removed obsolete patches
  * mozilla-system-nspr.patch
  * mozilla-bmo1661715.patch
  * mozilla-silence-no-return-type.patch
- skip post-build-checks for 15.0 and 15.1
- add revert-795c8762b16b.patch to fix LTO builds with gcc
  (related to bmo#1644409)
- Use %limit_build macro again for aarch64 and armv7, instead of

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=858
2020-09-22 14:04:54 +00:00
Wolfgang Rosenauer
49c4b18dfc Accepting request 835187 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Use %limit_build macro again for aarch64 and armv7, instead of 
  the new memoryperjob _constraints to use more workers

OBS-URL: https://build.opensuse.org/request/show/835187
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=857
2020-09-17 12:12:41 +00:00
Wolfgang Rosenauer
9689fbd025 MFSA 2020-36 (bsc#1175686)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=855
2020-08-25 19:21:33 +00:00
Wolfgang Rosenauer
57739184dc - added mozilla-system-nspr.patch (bmo#1661096)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=854
2020-08-25 18:24:16 +00:00
Wolfgang Rosenauer
f9c0480028 - Mozilla Firefox 80.0
MFSA 2020- (bsc#1175686)
  * CVE-2020-15663 (bmo#1643199)
    Downgrade attack on the Mozilla Maintenance Service could
    have resulted in escalation of privilege
  * CVE-2020-15664 (bmo#1658214)
    Attacker-induced prompt for extension installation
  * CVE-2020-12401 (bmo#1631573)
    Timing-attack on ECDSA signature generation
  * CVE-2020-6829 (bmo#1631583)
    P-384 and P-521 vulnerable to an electro-magnetic side
    channel attack on signature generation
  * CVE-2020-12400 (bmo#1623116)
    P-384 and P-521 vulnerable to a side channel attack on
    modular inversion
  * CVE-2020-15665 (bmo#1651636)
    Address bar not reset when choosing to stay on a page after
    the beforeunload dialog is shown
  * CVE-2020-15666 (bmo#1450853)
    MediaError message property leaks cross-origin response
    status
  * CVE-2020-15667 (bmo#1653371)
    Heap overflow when processing an update file
  * CVE-2020-15668 (bmo#1651520)
    Data Race when reading certificate information
  * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
    bmo#1656957)
    Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
- requires
  * NSPR 4.27

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=853
2020-08-25 18:18:25 +00:00
Wolfgang Rosenauer
9f9bb3e928 Accepting request 828191 from home:marxin:branches:mozilla:Factory
- Use new memoryperjob _constraints instead of %limit_build macro.

OBS-URL: https://build.opensuse.org/request/show/828191
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=852
2020-08-20 13:10:52 +00:00
Wolfgang Rosenauer
185b328f4f - use ccache for build
- replace versioned RPM deps with requires_ge
- parallelize locale build

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=851
2020-08-13 22:06:03 +00:00
Wolfgang Rosenauer
50acacf655 Accepting request 824701 from home:guoyunhe:branches:mozilla:Factory2
- Change *.appdata.xml location to latest AppStream standard

OBS-URL: https://build.opensuse.org/request/show/824701
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=850
2020-08-10 09:14:34 +00:00
Wolfgang Rosenauer
4c40c2f675 Accepting request 823278 from home:casiosmu:branches:openSUSE:Factory
typo in manpage: option is --safe-mode , not --save-mode

OBS-URL: https://build.opensuse.org/request/show/823278
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=848
2020-07-29 07:10:18 +00:00
Wolfgang Rosenauer
8addddfe67 - Mozilla Firefox 79.0
MFSA 2020-30 (bsc#1174538)
  * CVE-2020-15652 (bmo#1634872)
    Potential leak of redirect targets when loading scripts in a worker
  * CVE-2020-6514 (bmo#1642792)
    WebRTC data channel leaks internal address to peer
  * CVE-2020-15655 (bmo#1645204)
    Extension APIs could be used to bypass Same-Origin Policy
  * CVE-2020-15653 (bmo#1521542)
    Bypassing iframe sandbox when allowing popups
  * CVE-2020-6463 (bmo#1635293)
    Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
  * CVE-2020-15656 (bmo#1647293)
    Type confusion for special arguments in IonMonkey
  * CVE-2020-15658 (bmo#1637745)
    Overriding file type when saving to disk
  * CVE-2020-15657 (bmo#1644954)
    DLL hijacking due to incorrect loading path
  * CVE-2020-15654 (bmo#1648333)
    Custom cursor can overlay user interface
  * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
    bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
    bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
    Memory safety bugs fixed in Firefox 79
- updated dependency requirements:
  * mozilla-nspr >= 4.26
  * mozilla-nss >= 3.54
  * rust >= 1.43
  * rust-cbindgen >= 0.14.3
- removed obsolete patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=847
2020-07-29 07:07:58 +00:00
Wolfgang Rosenauer
e70345984a OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=846 2020-07-22 09:58:55 +00:00
Wolfgang Rosenauer
0c32c99eba - fixed syntax issue in desktop file (boo#1174360)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=845
2020-07-21 21:32:07 +00:00
Wolfgang Rosenauer
31ba8c3028 (patch provided by Atri Bhattacharya <badshah400@gmail.com>
- enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320)
  (Plasma 5.19.3 is now in TW)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=843
2020-07-17 15:09:12 +00:00
Wolfgang Rosenauer
47a7a10c4f Accepting request 821486 from home:badshah400:branches:mozilla:Factory
- Add mozilla-libavcodec58_91.patch to link against updated
  soversion of libavcodec (58.91) with ffmpeg >= 4.3.

OBS-URL: https://build.opensuse.org/request/show/821486
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=842
2020-07-17 15:04:42 +00:00
Wolfgang Rosenauer
63bc80aa5e - Mozilla Firefox 78.0.2
* Fixed an accessibility regression in reader mode (bmo#1650922)
  * Made the address bar more resilient to data corruption in the
    user profile (bmo#1649981)
  * Fixed a regression opening certain external applications (bmo#1650162)
  MFSA 2020-28
  * CVE pending (bmo#1644076)
    X-Frame-Options bypass using object or embed tags
- Google API key is not usable for geolocation service

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=840
2020-07-13 13:15:06 +00:00
Wolfgang Rosenauer
fba870626f - added desktop file actions
- do not use XINPUT2 for the moment until Plasma 5.19.3 has landed
  (boo#1173993)
- rework langpack integration (boo#1173991)
  * ship XPIs instead of directories
  * allow addon sideloading
  * mark signatures for langpacks non-mandatory
  * do not autodisable user profile scopes
* Google API key is not usable for geolocation service

- Mozilla Firefox 78.0.2
  * Fixed an accessibility regression in reader mode (bmo#1650922)
  * Made the address bar more resilient to data corruption in the
    user profile (bmo#1649981)
  * Fixed a regression opening certain external applications (bmo#1650162)
  MFSA 2020-28
  * CVE pending (bmo#1644076)
    X-Frame-Options bypass using object or embed tags

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=839
2020-07-12 17:40:52 +00:00
Wolfgang Rosenauer
b65efa1613 - fix pipewire support for TW (boo#1172903)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=838
2020-07-06 22:08:51 +00:00
Wolfgang Rosenauer
7efaeba3d2 - removed obsolete patches
* mozilla-bmo1634646.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=836
2020-07-03 20:04:08 +00:00
Wolfgang Rosenauer
13e2ddea0f - Mozilla Firefox 78.0.1
* Fixed an issue which could cause installed search engines to not
    be visible when upgrading from a previous release.
- enable MOZ_USE_XINPUT2 for TW (boo#1173320)
  * Protections Dashboard (about:protections)
  * WebRTC not interrupted by screensaver anymore
  * disabled TLS 1.0 and 1.1 by default
  MFSA 2020-24 (bsc#1173576)
  * CVE-2020-12415 (bmo#1586630)
    AppCache manifest poisoning due to url encoded character processing
  * CVE-2020-12416 (bmo#1639734)
    Use-after-free in WebRTC VideoBroadcaster
  * CVE-2020-12417 (bmo#1640737)
    Memory corruption due to missing sign-extension for ValueTags
    on ARM64
  * CVE-2020-12418 (bmo#1641303)
    Information disclosure due to manipulated URL object
  * CVE-2020-12419 (bmo#1643874)
    Use-after-free in nsGlobalWindowInner
  * CVE-2020-12420 (bmo#1643437)
    Use-After-Free when trying to connect to a STUN server
  * CVE-2020-12402 (bmo#1631597)
    RSA Key Generation vulnerable to side-channel attack
  * CVE-2020-12421 (bmo#1308251)
    Add-On updates did not respect the same certificate trust
    rules as software updates
  * CVE-2020-12422 (bmo#1450353)
    Integer overflow in nsJPEGEncoder::emptyOutputBuffer
  * CVE-2020-12423 (bmo#1642400)
    DLL Hijacking due to searching %PATH% for a library

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=835
2020-07-03 06:52:59 +00:00
Wolfgang Rosenauer
d08406e896 - Mozilla Firefox 78.0
* startup notifications now using Gtk instead of libnotify
  * PDF downloads now show an option to open the PDF directly in Firefox
- requires
  * NSS >= 3.53.1
  * nodejs >= 10.21
  * Gtk+3 >= 3.14
- removed obsolete patch
  * mozilla-s390-bigendian.patch
- Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build
  WebRTC with pipewire support to enable screen sharing under
  Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3)
  appropriately (boo#1172903).
- adding SLE12 compatibility in spec file
- add patches for s390x
  * mozilla-bmo1602730.patch (bmo#1602730)
  * mozilla-bmo1626236.patch (bmo#1626236)
  * mozilla-bmo998749.patch (bmo#998749)
  * mozilla-s390x-skia-gradient.patch
- update create-tar.sh
- Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=834
2020-06-30 11:39:58 +00:00
Wolfgang Rosenauer
3d2e40a031 Accepting request 813117 from home:Guillaume_G:branches:mozilla:Factory
- Exclude armv6, since it is unbuildable since about 3 years

OBS-URL: https://build.opensuse.org/request/show/813117
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=833
2020-06-10 07:35:21 +00:00
Wolfgang Rosenauer
d5337670c2 Accepting request 811243 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 77.0.1
  * Disable automatic selection of DNS over HTTPS providers during
    a test to enable wider deployment in a more controlled way
    (bmo#1642723)

OBS-URL: https://build.opensuse.org/request/show/811243
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=831
2020-06-04 06:00:26 +00:00
Wolfgang Rosenauer
5c3bb08acd - Mozilla Firefox 77.0
* view and manage web certificates more easily on the new
    about:certificate page
  * improvements in accessibility
  * significant improvements to JavaScript debugging
  MFSA 2020-20 (bsc#1172402)
  * CVE-2020-12399 (bmo#1631576)
    Timing attack on DSA signatures in NSS library
    (fixed with external NSS >= 3.52.1)
  * CVE-2020-12405 (bmo#1631618)
    Use-after-free in SharedWorkerService
  * CVE-2020-12406 (bmo#1639590)
    JavaScript type confusion with NativeTypes
  * CVE-2020-12407 (bmo#1637112)
    WebRender leaking GPU memory when using border-image CSS
    directive
  * CVE-2020-12408 (bmo#1623888)
    URL spoofing when using IP addresses
  * CVE-2020-12409 (bmo#1619305, bmo#1632717)
    Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
  * CVE-2020-12411 (bmo#1620972, bmo#1625333)
    Memory safety bugs fixed in Firefox 77
- requires
  * NSS >= 3.52.1
  * rust-cbindgen >= 1.14.1
  * clang >= 5
- added mozilla-bmo1634646.patch as part of fixing PGO build
  (still not working)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=830
2020-06-02 14:55:49 +00:00
Wolfgang Rosenauer
15bd5b7707 Accepting request 805351 from home:michel_mno:branches:mozilla:Factory
- change again _constraints for ppc64le use <physicalmemory>
  and increase limit_build in spec file to reduce max_jobs.

OBS-URL: https://build.opensuse.org/request/show/805351
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=828
2020-05-14 06:50:59 +00:00
Wolfgang Rosenauer
d5f3632780 - Mozilla Firefox 76.0.1
* Fixed a bug causing some add-ons such as Amazon Assistant to see
    multiple onConnect events, impairing functionality (bmo#1635637)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=827
2020-05-12 21:40:30 +00:00
Wolfgang Rosenauer
f1f2bf264a - Mozilla Firefox 76.0
* Lockwise improvements
  * Improvements in Picture-in-Picture feature
  * Support Audio Worklets
  MFSA-2020-16 (bsc#1171186)
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-12388 (bmo#1618911)
    Sandbox escape with improperly guarded Access Tokens
  * CVE-2020-12389 (bmo#1554110)
    Sandbox escape with improperly separated process types
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12390 (bmo#1141959)
    Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
  * CVE-2020-12391 (bmo#1457100)
    Content-Security-Policy bypass using object elements
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2020-12394 (bmo#1628288)
    URL spoofing in location bar when unfocussed
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
    Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
  * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
    bmo#1622291, bmo#1627644)
    Memory safety bugs fixed in Firefox 76

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=825
2020-05-05 19:25:39 +00:00
Wolfgang Rosenauer
81c21d1d0f - fix build issue in libvpx for i586 via mozilla-bmo1622013.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=823
2020-04-09 17:21:52 +00:00
Wolfgang Rosenauer
65f3f19592 * https://www.mozilla.org/en-US/firefox/75.0/releasenotes
MFSA 2020-12 (bsc#1168874)
  * CVE-2020-6821 (bmo#1625404)
    Uninitialized memory could be read when using the WebGL
    copyTexSubImage method
  * CVE-2020-6822 (bmo#1544181)
    Out of bounds write in GMPDecodeData when processing large images
  * CVE-2020-6823 (bmo#1614919)
    Malicious Extension could obtain auth codes from OAuth login flows
  * CVE-2020-6824 (bmo#1621853)
    Generated passwords may be identical on the same site between
    separate private browsing sessions
  * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203)
    Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
  * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488,
    bmo#1619229,bmo#1620719,bmo#1624897)
    Memory safety bugs fixed in Firefox 75

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=822
2020-04-07 20:38:25 +00:00
Wolfgang Rosenauer
f0a9acb709 - Mozilla Firefox 75.0
- removed obsolete patch
  mozilla-bmo1609538.patch
- requires
  * rust >= 1.41
  * rust-cbindgen >= 0.13.1
  * mozilla-nss >= 3.51
  * nodejs10 >= 10.19

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=821
2020-04-07 12:21:48 +00:00
Wolfgang Rosenauer
2bd754dfc1 Accepting request 791805 from home:michel_mno:branches:mozilla:Factory
- increase _constraints memory for ppc64le

OBS-URL: https://build.opensuse.org/request/show/791805
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=820
2020-04-07 12:16:56 +00:00
Wolfgang Rosenauer
d0f04f447a Accepting request 791343 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 74.0.1
  MFSA 2020-11 (boo#1168630)
  * CVE-2020-6819 (bmo#1620818)
    Use-after-free while running the nsDocShell destructor
  * CVE-2020-6820 (bmo#1626728)
    Use-after-free when handling a ReadableStream

OBS-URL: https://build.opensuse.org/request/show/791343
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=818
2020-04-04 11:23:11 +00:00
Wolfgang Rosenauer
474c698ebf - Mozilla Firefox 74.0.1
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=817
2020-04-03 15:25:40 +00:00
Wolfgang Rosenauer
945d8129f8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=815 2020-03-25 09:47:01 +00:00
Wolfgang Rosenauer
67fc595cea - mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled
to be read, as openssl 1.1.1 FIPS aborts if it cannot access it
  (bsc#1167132)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=814
2020-03-25 09:43:20 +00:00
Wolfgang Rosenauer
1fdca0de1d Accepting request 788017 from home:msmeissn:branches:mozilla:Factory
- firefox-fips.patch: allow /proc/sys/crypto/fips_enabled to be read, as openssl 1.1.1 
  FIPS aborts if it cannot access it (bsc#1167132)

OBS-URL: https://build.opensuse.org/request/show/788017
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=813
2020-03-25 09:12:06 +00:00