1
0
Commit Graph

678 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
f2fb960d33 - Mozilla Firefox 96.0.3 (bsc#1195230)
* Fixed an issue that allowed unexpected data to be submitted in
    some of our search telemetry (bmo#1752317)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=955
2022-01-28 15:33:21 +00:00
Wolfgang Rosenauer
81795c233e Accepting request 948330 from home:marxin:branches:mozilla:Factory
- Enable -fimplicit-constexpr for GCC 12+.

OBS-URL: https://build.opensuse.org/request/show/948330
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=954
2022-01-24 08:24:06 +00:00
Wolfgang Rosenauer
68541949af Accepting request 947794 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 96.0.2

OBS-URL: https://build.opensuse.org/request/show/947794
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=953
2022-01-21 07:26:07 +00:00
Wolfgang Rosenauer
ab7bde2994 Accepting request 946472 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 96.0.1 boo#1194677

OBS-URL: https://build.opensuse.org/request/show/946472
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=952
2022-01-14 17:14:41 +00:00
Wolfgang Rosenauer
abe4d87b4e - Mozilla Firefox 96.0
* https://www.mozilla.org/en-US/firefox/96.0/releasenotes
  MFSA 2022-01 (bsc#1194547)
  * CVE-2022-22746 (bmo#1735071)
    Calling into reportValidity could have lead to fullscreen
    window spoof
  * CVE-2022-22743 (bmo#1739220)
    Browser window spoof using fullscreen mode
  * CVE-2022-22742 (bmo#1739923)
    Out-of-bounds memory access when inserting text in edit mode
  * CVE-2022-22741 (bmo#1740389)
    Browser window spoof using fullscreen mode
  * CVE-2022-22740 (bmo#1742334)
    Use-after-free of ChannelEventQueue::mOwner
  * CVE-2022-22738 (bmo#1742382)
    Heap-buffer-overflow in blendGaussianBlur
  * CVE-2022-22737 (bmo#1745874)
    Race condition when playing audio files
  * CVE-2021-4140 (bmo#1746720)
    Iframe sandbox bypass with XSLT
  * CVE-2022-22750 (bmo#1566608)
    IPC passing of resource handles could have lead to sandbox
    bypass
  * CVE-2022-22749 (bmo#1705094)
    Lack of URL restrictions when scanning QR codes
  * CVE-2022-22748 (bmo#1705211)
    Spoofed origin on external protocol launch dialog
  * CVE-2022-22745 (bmo#1735856)
    Leaking cross-origin URLs through securitypolicyviolation
    event

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=951
2022-01-11 22:06:33 +00:00
Wolfgang Rosenauer
2942ef5aaf - Mozilla Firefox 95.0.2
* Addresses frequent crashes experienced by users with C/E/Z-Series
    "Bobcat" CPUs running on Windows 7, 8, and 8.1.
- updated constraints for ppc and x86-64

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=950
2021-12-29 10:25:00 +00:00
Wolfgang Rosenauer
b18fda39cd Accepting request 943030 from home:iznogood:branches:mozilla:Factory
- Add upstream patches:
  * mozilla-bmo1745560.patch: Fix build against wayland 1.20.
  * mozilla-bmo1744896.patch: Create WaylandVsyncSource on window
    creation

OBS-URL: https://build.opensuse.org/request/show/943030
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=949
2021-12-29 09:38:41 +00:00
Wolfgang Rosenauer
f6424d435d - Mozilla Firefox 95.0.1 (bsc#1193845)
* Fixed frequent
    MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
    messages when trying to connect to various microsoft.com
    domains (bmo#1745600)
  * Fix for a WebRender crash on some Linux/X11 systems (bmo#1741956)
  * Fix for a frequent Windows shutdown crash (bmo#1738984)
  * Fix websites contrast issues for some Linux users with
    Dark mode set at OS level (bmo#1740518)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=948
2021-12-17 14:07:38 +00:00
Wolfgang Rosenauer
79dbc14d01 - Mozilla Firefox 95.0
* You can now move the Picture-in-Picture toggle button to the
    opposite side of the video. Simply look for the new context menu
    option Move Picture-in-Picture Toggle to Left (Right) Side.
  * To better protect Firefox users against side-channel attacks such
    as Spectre, Site Isolation is now enabled for all Firefox 95 users.
  * https://www.mozilla.org/en-US/firefox/95.0/releasenotes
  MFSA 2021-52 (bsc#1193485)
  * CVE-2021-43536 (bmo#1730120)
    URL leakage when navigating while executing asynchronous
    function
  * CVE-2021-43537 (bmo#1738237)
    Heap buffer overflow when using structured clone
  * CVE-2021-43538 (bmo#1739091)
    Missing fullscreen and pointer lock notification when
    requesting both
  * CVE-2021-43539 (bmo#1739683)
    GC rooting failure when calling wasm instance methods
  * MOZ-2021-0010 (bmo#1735852)
    Use-after-free in fullscreen objects on MacOS
  * CVE-2021-43540 (bmo#1636629)
    WebExtensions could have installed persistent ServiceWorkers
  * CVE-2021-43541 (bmo#1696685)
    External protocol handler parameters were unescaped
  * CVE-2021-43542 (bmo#1723281)
    XMLHttpRequest error codes could have leaked the existence of
    an external protocol handler
  * CVE-2021-43543 (bmo#1738418)
    Bypass of CSP sandbox directive when embedding
  * CVE-2021-43544 (bmo#1739934)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=947
2021-12-07 21:12:25 +00:00
Wolfgang Rosenauer
0d5bac4eb8 Accepting request 935283 from home:AndreasStieger:branches:mozilla:Factory
- remove x-scheme-handler/ftp from firefox.desktop boo#1193321

OBS-URL: https://build.opensuse.org/request/show/935283
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=946
2021-12-02 21:24:56 +00:00
Wolfgang Rosenauer
a4862dbb50 Accepting request 934031 from home:iznogood:branches:mozilla:Factory
- Drop unused libidl-devel BuildRequires.

OBS-URL: https://build.opensuse.org/request/show/934031
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=945
2021-11-30 07:53:04 +00:00
Wolfgang Rosenauer
4e8a9f546c Accepting request 933349 from home:AndreasStieger:branches:mozilla:Factory
94.0.2 boo#1193014

OBS-URL: https://build.opensuse.org/request/show/933349
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=944
2021-11-23 22:50:02 +00:00
Wolfgang Rosenauer
e36ee00a57 Accepting request 929747 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 94.0.1

OBS-URL: https://build.opensuse.org/request/show/929747
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=943
2021-11-06 10:32:26 +00:00
Wolfgang Rosenauer
8739ae12dd - Mozilla Firefox 94.0
* https://www.mozilla.org/en-US/firefox/94.0/releasenotes
  MFSA 2021-48 (bsc#1192250)
  * CVE-2021-38503 (bmo#1729517)
    iframe sandbox rules did not apply to XSLT stylesheets
  * CVE-2021-38504 (bmo#1730156)
    Use-after-free in file picker dialog
  * CVE-2021-38505 (bmo#1730194)
    Windows 10 Cloud Clipboard may have recorded sensitive user data
  * CVE-2021-38506 (bmo#1730750)
    Firefox could be coaxed into going into fullscreen mode
    without notification or warning
  * CVE-2021-38507 (bmo#1730935)
    Opportunistic Encryption in HTTP2 could be used to bypass the
    Same-Origin-Policy on services hosted on other ports
  * MOZ-2021-0003 (bmo#1736886)
    Universal XSS in Firefox for Android via QR Code URLs
  * CVE-2021-38508 (bmo#1366818)
    Permission Prompt could be overlaid, resulting in user
    confusion and potential spoofing
  * MOZ-2021-0004 (bmo#1659155)
    Web Extensions could access pre-redirect URL when their
    context menu was triggered by a user
  * CVE-2021-38509 (bmo#1718571)
    Javascript alert box could have been spoofed onto an
    arbitrary domain
  * CVE-2021-38510 (bmo#1731779)
    Download Protections were bypassed by .inetloc files on Mac OS
  * MOZ-2021-0005 (bmo#1719203)
    'Copy Image Link' context menu action could have been abused

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=942
2021-11-02 13:51:34 +00:00
Wolfgang Rosenauer
151a4b1f05 - Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
- (re-)enable LTO on Tumbleweed
  sandbox containment, to be able to open /proc/sys/crypto/fips_enabled
- Add patch to fix build on aarch64 (bmo#1729124)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=941
2021-10-27 15:33:17 +00:00
Wolfgang Rosenauer
ae15405da4 Accepting request 927437 from home:iznogood:branches:mozilla:Factory
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires.

OBS-URL: https://build.opensuse.org/request/show/927437
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=940
2021-10-27 15:31:55 +00:00
Wolfgang Rosenauer
7f5ab49250 Accepting request 927257 from home:marxin:branches:mozilla:Factory
- Enable LTO for openSUSE Tumbleweed.

OBS-URL: https://build.opensuse.org/request/show/927257
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=939
2021-10-27 15:31:17 +00:00
Wolfgang Rosenauer
07e2068a94 Accepting request 926488 from home:MSirringhaus:branches:mozilla:Factory
- Rebase mozilla-sandbox-fips.patch to punch another hole in the
  sandbox containment, to be able to open /proc/sys/crypto/fips_enabled 
  from within the newly introduced socket process sandbox.
  This fixes bsc#1191815 and bsc#1190141

OBS-URL: https://build.opensuse.org/request/show/926488
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=938
2021-10-21 06:51:24 +00:00
Wolfgang Rosenauer
d9fccc7f41 Accepting request 926012 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Add patch to fix build on aarch64 - bmo#1729124 
  * mozilla-bmo1729124.patch

OBS-URL: https://build.opensuse.org/request/show/926012
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=937
2021-10-18 14:39:26 +00:00
Wolfgang Rosenauer
317e7b9c84 - Mozilla Firefox 93.0
* supports the new AVIF image format
  * PDF viewer now supports filling more forms (XFA-based forms)
  * now blocks downloads that rely on insecure connections,
    protecting against potentially malicious or unsafe downloads
  * Improved web compatibility for privacy protections with SmartBlock 3.0
  * Introducing a new referrer tracking protection in Strict Tracking
    Protection and Private Browsing
  * TLS ciphersuites that use 3DES have been disabled. Such
    ciphersuites can only be enabled when deprecated versions of
    TLS are also enabled
  * The download panel now follows the Firefox visual styles
  MFSA 2021-43 (bsc#1191332)
  * CVE-2021-38496 (bmo#1725335)
    Use-after-free in MessageTask
  * CVE-2021-38497 (bmo#1726621)
    Validation message could have been overlaid on another origin
  * CVE-2021-38498 (bmo#1729642)
    Use-after-free of nsLanguageAtomService object
  * CVE-2021-32810 (bmo#1729813)
    https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
    Data race in crossbeam-deque
  * CVE-2021-38500 (bmo#1725854, bmo#1728321)
    Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
  * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
    Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
  * CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
    Memory safety bugs fixed in Firefox 93
- removed obsolete mozilla-bmo1708709.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=936
2021-10-06 07:02:07 +00:00
Wolfgang Rosenauer
d7bcd62a7b Accepting request 921886 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 92.0.1
  * Fixed: Fixes an issue where audio playback was not working on
    some Linux systems (bmo#1730499)
  * Fixed: Fixes issues with the findbar close button on
    different operating systems (bmo#1728368)

OBS-URL: https://build.opensuse.org/request/show/921886
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=935
2021-09-27 20:21:10 +00:00
Wolfgang Rosenauer
655acc0f45 - Mozilla Firefox 92.0
* More secure connections: Firefox can now automatically upgrade to
    HTTPS using HTTPS RR as Alt-Svc headers
  * Full-range color levels are now supported for video playback on
    many systems
  MFSA 2021-38 (bsc#1190269)
  * CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240,
    bmo#1712242, bmo#1729259)
    Handling custom intents could lead to crashes and UI spoofs
  * CVE-2021-38491 (bmo#1551886)
    Mixed-Content-Blocking was unable to check opaque origins
  * CVE-2021-38492 (bmo#1721107)
    Navigating to `mk:` URL scheme could load Internet Explorer
  * CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107)
    Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and
    Firefox ESR 91.1
  * CVE-2021-38494 (bmo#1723920, bmo#1725638)
    Memory safety bugs fixed in Firefox 92
- updated appdata
- remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
  (does not apply anymore; unclear if obsolete)
- bring back mozilla-silence-no-return-type.patch and
  run post-build-checks everywhere again
- requires NSS 3.69.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=934
2021-09-07 19:29:05 +00:00
Wolfgang Rosenauer
5dfb50213d Accepting request 915209 from home:badshah400:branches:mozilla:Factory
Fixes a nasty bug, introduced in firefox version 91.x, on wayland systems with font-scaling greater than 1 that causes pop-up menus (clicking on bookmark icon in address bar, for example) to incessantly flicker. Patch taken from upstream bug report and rebased to apply cleanly against current version. Tested to work on GNOME on Wayland on TW 20210829.

OBS-URL: https://build.opensuse.org/request/show/915209
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=933
2021-09-02 06:57:55 +00:00
Wolfgang Rosenauer
7ec3a08d55 - Bump using with GCC (tested locally).
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=932
2021-08-29 14:46:22 +00:00
Wolfgang Rosenauer
13628da26b Accepting request 913358 from home:marxin:branches:mozilla:Factory
- Bump using with GCC (tested locally).

OBS-URL: https://build.opensuse.org/request/show/913358
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=931
2021-08-29 14:45:03 +00:00
Wolfgang Rosenauer
b349085c8c Accepting request 914701 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 91.0.2

OBS-URL: https://build.opensuse.org/request/show/914701
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=930
2021-08-28 14:28:05 +00:00
Wolfgang Rosenauer
08f2bc94ea * Fixed an issue causing buttons on the tab bar to be resized when
loading certain websites (bmo#1704404)
  * Fixed an issue which caused tabs from private windows to be
    visible in non-private windows when viewing switch-to-tab results
    in the address bar panel (bmo#1720369)
  * Various stability fixes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=929
2021-08-18 06:44:45 +00:00
Wolfgang Rosenauer
d4f253eebc - Mozilla Firefox 91.0.1
MFSA 2021-37 (bsc#1189547)
  * CVE-2021-29991 (bmo#1724896)
    Header Splitting possible with HTTP/3 Responses

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=928
2021-08-18 06:41:08 +00:00
Wolfgang Rosenauer
efa14df02c MFSA 2021-33 (bsc#1188891)
* CVE-2021-29986 (bmo#1696138)
    Race condition when resolving DNS names could have led to
    memory corruption
  * CVE-2021-29981 (bmo#1707774)
    Live range splitting could have led to conflicting
    assignments in the JIT
  * CVE-2021-29988 (bmo#1717922)
    Memory corruption as a result of incorrect style treatment
  * CVE-2021-29983 (bmo#1719088)
    Firefox for Android could get stuck in fullscreen mode
  * CVE-2021-29984 (bmo#1720031)
    Incorrect instruction reordering during JIT optimization
  * CVE-2021-29980 (bmo#1722204)
    Uninitialized memory in a canvas object could have led to
    memory corruption
  * CVE-2021-29987 (bmo#1716129)
    Users could have been tricked into accepting unwanted
    permissions on Linux
  * CVE-2021-29985 (bmo#1722083)
    Use-after-free media channels
  * CVE-2021-29982 (bmo#1715318)
    Single bit data leak due to incorrect JIT optimization and
    type confusion
  * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
    bmo#1719998, bmo#1720568)
    Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
  * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778,
    bmo#1719319, bmo#1722073)
    Memory safety bugs fixed in Firefox 91

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=927
2021-08-13 21:34:50 +00:00
Wolfgang Rosenauer
4da575923b - Mozilla Firefox 91.0
MFSA 2021-?? (boo#1188891)
- requires
  * rustc/cargo >= 1.51
  * NSPR >= 4.32
  * NSS >= 3.68
- force-disable webrender on BE platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=926
2021-08-11 20:19:19 +00:00
Wolfgang Rosenauer
788b177a3e Accepting request 908072 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 90.0.2

OBS-URL: https://build.opensuse.org/request/show/908072
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=925
2021-07-24 09:18:43 +00:00
Wolfgang Rosenauer
8b6bd667de Accepting request 907190 from home:AndreasStieger:branches:mozilla:Factory
90.0.1

OBS-URL: https://build.opensuse.org/request/show/907190
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=923
2021-07-19 21:56:47 +00:00
Wolfgang Rosenauer
1ef79265b6 - Mozilla Firefox 90.0
MFSA 2021-28 (bsc#1188275)
  * CVE-2021-29970 (bmo#1709976)
    Use-after-free in accessibility features of a document
  * CVE-2021-29971 (bmo#1713638)
    Granted permissions only compared host; omitting scheme and
    port on Android
  * CVE-2021-30547 (bmo#1715766)
    Out of bounds write in ANGLE
  * CVE-2021-29972 (bmo#1696816)
    Use of out-of-date library included use-after-free
    vulnerability
  * CVE-2021-29973 (bmo#1701932)
    Password autofill on HTTP websites was enabled without user
    interaction on Android
  * CVE-2021-29974 (bmo#1704843)
    HSTS errors could be overridden when network partitioning was
    enabled
  * CVE-2021-29975 (bmo#1713259)
    Text message could be overlaid on top of another website
  * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
    bmo#1711576, bmo#1714391)
    Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
  * CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316,
    bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357,
    bmo#1714066)
    Memory safety bugs fixed in Firefox 90
- requires
  NSPR 4.31
  NSS 3.66

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=922
2021-07-15 21:12:05 +00:00
Wolfgang Rosenauer
e05ce7eaa9 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=921 2021-06-23 19:59:17 +00:00
Wolfgang Rosenauer
51a90989f8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=920 2021-06-23 19:58:06 +00:00
Wolfgang Rosenauer
ab800db342 Accepting request 901577 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 89.0.1 (boo#1187648):
  * Fixed: Fix occasional hangs with Software WebRender on Linux
    (bmo#1708224)

OBS-URL: https://build.opensuse.org/request/show/901577
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=919
2021-06-23 19:56:32 +00:00
Wolfgang Rosenauer
537d85fe11 Accepting request 900942 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 89.0.1

OBS-URL: https://build.opensuse.org/request/show/900942
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=918
2021-06-19 15:20:27 +00:00
Wolfgang Rosenauer
006265e486 - switched TW/x86_64 to clang as the last platform due to
https://bugs.gentoo.org/792705
- but LTO with clang is broken in TW so disable LTO for it
  https://bugs.llvm.org/show_bug.cgi?id=47872

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=916
2021-06-05 11:13:48 +00:00
Wolfgang Rosenauer
b1df184d28 * UI redesign
* The Event Timing API is now supported
  * The CSS forced-colors media query is now supported
  MFSA 2021-23 (bsc#1186696)
  * CVE-2021-29965 (bmo#1709257)
    Password Manager on Firefox for Android susceptible to domain
    spoofing
  * CVE-2021-29960 (bmo#1675965)
    Filenames printed from private browsing mode incorrectly
    retained in preferences
  * CVE-2021-29961 (bmo#1700235)
    Firefox UI spoof using `<select>` elements and CSS scaling
  * CVE-2021-29963 (bmo#1705068)
    Shared cookies for search suggestions in private browsing mode
  * CVE-2021-29964 (bmo#1706501)
    Out of bounds-read when parsing a `WM_COPYDATA` message
  * CVE-2021-29959 (bmo#1395819)
    Devices could be re-enabled without additional permission prompt
  * CVE-2021-29962 (bmo#1701673)
    No rate-limiting for popups on Firefox for Android
  * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
    bmo#1704722, bmo#1706041)
    Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
  * CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124)
    Memory safety bugs fixed in Firefox 89

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=913
2021-06-01 13:45:38 +00:00
Wolfgang Rosenauer
f3c1fa05f9 - Mozilla Firefox 89.0
- require
  NSS >= 3.64
  rust-cbindgen >= 0.19.0
- do not rely on nodejs10 packagename anymore

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=912
2021-06-01 13:39:35 +00:00
Wolfgang Rosenauer
eb1266408f Accepting request 891041 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Relax RAM and disk constraints for aarch64

OBS-URL: https://build.opensuse.org/request/show/891041
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=910
2021-05-11 14:17:04 +00:00
Wolfgang Rosenauer
39e811e051 Accepting request 890804 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 88.0.1
bsc#1185633
boo#1185658

OBS-URL: https://build.opensuse.org/request/show/890804
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=908
2021-05-05 21:12:50 +00:00
Wolfgang Rosenauer
3870f9c6b6 - add compatibility for libavcodec58_134
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=906
2021-05-02 19:03:42 +00:00
Wolfgang Rosenauer
9b2c9b32ce - Mozilla Firefox 88.0
* New: PDF forms now support JavaScript embedded in PDF files.
    Some PDF forms use JavaScript for validation and other
    interactive features
  * New: Print updates: Margin units are now localized
  * New: Smooth pinch-zooming using a touchpad is now supported
    on Linux
  * New: To protect against cross-site privacy leaks, Firefox now
    isolates window.name data to the website that created it.
    Learn more
  * Changed: Firefox will not prompt for access to your
    microphone or camera if you’ve already granted access to the
    same device on the same site in the same tab within the past
    50 seconds. This new grace period reduces the number of times
    you’re prompted to grant device access
  * Changed: The ‘Take a Screenshot’ feature was removed from the
    Page Actions menu in the url bar. To take a screenshot,
    right-click to open the context menu. You can also add a
    screenshots shortcut directly to your toolbar via the
    Customize menu. Open the Firefox menu and select Customize…
  * Changed: FTP support has been disabled, and its full removal
    is planned for an upcoming release. Addressing this security
    risk reduces the likelihood of an attack while also removing
    support for a non-encrypted protocol
  * Developer: Introduced a new toggle button in the Network
    panel for switching between JSON formatted HTTP response and
    raw data (as received over the wire).
    !enter image description here
  * Enterprise: Various bug fixes and new policies have been
    implemented in the latest version of Firefox. You can see

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=904
2021-04-20 07:57:25 +00:00
Wolfgang Rosenauer
106ed5cb05 - Switch to clang_build globally; just on TW/x86_64 it does not work
due to unreolved externals `__rust_probestack' - disable clang_build
  then.
- useccache: Add conditionals to enable/disable ccache.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=902
2021-03-27 14:02:10 +00:00
Wolfgang Rosenauer
d51fd4059a - Mozilla Firefox 87.0
* requires NSS 3.62
  * removed obsolete BigEndian ICU build workaround
  * rebased patches
  MFSA 2021-10 (bsc#1183942)
  * CVE-2021-23981 (bmo#1692832)
    Texture upload into an unbound backing buffer resulted in an
    out-of-bound read
  * CVE-2021-23982 (bmo#1677046)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2021-23983 (bmo#1692684)
    Transitions for invalid ::marker properties resulted in memory
    corruption
  * CVE-2021-23984 (bmo#1693664)
    Malicious extensions could have spoofed popup information
  * CVE-2021-23985 (bmo#1659129)
    Devtools remote debugging feature could have been enabled
    without indication to the user
  * CVE-2021-23986 (bmo#1692623)
    A malicious extension could have performed credential-less
    same origin policy violations
  * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
    bmo#1690718)
    Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
  * CVE-2021-23988 (bmo#1684994, bmo#1686653)
    Memory safety bugs fixed in Firefox 87

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=901
2021-03-25 21:32:32 +00:00
Wolfgang Rosenauer
598016be52 Accepting request 879494 from home:marxin:branches:mozilla:Factory
- Set memory limits for DWZ to 4x.

OBS-URL: https://build.opensuse.org/request/show/879494
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=900
2021-03-17 08:41:08 +00:00
Wolfgang Rosenauer
c538f7d283 Accepting request 878726 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 86.0.1

OBS-URL: https://build.opensuse.org/request/show/878726
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=898
2021-03-13 09:26:25 +00:00
Wolfgang Rosenauer
e8a1c7a40b - Mozilla Firefox 86.0
* requires NSS >= 3.61
  * requires rust-cbindgen >= 0.16.0
  * Firefox now supports simultaneously watching multiple videos in
    Picture-in-Picture.
  * Total Cookie Protection to Strict Mode
  * https://www.mozilla.org/en-US/firefox/86.0/releasenotes
  MSFA 2021-07 (bsc#1182614)
  * CVE-2021-23969 (bmo#1542194)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23970 (bmo#1681724)
    Multithreaded WASM triggered assertions validating separation
    of script domains
  * CVE-2021-23968 (bmo#1687342)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23974 (bmo#1528997, bmo#1683627)
    noscript elements could have led to an HTML Sanitizer bypass
  * CVE-2021-23971 (bmo#1678545)
    A website's Referrer-Policy could have been be overridden,
    potentially resulting in the full URL being sent as a Referrer
  * CVE-2021-23976 (bmo#1684627)
    Local spoofing of web manifests for arbitrary pages in
    Firefox for Android
  * CVE-2021-23977 (bmo#1684761)
    Malicious application could read sensitive data from Firefox
    for Android's application directories
  * CVE-2021-23972 (bmo#1683536)
    HTTP Auth phishing warning was omitted when a redirect is

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=895
2021-02-24 11:49:39 +00:00
Wolfgang Rosenauer
326240ab1d Accepting request 873214 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 85.0.2

OBS-URL: https://build.opensuse.org/request/show/873214
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=893
2021-02-17 21:15:35 +00:00
Wolfgang Rosenauer
2d0a314ecf Accepting request 873173 from home:michel_mno:branches:mozilla:Factory
- Use %limit_build macros for PowerPC to avoid oom build failure

OBS-URL: https://build.opensuse.org/request/show/873173
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=892
2021-02-17 21:14:36 +00:00
Wolfgang Rosenauer
1744f2efc7 Accepting request 870516 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 85.0.1

OBS-URL: https://build.opensuse.org/request/show/870516
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=890
2021-02-09 12:40:21 +00:00
Wolfgang Rosenauer
ee9c609811 - Mozilla Firefox 85.0
* Adobe Flash is completely history
  * supercookie protection
  * new bookmark handling and features
  MFSA 2021-03 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2021-23955 (bmo#1684837)
    Clickjacking across tabs through misusing requestPointerLock
  * CVE-2021-23956 (bmo#1338637)
    File picker dialog could have been used to disclose a
    complete directory
  * CVE-2021-23957 (bmo#1584582)
    Iframe sandbox could have been bypassed on Android via the
    intent URL scheme
  * CVE-2021-23958 (bmo#1642747)
    Screen sharing permission leaked across tabs
  * CVE-2021-23959 (bmo#1659035)
    Cross-Site Scripting in error pages on Firefox for Android
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23962 (bmo#1677194)
    Use-after-poison in

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=888
2021-01-26 21:38:39 +00:00
Wolfgang Rosenauer
3269619cc2 Accepting request 862420 from home:Mailaender:branches:mozilla:Factory
Fixed the screenshot links.

OBS-URL: https://build.opensuse.org/request/show/862420
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=886
2021-01-11 18:42:03 +00:00
Wolfgang Rosenauer
fbf027988a Accepting request 861463 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 84.0.2
  MFSA 2021-01 (bsc#1180623)
  * CVE-2020-16044 (bmo#1683964)
    Use-after-free write when handling a malicious COOKIE-ECHO
    SCTP chunk

OBS-URL: https://build.opensuse.org/request/show/861463
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=884
2021-01-07 20:33:44 +00:00
Wolfgang Rosenauer
17c9d3e87b - Mozilla Firefox 84.0.1
* Fixed problems loading secure websites and crashes for users
    with certain third-party PKCS11 modules and smartcards installed
    (bmo#1682881) (fixed in NSS 3.59.1)
  * Fixed a bug causing some Unity JS games to not load on Apple
    Silicon devices due to improper detection of the OS version
    (bmo#1680516)
- requires NSS 3.59.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=882
2021-01-02 09:24:42 +00:00
Wolfgang Rosenauer
70fb53e62e - Mozilla Firefox 84.0
* Firefox 84 is the final release to support Adobe Flash
  * WebRender is enabled by default when run on GNOME-based X11
    Linux desktops
  MFSA 2020-54 (bsc#1180039))
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26972 (bmo#1671382)
    Use-After-Free in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26975 (bmo#1661071)
    Malicious applications on Android could have induced Firefox
    for Android into sending arbitrary attacker-specified headers
  * CVE-2020-26976 (bmo#1674343)
    HTTPS pages could have been intercepted by a registered
    service worker when they should not have been
  * CVE-2020-26977 (bmo#1676311)
    URL spoofing via unresponsive port in Firefox for Android
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-26979 (bmo#1641287, bmo#1673299)
    When entering an address in the address or search bars, a

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 22:40:17 +00:00
Wolfgang Rosenauer
1a48836fb2 Accepting request 854531 from home:marxin:branches:mozilla:Factory
- PGO is still broken as can be seen here:
  https://bugzilla.mozilla.org/show_bug.cgi?id=1680306

OBS-URL: https://build.opensuse.org/request/show/854531
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=879
2020-12-10 12:07:53 +00:00
Wolfgang Rosenauer
ae9afbb746 Accepting request 853750 from home:marxin:branches:mozilla:Factory
- Add fix-gcc-pgo.patch and enable PGO again.

OBS-URL: https://build.opensuse.org/request/show/853750
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=878
2020-12-08 10:41:13 +00:00
Wolfgang Rosenauer
850afd3a6f Accepting request 852867 from home:marxin:branches:mozilla:Factory
- Enable again LTO as gcc10 package is fixed.

Fixed gcc10 is in devel project and is approaching openSUSE:Factory
in a staging project.

OBS-URL: https://build.opensuse.org/request/show/852867
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=877
2020-12-03 17:48:21 +00:00
Wolfgang Rosenauer
c7f8f5880d - Add/Enable GNOME search provider
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=875
2020-11-21 08:13:23 +00:00
Wolfgang Rosenauer
200347945f Accepting request 845404 from home:kkirill:branches:mozilla:Factory
Enable GNOME Shell search provider akin to Fedora by
- providing firefox-search-provider.ini file for GNOME Shell search provider (copy from Fedora)
- setting the browser.gnome-search-provider.enabled to true

OBS-URL: https://build.opensuse.org/request/show/845404
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=874
2020-11-21 08:10:39 +00:00
Wolfgang Rosenauer
74592d9c27 - disable LTO on TW because of ICEs in gcc
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=873
2020-11-20 06:19:02 +00:00
Wolfgang Rosenauer
75f3df970c - switch to build with clang (as gcc produces only ICEs on TW)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=872
2020-11-19 22:03:00 +00:00
Wolfgang Rosenauer
695b9a520a - Mozilla Firefox 83.0
* major update for SpiderMonkey improving performance significantly
  * optional HTTPS-Only mode
  * more improvements
    https://www.mozilla.org/en-US/firefox/83.0/releasenotes/
  MFSA 2020-50 (bsc#1178824))
  * CVE-2020-26951 (bmo#1667113)
    Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code
  * CVE-2020-26952 (bmo#1667685)
    Out of memory handling of JITed, inlined functions could lead
    to a memory corruption
  * CVE-2020-16012 (bmo#1642028)
    Variable time processing of cross-origin images during
    drawImage calls
  * CVE-2020-26953 (bmo#1656741)
    Fullscreen could be enabled without displaying the security UI
  * CVE-2020-26954 (bmo#1657026)
    Local spoofing of web manifests for arbitrary pages in
    Firefox for Android
  * CVE-2020-26955 (bmo#1663261)
    Cookies set during file downloads are shared between normal
    and Private Browsing Mode in Firefox for Android
  * CVE-2020-26956 (bmo#1666300)
    XSS through paste (manual and clipboard API)
  * CVE-2020-26957 (bmo#1667179)
    OneCRL was not working in Firefox for Android
  * CVE-2020-26958 (bmo#1669355)
    Requests intercepted through ServiceWorkers lacked MIME type
    restrictions

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=871
2020-11-19 13:09:37 +00:00
Wolfgang Rosenauer
cc6291512a - Mozilla Firefox 82.0.3
MSFA 2020-49
  * CVE-2020-26950 (bmo#1675905)
    Write side effects in MCallGetProperty opcode not accounted for

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=868
2020-11-09 16:14:06 +00:00
Wolfgang Rosenauer
a33735930f - Mozilla Firefox 82.0.2
* few bugfixes for introduced regressions

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=867
2020-11-02 09:07:47 +00:00
Wolfgang Rosenauer
07ba0d6bad MFSA 2020-45 (bsc#1177872)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=865
2020-10-21 20:15:44 +00:00
Wolfgang Rosenauer
9d0a0f0165 * https://www.mozilla.org/en-US/firefox/82.0/releasenotes/
MFSA 2020-45 (bsc#1177872)
  * CVE-2020-15969 (bmo#1666570)
    Use-after-free in usersctp
  * CVE-2020-15254 (bmo#1668514)
    Undefined behavior in bounded channel of crossbeam rust crate
  * CVE-2020-15680 (bmo#1658881)
    Presence of external protocol handlers could be determined
    through image tags
  * CVE-2020-15681 (bmo#1666568)
    Multiple WASM threads may have overwritten each others' stub
    table entries
  * CVE-2020-15682 (bmo#1636654)
    The domain associated with the prompt to open an external
    protocol could be spoofed to display the incorrect origin
  * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954,
    bmo#1662760, bmo#1663439, bmo#1666140)
    Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
  * CVE-2020-15684 (bmo#1653764, bmo#1661402, bmo#1662259,
    bmo#1664257)
    Memory safety bugs fixed in Firefox 82

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=864
2020-10-21 09:43:59 +00:00
Wolfgang Rosenauer
3505fbb031 - Mozilla Firefox 82.0
- requires
  * NSPR 4.29
  * NSS 3.57

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=863
2020-10-19 20:37:04 +00:00
Wolfgang Rosenauer
2032051695 - Mozilla Firefox 81.0.1
* https://www.mozilla.org/en-US/firefox/81.0.1/releasenotes/
- remove obsolete python2 build requires

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=861
2020-10-01 20:03:49 +00:00
Wolfgang Rosenauer
fd799ac59e Accepting request 838827 from home:Guillaume_G:branches:mozilla:Factory
- Increase disk requirements in _constraints to match current needs

OBS-URL: https://build.opensuse.org/request/show/838827
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=860
2020-10-01 09:04:20 +00:00
Wolfgang Rosenauer
0250e894cb - require python3-curses as workaround to fix i586 build
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=859
2020-09-29 10:48:52 +00:00
Wolfgang Rosenauer
5afd51282e - Mozilla Firefox 81.0
* https://www.mozilla.org/en-US/firefox/81.0/releasenotes
  MFSA 2020-42 (bsc#1176756)
  * CVE-2020-15675 (bmo#1654211)
    Use-After-Free in WebGL
  * CVE-2020-15677 (bmo#1641487)
    Download origin spoofing via redirect
  * CVE-2020-15676 (bmo#1646140)
    XSS when pasting attacker-controlled data into a
    contenteditable element
  * CVE-2020-15678 (bmo#1660211)
    When recursing through layers while scrolling, an iterator
    may have become invalid, resulting in a potential use-after-
    free scenario
  * CVE-2020-15673 (bmo#1648493, bmo#1660800)
    Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
  * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293)
    Memory safety bugs fixed in Firefox 81
- requires
  NSPR 4.28
  NSS 3.56
- removed obsolete patches
  * mozilla-system-nspr.patch
  * mozilla-bmo1661715.patch
  * mozilla-silence-no-return-type.patch
- skip post-build-checks for 15.0 and 15.1
- add revert-795c8762b16b.patch to fix LTO builds with gcc
  (related to bmo#1644409)
- Use %limit_build macro again for aarch64 and armv7, instead of

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=858
2020-09-22 14:04:54 +00:00
Wolfgang Rosenauer
49c4b18dfc Accepting request 835187 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Use %limit_build macro again for aarch64 and armv7, instead of 
  the new memoryperjob _constraints to use more workers

OBS-URL: https://build.opensuse.org/request/show/835187
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=857
2020-09-17 12:12:41 +00:00
Wolfgang Rosenauer
9689fbd025 MFSA 2020-36 (bsc#1175686)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=855
2020-08-25 19:21:33 +00:00
Wolfgang Rosenauer
57739184dc - added mozilla-system-nspr.patch (bmo#1661096)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=854
2020-08-25 18:24:16 +00:00
Wolfgang Rosenauer
f9c0480028 - Mozilla Firefox 80.0
MFSA 2020- (bsc#1175686)
  * CVE-2020-15663 (bmo#1643199)
    Downgrade attack on the Mozilla Maintenance Service could
    have resulted in escalation of privilege
  * CVE-2020-15664 (bmo#1658214)
    Attacker-induced prompt for extension installation
  * CVE-2020-12401 (bmo#1631573)
    Timing-attack on ECDSA signature generation
  * CVE-2020-6829 (bmo#1631583)
    P-384 and P-521 vulnerable to an electro-magnetic side
    channel attack on signature generation
  * CVE-2020-12400 (bmo#1623116)
    P-384 and P-521 vulnerable to a side channel attack on
    modular inversion
  * CVE-2020-15665 (bmo#1651636)
    Address bar not reset when choosing to stay on a page after
    the beforeunload dialog is shown
  * CVE-2020-15666 (bmo#1450853)
    MediaError message property leaks cross-origin response
    status
  * CVE-2020-15667 (bmo#1653371)
    Heap overflow when processing an update file
  * CVE-2020-15668 (bmo#1651520)
    Data Race when reading certificate information
  * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
    bmo#1656957)
    Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
- requires
  * NSPR 4.27

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=853
2020-08-25 18:18:25 +00:00
Wolfgang Rosenauer
9f9bb3e928 Accepting request 828191 from home:marxin:branches:mozilla:Factory
- Use new memoryperjob _constraints instead of %limit_build macro.

OBS-URL: https://build.opensuse.org/request/show/828191
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=852
2020-08-20 13:10:52 +00:00
Wolfgang Rosenauer
185b328f4f - use ccache for build
- replace versioned RPM deps with requires_ge
- parallelize locale build

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=851
2020-08-13 22:06:03 +00:00
Wolfgang Rosenauer
50acacf655 Accepting request 824701 from home:guoyunhe:branches:mozilla:Factory2
- Change *.appdata.xml location to latest AppStream standard

OBS-URL: https://build.opensuse.org/request/show/824701
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=850
2020-08-10 09:14:34 +00:00
Wolfgang Rosenauer
8addddfe67 - Mozilla Firefox 79.0
MFSA 2020-30 (bsc#1174538)
  * CVE-2020-15652 (bmo#1634872)
    Potential leak of redirect targets when loading scripts in a worker
  * CVE-2020-6514 (bmo#1642792)
    WebRTC data channel leaks internal address to peer
  * CVE-2020-15655 (bmo#1645204)
    Extension APIs could be used to bypass Same-Origin Policy
  * CVE-2020-15653 (bmo#1521542)
    Bypassing iframe sandbox when allowing popups
  * CVE-2020-6463 (bmo#1635293)
    Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
  * CVE-2020-15656 (bmo#1647293)
    Type confusion for special arguments in IonMonkey
  * CVE-2020-15658 (bmo#1637745)
    Overriding file type when saving to disk
  * CVE-2020-15657 (bmo#1644954)
    DLL hijacking due to incorrect loading path
  * CVE-2020-15654 (bmo#1648333)
    Custom cursor can overlay user interface
  * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
    bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
    bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
    Memory safety bugs fixed in Firefox 79
- updated dependency requirements:
  * mozilla-nspr >= 4.26
  * mozilla-nss >= 3.54
  * rust >= 1.43
  * rust-cbindgen >= 0.14.3
- removed obsolete patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=847
2020-07-29 07:07:58 +00:00
Wolfgang Rosenauer
0c32c99eba - fixed syntax issue in desktop file (boo#1174360)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=845
2020-07-21 21:32:07 +00:00
Wolfgang Rosenauer
31ba8c3028 (patch provided by Atri Bhattacharya <badshah400@gmail.com>
- enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320)
  (Plasma 5.19.3 is now in TW)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=843
2020-07-17 15:09:12 +00:00
Wolfgang Rosenauer
47a7a10c4f Accepting request 821486 from home:badshah400:branches:mozilla:Factory
- Add mozilla-libavcodec58_91.patch to link against updated
  soversion of libavcodec (58.91) with ffmpeg >= 4.3.

OBS-URL: https://build.opensuse.org/request/show/821486
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=842
2020-07-17 15:04:42 +00:00
Wolfgang Rosenauer
63bc80aa5e - Mozilla Firefox 78.0.2
* Fixed an accessibility regression in reader mode (bmo#1650922)
  * Made the address bar more resilient to data corruption in the
    user profile (bmo#1649981)
  * Fixed a regression opening certain external applications (bmo#1650162)
  MFSA 2020-28
  * CVE pending (bmo#1644076)
    X-Frame-Options bypass using object or embed tags
- Google API key is not usable for geolocation service

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=840
2020-07-13 13:15:06 +00:00
Wolfgang Rosenauer
fba870626f - added desktop file actions
- do not use XINPUT2 for the moment until Plasma 5.19.3 has landed
  (boo#1173993)
- rework langpack integration (boo#1173991)
  * ship XPIs instead of directories
  * allow addon sideloading
  * mark signatures for langpacks non-mandatory
  * do not autodisable user profile scopes
* Google API key is not usable for geolocation service

- Mozilla Firefox 78.0.2
  * Fixed an accessibility regression in reader mode (bmo#1650922)
  * Made the address bar more resilient to data corruption in the
    user profile (bmo#1649981)
  * Fixed a regression opening certain external applications (bmo#1650162)
  MFSA 2020-28
  * CVE pending (bmo#1644076)
    X-Frame-Options bypass using object or embed tags

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=839
2020-07-12 17:40:52 +00:00
Wolfgang Rosenauer
b65efa1613 - fix pipewire support for TW (boo#1172903)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=838
2020-07-06 22:08:51 +00:00
Wolfgang Rosenauer
7efaeba3d2 - removed obsolete patches
* mozilla-bmo1634646.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=836
2020-07-03 20:04:08 +00:00
Wolfgang Rosenauer
13e2ddea0f - Mozilla Firefox 78.0.1
* Fixed an issue which could cause installed search engines to not
    be visible when upgrading from a previous release.
- enable MOZ_USE_XINPUT2 for TW (boo#1173320)
  * Protections Dashboard (about:protections)
  * WebRTC not interrupted by screensaver anymore
  * disabled TLS 1.0 and 1.1 by default
  MFSA 2020-24 (bsc#1173576)
  * CVE-2020-12415 (bmo#1586630)
    AppCache manifest poisoning due to url encoded character processing
  * CVE-2020-12416 (bmo#1639734)
    Use-after-free in WebRTC VideoBroadcaster
  * CVE-2020-12417 (bmo#1640737)
    Memory corruption due to missing sign-extension for ValueTags
    on ARM64
  * CVE-2020-12418 (bmo#1641303)
    Information disclosure due to manipulated URL object
  * CVE-2020-12419 (bmo#1643874)
    Use-after-free in nsGlobalWindowInner
  * CVE-2020-12420 (bmo#1643437)
    Use-After-Free when trying to connect to a STUN server
  * CVE-2020-12402 (bmo#1631597)
    RSA Key Generation vulnerable to side-channel attack
  * CVE-2020-12421 (bmo#1308251)
    Add-On updates did not respect the same certificate trust
    rules as software updates
  * CVE-2020-12422 (bmo#1450353)
    Integer overflow in nsJPEGEncoder::emptyOutputBuffer
  * CVE-2020-12423 (bmo#1642400)
    DLL Hijacking due to searching %PATH% for a library

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=835
2020-07-03 06:52:59 +00:00
Wolfgang Rosenauer
d08406e896 - Mozilla Firefox 78.0
* startup notifications now using Gtk instead of libnotify
  * PDF downloads now show an option to open the PDF directly in Firefox
- requires
  * NSS >= 3.53.1
  * nodejs >= 10.21
  * Gtk+3 >= 3.14
- removed obsolete patch
  * mozilla-s390-bigendian.patch
- Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build
  WebRTC with pipewire support to enable screen sharing under
  Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3)
  appropriately (boo#1172903).
- adding SLE12 compatibility in spec file
- add patches for s390x
  * mozilla-bmo1602730.patch (bmo#1602730)
  * mozilla-bmo1626236.patch (bmo#1626236)
  * mozilla-bmo998749.patch (bmo#998749)
  * mozilla-s390x-skia-gradient.patch
- update create-tar.sh
- Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=834
2020-06-30 11:39:58 +00:00
Wolfgang Rosenauer
3d2e40a031 Accepting request 813117 from home:Guillaume_G:branches:mozilla:Factory
- Exclude armv6, since it is unbuildable since about 3 years

OBS-URL: https://build.opensuse.org/request/show/813117
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=833
2020-06-10 07:35:21 +00:00
Wolfgang Rosenauer
d5337670c2 Accepting request 811243 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 77.0.1
  * Disable automatic selection of DNS over HTTPS providers during
    a test to enable wider deployment in a more controlled way
    (bmo#1642723)

OBS-URL: https://build.opensuse.org/request/show/811243
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=831
2020-06-04 06:00:26 +00:00
Wolfgang Rosenauer
5c3bb08acd - Mozilla Firefox 77.0
* view and manage web certificates more easily on the new
    about:certificate page
  * improvements in accessibility
  * significant improvements to JavaScript debugging
  MFSA 2020-20 (bsc#1172402)
  * CVE-2020-12399 (bmo#1631576)
    Timing attack on DSA signatures in NSS library
    (fixed with external NSS >= 3.52.1)
  * CVE-2020-12405 (bmo#1631618)
    Use-after-free in SharedWorkerService
  * CVE-2020-12406 (bmo#1639590)
    JavaScript type confusion with NativeTypes
  * CVE-2020-12407 (bmo#1637112)
    WebRender leaking GPU memory when using border-image CSS
    directive
  * CVE-2020-12408 (bmo#1623888)
    URL spoofing when using IP addresses
  * CVE-2020-12409 (bmo#1619305, bmo#1632717)
    Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
  * CVE-2020-12411 (bmo#1620972, bmo#1625333)
    Memory safety bugs fixed in Firefox 77
- requires
  * NSS >= 3.52.1
  * rust-cbindgen >= 1.14.1
  * clang >= 5
- added mozilla-bmo1634646.patch as part of fixing PGO build
  (still not working)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=830
2020-06-02 14:55:49 +00:00
Wolfgang Rosenauer
15bd5b7707 Accepting request 805351 from home:michel_mno:branches:mozilla:Factory
- change again _constraints for ppc64le use <physicalmemory>
  and increase limit_build in spec file to reduce max_jobs.

OBS-URL: https://build.opensuse.org/request/show/805351
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=828
2020-05-14 06:50:59 +00:00
Wolfgang Rosenauer
d5f3632780 - Mozilla Firefox 76.0.1
* Fixed a bug causing some add-ons such as Amazon Assistant to see
    multiple onConnect events, impairing functionality (bmo#1635637)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=827
2020-05-12 21:40:30 +00:00
Wolfgang Rosenauer
f1f2bf264a - Mozilla Firefox 76.0
* Lockwise improvements
  * Improvements in Picture-in-Picture feature
  * Support Audio Worklets
  MFSA-2020-16 (bsc#1171186)
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-12388 (bmo#1618911)
    Sandbox escape with improperly guarded Access Tokens
  * CVE-2020-12389 (bmo#1554110)
    Sandbox escape with improperly separated process types
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12390 (bmo#1141959)
    Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
  * CVE-2020-12391 (bmo#1457100)
    Content-Security-Policy bypass using object elements
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2020-12394 (bmo#1628288)
    URL spoofing in location bar when unfocussed
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
    Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
  * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
    bmo#1622291, bmo#1627644)
    Memory safety bugs fixed in Firefox 76

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=825
2020-05-05 19:25:39 +00:00
Wolfgang Rosenauer
81c21d1d0f - fix build issue in libvpx for i586 via mozilla-bmo1622013.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=823
2020-04-09 17:21:52 +00:00
Wolfgang Rosenauer
65f3f19592 * https://www.mozilla.org/en-US/firefox/75.0/releasenotes
MFSA 2020-12 (bsc#1168874)
  * CVE-2020-6821 (bmo#1625404)
    Uninitialized memory could be read when using the WebGL
    copyTexSubImage method
  * CVE-2020-6822 (bmo#1544181)
    Out of bounds write in GMPDecodeData when processing large images
  * CVE-2020-6823 (bmo#1614919)
    Malicious Extension could obtain auth codes from OAuth login flows
  * CVE-2020-6824 (bmo#1621853)
    Generated passwords may be identical on the same site between
    separate private browsing sessions
  * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203)
    Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
  * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488,
    bmo#1619229,bmo#1620719,bmo#1624897)
    Memory safety bugs fixed in Firefox 75

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=822
2020-04-07 20:38:25 +00:00
Wolfgang Rosenauer
f0a9acb709 - Mozilla Firefox 75.0
- removed obsolete patch
  mozilla-bmo1609538.patch
- requires
  * rust >= 1.41
  * rust-cbindgen >= 0.13.1
  * mozilla-nss >= 3.51
  * nodejs10 >= 10.19

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=821
2020-04-07 12:21:48 +00:00