1
0
Commit Graph

678 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
fc63e9e0d5 - Mozilla Firefox 67.0.1
* enable enhanced tracking protection by default for new users
  * upgrade of Facebook container to version 2.0
  * new version of Firefox Lockwise (password management)
  * new version of Firefox Monitor
  * Firefox Send improvements

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=740
2019-06-09 08:21:04 +00:00
Wolfgang Rosenauer
553111b006 MFSA 2019-13 (boo#1135824)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=737
2019-05-23 07:51:20 +00:00
Wolfgang Rosenauer
3a4466d1cf - Mozilla Firefox 67.0
* Firefox 67 will be able to run different Firefox installs side by side
    https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
  * Tabs can now be pinned from the Page Actions menu in the address bar
  * Users can block known cryptominers and fingerprinters in the
    Custom settings or their Content Blocking preferences
  * The Import Data from Another Browser feature is now also available
    from the File menu
  * Firefox will now protect you against running older versions which
    can lead to data corruption and stability issues
  * Easier access to your list of saved logins from the main menu and
    login autocomplete
  * We’ve added a toolbar menu for your Firefox Account to provide more
    transparency for when you are synced, sharing data across devices
    and with Firefox. Personalize the appearance of the menu with your
    own avatar
  * Enable FIDO U2F API, and permit registrations for Google Accounts
  * Enabled AV1 support on Linux
  MFSA 2019-13
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=736
2019-05-22 20:38:29 +00:00
Wolfgang Rosenauer
c6af23c61b - Mozilla Firefox 66.0.5
* Fixed: Further improvements to re-enable web extensions which
    had been disabled for users with a master password set (bmo#1549249)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=734
2019-05-10 19:46:56 +00:00
Wolfgang Rosenauer
5b3482e861 - Mozilla Firefox 66.0.4 (boo#1134126)
* fix extension certificate chain
    https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=732
2019-05-05 20:35:52 +00:00
Wolfgang Rosenauer
4a05b1c2ea - Mozilla Firefox 66.0.3
* Fixed: Address bar on tablets running Windows 10 now behaves
    correctly (bmo#1498973)
  * Fixed: Performance issues with some HTML5 games (bmo#1537609)
  * Fixed a bug with keypress events in IBM cloud applications
    (bmo#1538970)
  * Fix for keypress events in some Microsoft cloud applications
    (bmo#1539618)
  * Changed: Updated Baidu search plugin

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=730
2019-04-13 15:12:36 +00:00
Wolfgang Rosenauer
77d74ed5ac - Mozilla Firefox 66.0.2
* Fixed Web compatibility issues with Office 365, iCloud and
    IBM WebMail caused by recent changes to the handling of
    keyboard events (bmo#1538966)
  * Crash fixes (bmo#1521370, bmo#1539118)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=728
2019-03-30 12:06:55 +00:00
Wolfgang Rosenauer
94b2d29d06 Accepting request 689279 from home:Guillaume_G:branches:mozilla:Factory
- Add patch to fix aarch64 build:
  * mozilla-fix-aarch64-libopus.patch (bmo#1539737)

OBS-URL: https://build.opensuse.org/request/show/689279
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=727
2019-03-28 10:24:32 +00:00
Wolfgang Rosenauer
ada355e421 MFSA 2019-07 (bsc#1129821)
* CVE-2019-9790 (bmo#1525145)
    Use-after-free when removing in-use DOM elements
  * CVE-2019-9791 (bmo#1530958)
    Type inference is incorrect for constructors entered through on-stack
    replacement with IonMonkey
  * CVE-2019-9792 (bmo#1532599)
    IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
  * CVE-2019-9793 (bmo#1528829)
    Improper bounds checks when Spectre mitigations are disabled
  * CVE-2019-9794 (bmo#1530103) (Windows only)
    Command line arguments not discarded during execution
  * CVE-2019-9795 (bmo#1514682)
    Type-confusion in IonMonkey JIT compiler
  * CVE-2019-9796 (bmo#1531277)
    Use-after-free with SMIL animation controller
  * CVE-2019-9797 (bmo#1528909)
    Cross-origin theft of images with createImageBitmap
  * CVE-2019-9798 (bmo#1527534) (Android only)
    Library is loaded from world writable APITRACE_LIB location
  * CVE-2019-9799 (bmo#1505678)
    Information disclosure via IPC channel messages
  * CVE-2019-9801 (bmo#1527717) (Windows only)
    Windows programs that are not 'URL Handlers' are exposed to web content
  * CVE-2019-9802 (bmo#1415508)
    Chrome process information leak
  * CVE-2019-9803 (bmo#1515863, bmo#1437009)
    Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
  * CVE-2019-9804 (bmo#1518026) (MacOS only)
    Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=726
2019-03-28 10:23:31 +00:00
Wolfgang Rosenauer
7e741ea41d - Mozilla Firefox 66.0.1
MFSA 2019-09 (bsc#1130262)
  * CVE-2019-9810 (bmo#1537924)
    IonMonkey MArraySlice has incorrect alias information
  * CVE-2019-9813 (bmo#1538006)
    Ionmonkey type confusion with __proto__ mutations

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=724
2019-03-23 07:56:11 +00:00
Wolfgang Rosenauer
c35c1573d5 - Mozilla Firefox 66.0
* Increased content processes to 8
  * Added capability to search through open tabs from the tab overflow menu
  * New backend for the storage.local WebExtensions API, providing
    I/O performance improvements when the extension updates a small
    subset of the stored data
  * WebExtension keyboard shortcuts can now be managed or overridden
    from about:addons
  * Improved scrolling behavior: Firefox will now attempt to keep content
    from jumping around while a page is loading by supporting scroll
    anchoring
  * New about:privatebrowsing with search
  * A certificate error page now notifies the user of the name of the
    certificate issuer that breaks HTTPs connections on intercepted
    connections to help troubleshooting possible anti-virus software
    issues.
  * Fixed an performance issue some Linux users experienced with the
    Downloads panel (bmo#1517101)
  * Firefox now blocks all autoplay media with sound by default. Users
    can add individual sites to an exceptions list or turn the blocking
    off.
  * System title bar is hidden by default to match Gnome guideline
  MFSA 2019-07 (bsc#1129821)
  * CVE-2019-9790 (bmo#1525145)
    Use-after-free when removing in-use DOM elements
  * CVE-2019-9791 (bmo#1530958)
    Type inference is incorrect for constructors entered through on-stack
    replacement with IonMonkey
  * CVE-2019-9792 (bmo#1532599)
    IonMonkey leaks JS_OPTIMIZED_OUT magic value to script

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=723
2019-03-19 22:01:55 +00:00
Wolfgang Rosenauer
0d243c2ff1 Accepting request 681668 from home:coolo:branches:mozilla:Factory
- Do not hardcode nodejs8 but leave the prefer to the distribution
  (Tumbleweed staging wants to switch to nodejs10)

OBS-URL: https://build.opensuse.org/request/show/681668
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=721
2019-03-07 08:01:24 +00:00
Wolfgang Rosenauer
0bb19324e6 Accepting request 676547 from home:Guillaume_G:branches:mozilla:Factory
- Update _constraints to avoid 'no space left' error seen on aarch64

OBS-URL: https://build.opensuse.org/request/show/676547
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=719
2019-02-15 14:35:36 +00:00
Wolfgang Rosenauer
6b3ac1f0fc MFSA 2019-04 (bsc#1125330)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=718
2019-02-13 16:39:28 +00:00
Wolfgang Rosenauer
9feea8555d - Mozilla Firefox 65.0.1
* Fixed accidental requests to addons.mozilla.org when an addon
    recommendation doorhanger is shown (bmo#1526387)
  * Improved playback of interactive Netflix videos (bmo#1524500)
  * Fixed incorrect sizing of the "Clear Recent History" window in
    some situations (bmo#1523696)
  * Fixed audio & video delays while making WebRTC calls
    (bmo#1521577, bmo#1523817)
  * Fixed video sizing problems during some WebRTC calls (bmo#1520200)
  * Fixed looping CONNECT requests when using WebSockets over HTTP/2
    from behind a proxy server (bmo#1523427)
  * Fixed the "Enter" key not working on password entry fields for
    certain Linux distributions (bmo#1523635)
  MFSA 2019-04
  * CVE-2018-18356 bmo#1525817
    Use-after-free in Skia
  * CVE-2019-5785 bmo#1525433
    Integer overflow in Skia
  * CVE-2018-18511 bmo#1526218
    Cross-origin theft of images with ImageBitmapRenderingContext
- Enable LTO only for latest new toolchain (boo#1125038) for x86_64
  (with increased memory constraints)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=717
2019-02-13 08:14:35 +00:00
Wolfgang Rosenauer
6164077723 Accepting request 674399 from home:marxin:branches:mozilla:Factory
- Enable LTO only for latest toolchain (boo#1125038).

OBS-URL: https://build.opensuse.org/request/show/674399
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=716
2019-02-13 07:10:01 +00:00
Wolfgang Rosenauer
d43b17a930 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=715 2019-02-11 11:42:59 +00:00
Wolfgang Rosenauer
292dbe02a3 Accepting request 673283 from home:marxin:branches:mozilla:Factory
- Enable LTO for x86_64 (with increased memory constraints).

OBS-URL: https://build.opensuse.org/request/show/673283
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=714
2019-02-11 11:41:34 +00:00
Wolfgang Rosenauer
1030f9ddf5 - rebased patches
- remove workaround for build memory consumption on i586; other
  mitigations meanwhile introduced (mainly parallelity) will be
  sufficient
  mozilla-reduce-files-per-UnifiedBindings.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=712
2019-02-03 06:39:38 +00:00
Wolfgang Rosenauer
553a4e7037 MFSA 2019-01 (bsc#1122983)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=711
2019-01-29 21:55:11 +00:00
Wolfgang Rosenauer
815d5ba2ab * Enhanced tracking protection
* allow switching of UI locales within preferences
  * support for the WebP image format
  * "top"-like about:performance
  MFSA 2019-01
  * CVE-2018-18500 bmo#1510114
    Use-after-free parsing HTML5 stream
  * CVE-2018-18503 bmo#1509442
    Memory corruption with Audio Buffer
  * CVE-2018-18504 bmo#1496413
    Memory corruption and out-of-bounds read of texture client
  * CVE-2018-18505 bmo#1497749
    Privilege escalation through IPC channel messages
  * CVE-2018-18506 bmo#1503393
    Proxy Auto-Configuration file can define localhost access to be proxied
  * CVE-2018-18502 bmo#1499426 bmo#1480090 bmo#1472990 bmo#1514762
    bmo#1501482 bmo#1505887 bmo#1508102 bmo#1508618 bmo#1511580
    bmo#1493497 bmo#1510145 bmo#1516289 bmo#1506798 bmo#1512758
    Memory safety bugs fixed in Firefox 65
  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
    bmo#1502871 bmo#1516738 bmo#1516514
    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=710
2019-01-29 21:40:24 +00:00
Wolfgang Rosenauer
4962fbcbc3 missing proper changelog before Factory submission
- Mozilla Firefox 65.0
- requires
  NSS 3.41
  rust/carge 1.30
  rust-cbindgen 0.6.7
-rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=709
2019-01-29 18:07:12 +00:00
Wolfgang Rosenauer
59c27b8c6c Accepting request 666261 from home:marxin:branches:mozilla:Factory
- Increase disk constraint.
- Remove -v from mach build in order to work-around bmo#1500436.

OBS-URL: https://build.opensuse.org/request/show/666261
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=708
2019-01-16 09:31:29 +00:00
Wolfgang Rosenauer
d30950bfb9 it should not be needed anymore
- Mozilla Firefox 64.0.2:
- Remove obolete '--enable-pie' as -pie is always enabled for

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=706
2019-01-12 22:49:25 +00:00
Wolfgang Rosenauer
68e8e12c27 Accepting request 664693 from home:marxin:branches:mozilla:Factory-new2
- Set %clang_build to false on all architectures
- Do not use -fno-delete-null-pointer-checks and -fno-strict-aliasing:
  it should not be needed.
- Do not overwrite enable-optimize and when possible
  enable --enable-debug-symbols.
- Add -v to mach in order to make build verbose.

OBS-URL: https://build.opensuse.org/request/show/664693
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=705
2019-01-12 22:48:04 +00:00
Wolfgang Rosenauer
c828807e6d Accepting request 664321 from home:AndreasStieger:branches:mozilla:Factory
64.0.2

OBS-URL: https://build.opensuse.org/request/show/664321
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=704
2019-01-10 10:25:49 +00:00
Wolfgang Rosenauer
96abfaec58 Accepting request 659329 from home:Guillaume_G:branches:mozilla:Factory
- Enable build_hardened for all architectures
- Switch back aarch64 to clang as '-fPIC' fixes bmo#1513605
- Remove obolete '--enable-pie' as -pie is always enabled for gcc and clang

OBS-URL: https://build.opensuse.org/request/show/659329
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=703
2019-01-07 19:59:56 +00:00
Wolfgang Rosenauer
f2a1d1c9f4 Accepting request 657818 from home:Guillaume_G:branches:mozilla:Factory
- Switch aarch64 builds back to gcc, not clang (bmo#1513605)
- Switch %arm builds back to gcc, not clang to avoid OOM
- Fix build flags when clang is not used
- Fix flags for clang ppc64 builds

OBS-URL: https://build.opensuse.org/request/show/657818
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=700
2018-12-13 12:15:35 +00:00
Wolfgang Rosenauer
7d565ee4aa - update to Firefox 64.0
* Better recommendations: You may see suggestions in regular browsing
    mode for new and relevant Firefox features, services, and extensions
    based on how you use the web (for US users only)
  * Enhanced tab management: You can now select multiple tabs from the
    tab bar and close, move, bookmark, or pin them quickly and easily
  * Easier performance management: The new Task Manager page found at
    about:performance lets you see how much energy each open tab consumes
    and provides access to close tabs to conserve power
  * Improved performance for Mac and Linux users, by enabling link time
    optimization (Clang LTO).
  * Added option to remove add-ons using the context menu on their
    toolbar buttons
  * RSS feed preview and live bookmarks are available only via add-ons
  * TLS certificates issued by Symantec are no longer trusted by Firefox.
    Website operators are strongly encouraged to replace any remaining
    Symantec TLS certificates as soon as possible
  MFSA 2018-29 (bsc#1119105)
  * CVE-2018-12407 bmo#1505973
    Buffer overflow with ANGLE library when using VertexBuffer11 module
  * CVE-2018-17466 bmo#1488295
    Buffer overflow and out-of-bounds read in ANGLE library with
    TextureStorage11
  * CVE-2018-18492 bmo#1499861
    Use-after-free with select element
  * CVE-2018-18493 bmo#1504452
    Buffer overflow in accelerated 2D canvas with Skia
  * CVE-2018-18494 bmo#1487964
    Same-origin policy violation using location attribute and
    performance.getEntries to steal cross-origin URLs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=699
2018-12-12 11:35:28 +00:00
Wolfgang Rosenauer
d8b75f888e Accepting request 652365 from home:Guillaume_G:branches:mozilla:Factory
- Remove --disable-elf-hack when not available: on aarch64 and ppc64*

OBS-URL: https://build.opensuse.org/request/show/652365
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=698
2018-12-11 07:45:25 +00:00
Wolfgang Rosenauer
48b8c9df88 - removed obsolete patches
* mozilla-no-return.patch
  * mozilla-no-stdcxx-check.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=696
2018-11-26 10:58:16 +00:00
Wolfgang Rosenauer
f6f6df084e Accepting request 651976 from home:Guillaume_G:branches:mozilla:Factory2
- Clean-up %arm build

OBS-URL: https://build.opensuse.org/request/show/651976
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=695
2018-11-26 10:42:10 +00:00
Wolfgang Rosenauer
3ce0fd3bc7 - update to Firefox 63.0.3
* Games using WebGL (created in Unity) get stuck after very short
    time of gameplay (bmo#1502748)
  * Slow page loading for some users with specific proxy configurations
    (bmo#1495024)
  * Disable HTTP response throttling by default for causing bugs with
    videos in background tabs (bmo#1503354)
  * Opening magnet links no longer works (bmo#1498934)
  * Crash fixes (bmo#1498510, bmo#1503424)
- removed mozilla-newer-cbindgen.patch; no longer needed
- requires rust-cbindgen >= 0.6.2 to build
- requires nodejs >= 8.11 to build
- added mozilla-newer-cbindgen.patch to fix build with cbindgen 0.6.7

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=694
2018-11-18 21:46:59 +00:00
Wolfgang Rosenauer
b19ebee19e - disable elfhack for TW and newer due to build errors
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=693
2018-11-12 11:49:28 +00:00
Wolfgang Rosenauer
2f1f7dea2a - update to Firefox 63.0.1
* Snippets are not loaded due to missing element (bmo#1503047)
  * Print preview always shows 30& scale when it is actually
    Shrink To Fit (bmo#1501952)
  * Dialog displayed when closing multiple windows shows unreplaced
    %1$S placeholder in Japanese and potentially other locales
    (bmo#1500823)
  MFSA 2018-26 (bsc#1112852)
  * CVE-2018-12391 (bmo#1478843) (Android-only)
    HTTP Live Stream audio data is accessible cross-origin
  * CVE-2018-12392 (bmo#1492823)
    Crash with nested event loops
  * CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs)
    Integer overflow during Unicode conversion while loading JavaScript
  * CVE-2018-12395 (bmo#1467523)
    WebExtension bypass of domain restrictions through header rewriting
  * CVE-2018-12396 (bmo#1483602)
    WebExtension content scripts can execute in disallowed contexts
  * CVE-2018-12397 (bmo#1487478)
    Missing warning prompt when WebExtension requests local file access
  * CVE-2018-12398 (bmo#1460538, bmo#1488061)
    CSP bypass through stylesheet injection in resource URIs
  * CVE-2018-12399 (bmo#1490276)
    Spoofing of protocol registration notification bar
  * CVE-2018-12400 (bmo#1448305) (Android only)
    Favicons are cached in private browsing mode on Firefox for Android
  * CVE-2018-12401 (bmo#1422456)
    DOS attack through special resource URI parsing
  * CVE-2018-12402 (bmo#1469916)
    SameSite cookies leak when pages are explicitly saved

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=692
2018-11-10 21:07:09 +00:00
Wolfgang Rosenauer
6bbb36ffe9 - update to Firefox 63.0
* WebExtensions now run in their own process on Linux
  * The Ctrl+Tab shortcut now displays thumbnail previews of your
    tabs and cycles through tabs in recently used order. This new
    default behavior is activated only in new profiles and can be
    changed in preferences.
  * Added support for Web Components custom elements and shadow DOM
- requires NSPR 4.20, NSS 3.39 and Rust 1.28

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=691
2018-10-29 15:21:53 +00:00
Wolfgang Rosenauer
5048a922bb Accepting request 644806 from home:Guillaume_G:branches:mozilla:Factory
- Update _constraints for armv6/7
- Add patch to fix build on armv7:
  * mozilla-bmo1463035.patch

OBS-URL: https://build.opensuse.org/request/show/644806
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=690
2018-10-29 14:09:04 +00:00
Wolfgang Rosenauer
7f0ad4c413 Accepting request 639735 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 62.0.3:
  MFSA 2018-24
  * CVE-2018-12386 (bsc#1110506, bmo#1493900)
    Type confusion in JavaScript allowed remote code execution
  * CVE-2018-12387 (bsc#1110507, bmo#1493903)
    Array.prototype.push stack pointer vulnerability may enable
    exploits in the sandboxed content process

OBS-URL: https://build.opensuse.org/request/show/639735
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=688
2018-10-03 12:24:02 +00:00
Wolfgang Rosenauer
42ab585fa7 - disable rust debug symbols to fix build on %ix86
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=686
2018-09-24 20:59:09 +00:00
Wolfgang Rosenauer
ec4afab305 Accepting request 637170 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 62.0.2
  * CVE-2018-12385 (boo#1109363, bmo#1490585)

OBS-URL: https://build.opensuse.org/request/show/637170
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=684
2018-09-22 09:37:16 +00:00
Wolfgang Rosenauer
906587ef9c - update to Firefox 62.0
* Firefox Home (the default New Tab) now allows users to display
    up to 4 rows of top sites, Pocket stories, and highlights
  * "Reopen in Container" tab menu option appears for users with
    Containers that lets them choose to reopen a tab in a different
    container
  * In advance of removing all trust for Symantec-issued certificates
    in Firefox 63, a preference was added that allows users to distrust
    certificates issued by Symantec. To use this preference, go to
    about:config in the address bar and set the preference
    "security.pki.distrust_ca_policy" to 2.
  * Support for CSS Shapes, allowing for richer web page layouts.
    This goes hand in hand with a brand new Shape Path Editor in the
    CSS inspector.
  * CSS Variable Fonts (OpenType Font Variations) support, which makes
    it possible to create beautiful typography with a single font file
  * Added Canadian English (en-CA) locale
  MFSA 2018-20 (bsc#1107343)
  * CVE-2018-12377 (bmo#1470260)
    Use-after-free in refresh driver timers
  * CVE-2018-12378 (bmo#1459383)
    Use-after-free in IndexedDB
  * CVE-2018-12379 (bmo#1473113) (updater is disabled for us)
    Out-of-bounds write with malicious MAR file
  * CVE-2017-16541 (bmo#1412081)
    Proxy bypass using automount and autofs
  * CVE-2018-12381 (bmo#1435319)
    Dragging and dropping Outlook email message results in page navigation
  * CVE-2018-12382 (bmo#1479311) (Android only)
    Addressbar spoofing with javascript URI on Firefox for Android

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=683
2018-09-07 12:27:57 +00:00
Wolfgang Rosenauer
551d63d536 - update to Firefox 62.0 (build2)
- requires NSS >= 3.38
- removed obsolete patches
  mozilla-bmo1464766.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=682
2018-09-05 07:16:27 +00:00
Wolfgang Rosenauer
a3dfca5f05 - update to Firefox 61.0.2
* Improved website rendering with the Retained Display List feature
    enabled (bmo#1474402)
  * Fixed broken DevTools panels with certain extensions installed
    (bmo#1474379)
  * Fixed a crash for users with some accessibility tools enabled
    (bmo#1474007)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=680
2018-08-09 18:13:29 +00:00
Wolfgang Rosenauer
b94eb6767e Accepting request 621667 from home:AndreasStieger:branches:mozilla:Factory
Firefox 61.0.1

OBS-URL: https://build.opensuse.org/request/show/621667
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=678
2018-07-09 16:46:43 +00:00
Wolfgang Rosenauer
a1a857ac25 Accepting request 619390 from home:AndreasStieger:branches:mozilla:Factory
2x changelog typo fix

OBS-URL: https://build.opensuse.org/request/show/619390
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=676
2018-06-27 12:28:57 +00:00
Wolfgang Rosenauer
253295ce64 Accepting request 619198 from home:AndreasStieger:branches:mozilla:Factory
MFSA 2018-15 for boo#1098998

OBS-URL: https://build.opensuse.org/request/show/619198
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=674
2018-06-26 21:47:45 +00:00
Wolfgang Rosenauer
206b6f2820 - update to Firefox 61.0
* Performance enhancements
  * Various improvements for dark theme support will provide a more
    consistent experience across the entire Firefox UI
  * OpenSearch plugins offered by web pages can now be added from the
    page action menu for easier installation
  * Improved support for allowing WebExtensions to manage and hide tabs
- requires NSS 3.37.3
- requires python >= 3.5 to build
- removed obsolete patches
  mozilla-i586-DecoderDoctorLogger.patch
  mozilla-i586-domPrefs.patch
  mozilla-fix-skia-aarch64.patch
  mozilla-bmo1375074.patch
  mozilla-enable-csd.patch
- patch for new no-return warnings (mozilla-no-return.patch)
- do not disable system installed locales (mozilla-bmo1464766.patch)

- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
  conditional --disable-gconf to configure: no longer pull in
  obsolete gconf2 for Tumbleweed.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=673
2018-06-25 20:56:47 +00:00
Wolfgang Rosenauer
2633645712 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=672 2018-06-07 14:12:08 +00:00
Wolfgang Rosenauer
ea8e2a80bd - update to Firefox 60.0.2
* requires NSS 3.36.4
  MFSA 2018-14 (bsc#1096449)
  * CVE-2018-6126 (bmo#1462682)
    Heap buffer overflow rasterizing paths in SVG with Skia

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=671
2018-06-07 14:08:54 +00:00
Wolfgang Rosenauer
4a2d8988d3 Accepting request 614877 from home:Guillaume_G:branches:mozilla:Factory
- Add upstream patch to fix boo#1093059 instead of '-ffixed-x28' workaround:
  * mozilla-bmo1375074.patch

OBS-URL: https://build.opensuse.org/request/show/614877
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=670
2018-06-07 11:56:20 +00:00
Wolfgang Rosenauer
b7df87a780 - fixed "open with" option under KDE (boo#1094747)
- workaround crash on startup on aarch64 (boo#1093059)
  (contributed by guillaume@Arm.com)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=667
2018-05-26 16:05:54 +00:00
Wolfgang Rosenauer
5210fcee40 Accepting request 612415 from home:Guillaume_G:branches:mozilla:Factory
- Workaround crash on startup on aarch64, boo#1093059

OBS-URL: https://build.opensuse.org/request/show/612415
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=666
2018-05-26 15:51:56 +00:00
Wolfgang Rosenauer
a7506671a9 - Disable webrtc for aarch64 due to bmo#1434589
- Add patch to fix skia build on AArch64:
  * mozilla-fix-skia-aarch64.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=664
2018-05-23 08:49:52 +00:00
Wolfgang Rosenauer
45b6b99978 Accepting request 608990 from home:Guillaume_G:branches:mozilla:Factory
- Disable webrtc for aarch64 due to bmo#1434589
- Add patch to fix skia build on AArch64:
  * mozilla-fix-skia-aarch64.patch

OBS-URL: https://build.opensuse.org/request/show/608990
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=663
2018-05-23 08:43:47 +00:00
Wolfgang Rosenauer
9915e415f7 - update to Firefox 60.0.1
* Avoid overly long cycle collector pauses with some add-ons installed
    (bmo#1449033)
  * After unckecking the "Sponsored Stories" option, the New Tab page
    now immediately stops displaying "Sponsored content" cards (bmo#1458906)
  * On touchscreen devices, fixed momentum scrolling on non-zoomable pages
    (bmo#1457743)
  * Use the right default background when opening tabs or windows in
    high contrast mode (bmo#1458956)
  * Restored translations of the Preferences panels when using a
    language pack (bmo#1461590)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=661
2018-05-17 14:35:18 +00:00
Wolfgang Rosenauer
eef38bbb12 Accepting request 607198 from home:pcerny:factory
parellelise locales building (package build speedup 10%+)

OBS-URL: https://build.opensuse.org/request/show/607198
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=660
2018-05-14 16:04:59 +00:00
Wolfgang Rosenauer
19ab3bdb06 MFSA 2018-11 (bsc#1092548)
* CVE-2018-5154 (bmo#1443092)
    Use-after-free with SVG animations and clip paths
  * CVE-2018-5155 (bmo#1448774)
    Use-after-free with SVG animations and text paths
  * CVE-2018-5157 (bmo#1449898)
    Same-origin bypass of PDF Viewer to view protected PDF files
  * CVE-2018-5158 (bmo#1452075)
    Malicious PDF can inject JavaScript into PDF Viewer
  * CVE-2018-5159 (bmo#1441941)
    Integer overflow and out-of-bounds write in Skia
  * CVE-2018-5160 (bmo#1436117)
    Uninitialized memory use by WebRTC encoder
  * CVE-2018-5152 (bmo#1415644, bmo#1427289)
    WebExtensions information leak through webRequest API
  * CVE-2018-5153 (bmo#1436809)
    Out-of-bounds read in mixed content websocket messages
  * CVE-2018-5163 (bmo#1426353)
    Replacing cached data in JavaScript Start-up Bytecode Cache
  * CVE-2018-5164 (bmo#1416045)
    CSP not applied to all multipart content sent with
    multipart/x-mixed-replace
  * CVE-2018-5166 (bmo#1437325)
    WebExtension host permission bypass through filterReponseData
  * CVE-2018-5167 (bmo#1447969)
    Improper linkification of chrome: and javascript: content in
    web console and JavaScript debugger
  * CVE-2018-5168 (bmo#1449548)
    Lightweight themes can be installed without user interaction
  * CVE-2018-5169 (bmo#1319157)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=658
2018-05-09 19:58:20 +00:00
Wolfgang Rosenauer
57e0eca548 - use upstream source archive and detached signature for
source verification

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=657
2018-05-09 09:46:09 +00:00
Wolfgang Rosenauer
5751c8c7f0 mozilla-bmo1005535.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=656
2018-05-08 13:47:17 +00:00
Wolfgang Rosenauer
0344382ac8 - update to Firefox 60.0
* Added a policy engine that allows customized Firefox deployments
    in enterprise environments, using Windows Group Policy or a
    cross-platform JSON file
  * Applied Quantum CSS to render browser UI
  * Added support for Web Authentication, allowing the use of USB
    tokens for authentication to web sites
  * Locale added: Occitan (oc)
- removed obsolete patches
  0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
- requires NSPR 4.19 and NSS 3.36.1
- requires rust 1.24 or higher

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=655
2018-05-08 13:14:23 +00:00
Wolfgang Rosenauer
f9f24f9c98 Accepting request 603791 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Fix armv7 build by:
  * adding RUSTFLAGS="-Cdebuginfo=0"
  * updating _constraints for %arm

OBS-URL: https://build.opensuse.org/request/show/603791
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=654
2018-05-07 08:31:01 +00:00
Wolfgang Rosenauer
ab10e8708d OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=652 2018-05-02 20:48:42 +00:00
Wolfgang Rosenauer
445b42f0ea - do not try CSD on kwin (boo#1091592)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=651
2018-05-02 20:47:59 +00:00
Wolfgang Rosenauer
8f47a5e0ee Accepting request 602850 from home:AndreasStieger:branches:mozilla:Factory
- fix build in openSUSE:Leap:42.3:Update, use gcc7

OBS-URL: https://build.opensuse.org/request/show/602850
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=650
2018-05-02 07:26:13 +00:00
Wolfgang Rosenauer
f1dc5639b2 Accepting request 602833 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 59.0.3

OBS-URL: https://build.opensuse.org/request/show/602833
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=649
2018-05-01 17:13:15 +00:00
Wolfgang Rosenauer
b9c534ef0d Accepting request 599877 from home:marxin:branches:mozilla:Factory
- Add 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
  in order to fix boo#1090362.

OBS-URL: https://build.opensuse.org/request/show/599877
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=647
2018-04-25 20:14:59 +00:00
Wolfgang Rosenauer
5e0222bbda Accepting request 593016 from home:badshah400:branches:mozilla:Factory
- Add back mozilla-enable-csd.patch: New rebased version from Fedora for version 59.0.x.

OBS-URL: https://build.opensuse.org/request/show/593016
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=646
2018-04-03 07:38:15 +00:00
Wolfgang Rosenauer
1595d2c3dc Accepting request 591640 from home:Andreas_Schwab:Factory
- Reduce constraints on aarch64

OBS-URL: https://build.opensuse.org/request/show/591640
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=644
2018-03-27 15:18:52 +00:00
Wolfgang Rosenauer
f3956c8162 - update to Firefox 59.0.2
* Invalid page rendering with hardware acceleration enabled (bmo#1435472)
  * Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites
    that use those keys with resistFingerprinting enabled (bmo#1433592)
  * High CPU / memory churn caused by third-party software on some
    computers (bmo#1446280)
  * Users who have configured an "automatic proxy configuration URL"
    and want to reload their proxy settings from the URL will find
    the Reload button disabled in the Connection Settings dialog when
    they select Preferences/Options>Network Proxy>Settings... (bmo#1445991)
  * URL Fragment Identifiers Break Service Worker Responses (bmo#1443850)
  * User's trying to cancel a print around the time it completes will
    continue to get intermittent crashes (bmo#1441598)
  MFSA 2018-10 (bsc#1087059)
  * CVE-2018-5148 (bmo#1440717)
    Use-after-free in compositor
- removed obsolete patch mozilla-bmo1446062.patch
  * mozilla-i586-domPrefs.patch - DOMPrefs.h

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=642
2018-03-27 12:10:14 +00:00
Wolfgang Rosenauer
59451a5643 Accepting request 590743 from home:cgrobertson:branches:mozilla:Factory
- Added patches:
  * mozilla-i586-DecoderDoctorLogger.patch - bmo#1447070
    fixes non-unified build error
  * mozilla-i586-domPrefs.patch - DOMPrefs.h 
    fixes 32bit build error

OBS-URL: https://build.opensuse.org/request/show/590743
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=641
2018-03-26 11:11:30 +00:00
Wolfgang Rosenauer
032c70a665 (mozilla-bmo1446062.patch)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=639
2018-03-17 08:09:22 +00:00
Wolfgang Rosenauer
5257d425d0 - update to Firefox 59.0.1 (bsc#1085671)
MFSA 2018-08
  * CVE-2018-5146 (bmo#1446062)
    Vorbis audio processing out of bounds write
  * CVE-2018-5147 (bmo#1446365)
    Out of bounds memory write in libtremor

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=638
2018-03-16 18:58:54 +00:00
Wolfgang Rosenauer
a51b2db7d0 Accepting request 587943 from home:cgrobertson:branches:mozilla:Factory
- Added patch:
  * mozilla-bmo1005535.patch:
    Enable skia_gpu on big endian platforms.

OBS-URL: https://build.opensuse.org/request/show/587943
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=637
2018-03-16 16:09:39 +00:00
Wolfgang Rosenauer
3f1ee3498d - update to Firefox 59.0
* Performance enhancements
  * Drag-and-drop to rearrange Top Sites on the Firefox Home page
  * added features for Firefox Screenshots
  * Enhanced WebExtensions API
  * Improved RTC capabilities
  MFSA 2018-06 (bsc#1085130)
  * CVE-2018-5127 (bmo#1430557)
    Buffer overflow manipulating SVG animatedPathSegList
  * CVE-2018-5128 (bmo#1431336)
    Use-after-free manipulating editor selection ranges
  * CVE-2018-5129 (bmo#1428947)
    Out-of-bounds write with malformed IPC messages
  * CVE-2018-5130 (bmo#1433005)
    Mismatched RTP payload type can trigger memory corruption
  * CVE-2018-5131 (bmo#1440775)
    Fetch API improperly returns cached copies of no-store/no-cache resources
  * CVE-2018-5132 (bmo#1408194)
    WebExtension Find API can search privileged pages
  * CVE-2018-5133 (bmo#1430511, bmo#1430974)
    Value of the app.support.baseURL preference is not properly sanitized
  * CVE-2018-5134 (bmo#1429379)
    WebExtensions may use view-source: URLs to bypass content restrictions
  * CVE-2018-5135 (bmo#1431371)
    WebExtension browserAction can inject scripts into unintended contexts
  * CVE-2018-5136 (bmo#1419166)
    Same-origin policy violation with data: URL shared workers
  * CVE-2018-5137 (bmo#1432870)
    Script content can access legacy extension non-contentaccessible resources
  * CVE-2018-5138 (bmo#1432624) (Android only)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=636
2018-03-13 19:46:06 +00:00
Wolfgang Rosenauer
3ad3fa88d2 Accepting request 574856 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 58.0.2

OBS-URL: https://build.opensuse.org/request/show/574856
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=634
2018-02-09 22:45:30 +00:00
Wolfgang Rosenauer
0b6de140a7 Accepting request 573267 from home:fstrba:branches:mozilla:Factory
Fix bmo#1430274, ALSA sound not working in Firefox 58 due to sandboxing

OBS-URL: https://build.opensuse.org/request/show/573267
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=632
2018-02-06 11:31:29 +00:00
Wolfgang Rosenauer
18da636317 - use correct language packs
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=631
2018-01-30 07:00:03 +00:00
Wolfgang Rosenauer
dd53ed18ec - update to Firefox 58.0.1
MFSA 2018-05
  *  Arbitrary code execution through unsanitized browser UI (bmo#1432966)
- fixed language packs (boo#1077590)
- readd mozilla-enable-csd.patch as it only lands for FF59 upstream
- allow larger number of nested elements (mozilla-bmo256180.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=630
2018-01-29 22:56:59 +00:00
Wolfgang Rosenauer
6156a55b00 - update to Firefox 58.0 (bsc#1077291)
MFSA 2018-02
  * CVE-2018-5091 (bmo#1423086)
    Use-after-free with DTMF timers
  * CVE-2018-5092 (bmo#1418074)
    Use-after-free in Web Workers
  * CVE-2018-5093 (bmo#1415291)
    Buffer overflow in WebAssembly during Memory/Table resizing
  * CVE-2018-5094 (bmo#1415883)
    Buffer overflow in WebAssembly with garbage collection on
    uninitialized memory
  * CVE-2018-5095 (bmo#1418447)
    Integer overflow in Skia library during edge builder allocation
  * CVE-2018-5097 (bmo#1387427)
    Use-after-free when source document is manipulated during XSLT
  * CVE-2018-5098 (bmo#1399400)
    Use-after-free while manipulating form input elements
  * CVE-2018-5099 (bmo#1416878)
    Use-after-free with widget listener
  * CVE-2018-5100 (bmo#1417405)
    Use-after-free when IsPotentiallyScrollable arguments are freed
    from memory
  * CVE-2018-5101 (bmo#1417661)
    Use-after-free with floating first-letter style elements
  * CVE-2018-5102 (bmo#1419363)
    Use-after-free in HTML media elements
  * CVE-2018-5103 (bmo#1423159)
    Use-after-free during mouse event handling
  * CVE-2018-5104 (bmo#1425000)
    Use-after-free during font face manipulation

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=629
2018-01-23 20:56:02 +00:00
Wolfgang Rosenauer
725614f48e - update to Firefox 58.0
* Added Nepali (ne-NP) locale
  * Added support for form autofill for credit card
  * Optimize page load by caching JavaScript internal representation
- requires NSS 3.34.1
- requires rust 1.21
- removed obsolete patches:
  mozilla-bindgen-systemlibs.patch
  mozilla-bmo1360278.patch
  mozilla-bmo1399611-csd.patch
  mozilla-rust-1.23.patch
- rebased patches
- updated man-page

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=628
2018-01-23 09:55:12 +00:00
Wolfgang Rosenauer
339fcf649a - fixed build with latest rust (mozilla-rust-1.23.patch)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=626
2018-01-09 18:50:27 +00:00
Wolfgang Rosenauer
0cced0c0f9 - update to Firefox 57.0.4:
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=624
2018-01-04 22:21:28 +00:00
Wolfgang Rosenauer
b2bf73f33f - fixed regression introduced Oct 10th which made Firefox crash
when cancelling the KDE file dialog (boo#1069962)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=623
2018-01-03 13:39:46 +00:00
Wolfgang Rosenauer
a958854f92 Accepting request 560783 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 57.0.3 bsc#1074235

OBS-URL: https://build.opensuse.org/request/show/560783
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=622
2017-12-31 08:46:35 +00:00
Wolfgang Rosenauer
ef7f78afd2 Accepting request 555580 from home:AndreasStieger:branches:mozilla:Factory
amend changelog

OBS-URL: https://build.opensuse.org/request/show/555580
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=620
2017-12-11 08:35:28 +00:00
Wolfgang Rosenauer
5ab1f22724 Accepting request 555271 from home:dimstar:Factory
- Explicitly buildrequires python2-xml: The build system relies on
  it. We wrongly relied on other packages pulling it in for us.

- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.

OBS-URL: https://build.opensuse.org/request/show/555271
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=619
2017-12-11 08:32:40 +00:00
Wolfgang Rosenauer
0eb4f70103 - update to Firefox 57.0.1
* Fix a video color distortion issue on YouTube and other video
    sites with some AMD devices (bmo#1417442)
  * Fix an issue with prefs.js when the profile path has non-ascii
    characters (bmo#1420427)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=617
2017-12-03 16:35:26 +00:00
Wolfgang Rosenauer
06e8aeb58c - Add mozilla-bmo1360278.patch
The new config entry is named ui.context_menus.after_mouseup
  (default : false).

- Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled
  widget.allow-client-side-decoration=true
  (mozilla-bmo1399611-csd.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=615
2017-11-24 22:07:36 +00:00
Wolfgang Rosenauer
e0fb118b81 Accepting request 544148 from home:cgiboudeaux:branches:mozilla:Factory
- Add firefox-show-context-menu-on-mouse-release.patch
  This is upstream's version of the previous patch creating a
  preference to restore the Firefox < 57 behaviour.
  The new config entry is named ui.context_menus.after_mouseup
  (default : false). Fixes bmo#1360278.

OBS-URL: https://build.opensuse.org/request/show/544148
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=614
2017-11-24 21:53:29 +00:00
Wolfgang Rosenauer
fe9ab0007d Accepting request 542056 from home:cgiboudeaux:branches:mozilla:Factory
- Add show-context-menu-on-mouse-release.patch.
  Starting with Firefox 57, the context menu appears on key press.
  This patch creates a config entry to restore the
  old behaviour. Without the patch, the mouse gesture extensions
  require 2 clicks to work (bmo#1360278). The config entry is named
  "input.contextMenu.onRelease" (default: false).

OBS-URL: https://build.opensuse.org/request/show/542056
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=613
2017-11-18 08:20:26 +00:00
Wolfgang Rosenauer
1975148d10 fix changelog
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=611
2017-11-15 06:46:35 +00:00
Wolfgang Rosenauer
c3624659ef - update to Firefox 57.0b14
* Firefox Quantum
  * Photon UI
  * Unified address and search bar
  * AMD VP9 hardware video decoder support
  * Added support for Date/Time input
  * stricter security sandbox blocking filesystem reading and
    writing on Linux systems
  * middle mouse paste in the content area no longer navigates to
    URLs by default on Unix systems
  MFSA 2017-24
  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
    Use-after-free of PressShell while restyling layout
  * CVE-2017-7830 (bmo#1408990)
    Cross-origin URL information leak through Resource Timing API
  * CVE-2017-7831 (bmo#1392026)
    Information disclosure of exposed properties on JavaScript proxy
    objects
  * CVE-2017-7832 (bmo#1408782)
    Domain spoofing through use of dotless 'i' character followed
    by accent markers
  * CVE-2017-7833 (bmo#1370497)
    Domain spoofing with Arabic and Indic vowel marker characters
  * CVE-2017-7834 (bmo#1358009)
    data: URLs opened in new tabs bypass CSP protections
  * CVE-2017-7835 (bmo#1402363)
    Mixed content blocking incorrectly applies with redirects
  * CVE-2017-7836 (bmo#1401339)
    Pingsender dynamically loads libcurl on Linux and OS X
  * CVE-2017-7837 (bmo#1325923)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=610
2017-11-14 23:17:59 +00:00
Wolfgang Rosenauer
238d2bd9f9 - update to Firefox 56.0.2
* Disable Form Autofill completely on user request (bmo#1404531)
  * Fix for video-related crashes on Windows 7 (bmo#1409141)
  * Correct detection for 64-bit GSSAPI authentication (bmo#1409275)
  * Fix for shutdown crash (bmo#1404105)

- update to Firefox 56.0.1
  * Block D3D11 when using Intel drivers on Windows 7 systems with
    partial AVX support (bmo#1403353)
  -> just to sync the version number
- enable stylo for TW (requires LLVM >= 3.9)
- queue KDE filepicker requests to avoid non-opening file dialogs
  happening in certain situations (contributed by Ignaz Forster)
- the placeholder dot in KDE file dialog in case of empty filenames
  was removed, apparently not required (anymore)
  (contributed by Ignaz Forster)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=609
2017-10-30 06:56:57 +00:00
Wolfgang Rosenauer
520970847d - Correct plugin directory for aarch64 (boo#1061207). The wrapper
script was not detecting aarch64 as a 64 bit architecture, thus
  used /usr/lib/browser-plugins/.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=607
2017-10-01 21:17:54 +00:00
Wolfgang Rosenauer
263c14d0f3 Accepting request 530202 from home:Zaitor:branches:mozilla:Factory
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
  pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
  pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
  pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
  looks for.

OBS-URL: https://build.opensuse.org/request/show/530202
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=605
2017-10-01 21:08:36 +00:00
Wolfgang Rosenauer
1bfb30f717 * Firefox Screenshots
MFSA 2017-21
  * CVE-2017-7793 (bmo#1371889)
    Use-after-free with Fetch API
  * CVE-2017-7817 (bmo#1356596) (Android-only)
    Firefox for Android address bar spoofing through fullscreen mode
  * CVE-2017-7818 (bmo#1363723)
    Use-after-free during ARIA array manipulation
  * CVE-2017-7819 (bmo#1380292)
    Use-after-free while resizing images in design mode
  * CVE-2017-7824 (bmo#1398381)
    Buffer overflow when drawing and validating elements with ANGLE
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
    Use-after-free in TLS 1.2 generating handshake hashes
  * CVE-2017-7812 (bmo#1379842)
    Drag and drop of malicious page content to the tab bar can open locally stored files
  * CVE-2017-7814 (bmo#1376036)
    Blob and data URLs bypass phishing and malware protection warnings
  * CVE-2017-7813 (bmo#1383951)
    Integer truncation in the JavaScript parser
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
  * CVE-2017-7815 (bmo#1368981)
    Spoofing attack with modal dialogs on non-e10s installations
  * CVE-2017-7816 (bmo#1380597)
    WebExtensions can load about: URLs in extension UI
  * CVE-2017-7821 (bmo#1346515)
    WebExtensions can download and open non-executable files without user interaction
  * CVE-2017-7823 (bmo#1396320)
    CSP sandbox directive did not create a unique origin

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=604
2017-09-29 06:26:35 +00:00
Wolfgang Rosenauer
9b2ce29f83 - update to Firefox 56.0 (boo#1060445)
* Find Options/Preferences more quickly with new search function
  * Media is no longer auto-played when opened in a background tab
  * Enable CSS Grid Layout View
- requires NSPR 4.16 and NSS 3.32.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=603
2017-09-28 08:44:46 +00:00
Wolfgang Rosenauer
8462a9b8f6 Accepting request 529098 from home:dimstar:Factory
- Add alsa-devel BuildRequires: we care for ALSA support to be
  built and thus need to ensure we get the dependencies in place.
  In the past, alsa-devel was pulled in by accident: we
  buildrequire libgnome-devel. This required esound-devel and that
  in turn pulled in alsa-devel for us. libgnome is being fixed to
  no longer require esound-devel.

OBS-URL: https://build.opensuse.org/request/show/529098
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=602
2017-09-28 08:27:23 +00:00
Wolfgang Rosenauer
f0b77e0133 - update to Firefox 55.0.3
* Fix an issue with addons when using a path containing non-ascii
    characters (bmo#1389160)
  * Fix file uploads to some websites, including YouTube (bmo#1383518)
- fix Google API key build integration
- add mozilla-ucontext.patch to fix Tumbleweed build
- do not enable XINPUT2 for now (boo#1053959)

- update to Firefox 55.0.1
  * Fix a regression the tab restoration process (bmo#1388160)
  * Fix a problem causing What's new pages not to be displayed (bmo#1386224)
  * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370)
  * Disable the predictor prefetch (bmo#1388160)

- update to Firefox 55.0 (boo#1052829)
  * Browsing sessions with a high number of tabs are now restored
    in an instant
  * Sidebar (bookmarks, history, synced tabs) can now be moved to
    the right edge of the window
  * Fine-tune your browser performance from the Preferences/Options page.
  * Make screenshots of webpages, and save them locally or upload
    them to the cloud. This feature will undergo A/B testing and
    will not be visible for some users.
  * Added Belarusian (be) locale
  * Simplify print jobs from within print preview
  * Use virtual reality devices with the web with the introduction
    of WebVR
  * Search suggestions are now enabled by default for users who
    haven't explicitly opted-out
  * Search with any installed search engine directly from the

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=601
2017-09-05 10:10:37 +00:00
Wolfgang Rosenauer
00cbc455c9 Accepting request 515330 from home:Andreas_Schwab:Factory
- mozilla-ucontext.patch: use ucontext_t instead of struct ucontext

OBS-URL: https://build.opensuse.org/request/show/515330
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=599
2017-08-09 10:10:53 +00:00
Wolfgang Rosenauer
b7e1035064 - update to Firefox 52.3esr (boo#1052829)
MFSA 2017-19
  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
    XUL injection in the style editor in devtools
  * CVE-2017-7800 (bmo#1374047)
    Use-after-free in WebSockets during disconnection
  * CVE-2017-7801 (bmo#1371259)
    Use-after-free with marquee during window resizing
  * CVE-2017-7784 (bmo#1376087)
    Use-after-free with image observers
  * CVE-2017-7802 (bmo#1378147)
    Use-after-free resizing image elements
  * CVE-2017-7785 (bmo#1356985)
    Buffer overflow manipulating ARIA attributes in DOM
  * CVE-2017-7786 (bmo#1365189)
    Buffer overflow while painting non-displayable SVG
  * CVE-2017-7753 (bmo#1353312)
    Out-of-bounds read with cached style data and pseudo-elements#
  * CVE-2017-7787 (bmo#1322896)
    Same-origin policy bypass with iframes through page reloads
  * CVE-2017-7807 (bmo#1376459)
    Domain hijacking through AppCache fallback
  * CVE-2017-7792 (bmo#1368652)
    Buffer overflow viewing certificates with an extremely long OID
  * CVE-2017-7804 (bmo#1372849)
    Memory protection bypass through WindowsDllDetourPatcher
  * CVE-2017-7791 (bmo#1365875)
    Spoofing following page navigation with data: protocol and modal alerts
  * CVE-2017-7782 (bmo#1344034)
    WindowsDllDetourPatcher allocates memory without DEP protections

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=598
2017-08-08 19:59:47 +00:00
Wolfgang Rosenauer
39f69ee80f Accepting request 508300 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 52.2.1esr, with a slightly faster create-tar.sh

OBS-URL: https://build.opensuse.org/request/show/508300
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=596
2017-07-14 07:51:30 +00:00
Wolfgang Rosenauer
09b85d1e80 - update to Firefox 52.2esr (boo#1043960)
MFSA 2017-16
  * CVE-2017-5472 (bmo#1365602)
    Use-after-free using destroyed node when regenerating trees
  * CVE-2017-7749 (bmo#1355039)
    Use-after-free during docshell reloading
  * CVE-2017-7750 (bmo#1356558)
    Use-after-free with track elements
  * CVE-2017-7751 (bmo#1363396)
    Use-after-free with content viewer listeners
  * CVE-2017-7752 (bmo#1359547)
    Use-after-free with IME input
  * CVE-2017-7754 (bmo#1357090)
    Out-of-bounds read in WebGL with ImageInfo object
  * CVE-2017-7755 (bmo#1361326)
    Privilege escalation through Firefox Installer with same
    directory DLL files (Windows only)
  * CVE-2017-7756 (bmo#1366595)
    Use-after-free and use-after-scope logging XHR header errors
  * CVE-2017-7757 (bmo#1356824)
    Use-after-free in IndexedDB
  * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
    CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
    CVE-2017-7777
    Vulnerabilities in the Graphite 2 library
  * CVE-2017-7758 (bmo#1368490)
    Out-of-bounds read in Opus encoder
  * CVE-2017-7760 (bmo#1348645)
    File manipulation and privilege escalation via callback parameter
    in Mozilla Windows Updater and Maintenance Service (Windows only)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=594
2017-06-14 09:43:07 +00:00
Wolfgang Rosenauer
1dc1d33afa - remove -fno-inline-small-functions and explicitely optimize with
-O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=592
2017-05-24 18:34:48 +00:00
Wolfgang Rosenauer
cce32d5c86 - remove -fno-inline-small-functions which breaks with gcc7
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=591
2017-05-24 14:54:04 +00:00
Wolfgang Rosenauer
278dea96e3 - remove -fno-inline-small-functions
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=590
2017-05-23 14:01:40 +00:00
Wolfgang Rosenauer
878eeecd5a - only optimize with -O2 for openSUSE > 13.2/Leap 42 (gcc7)
(boo#1040105)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=589
2017-05-22 11:55:44 +00:00
Wolfgang Rosenauer
f3477f70fa - update to Firefox 52.1.1
MFSA 2017-14
  * CVE-2017-5031: Use after free in ANGLE (bmo#1328762)
                   (Windows only, Linux not affected)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=587
2017-05-09 05:56:43 +00:00
Wolfgang Rosenauer
7578571bec - switch to Mozilla's geolocation service (boo#1026989)
- removed mozilla-preferences.patch obsoleted by overriding via
  firefox.js
- fixed KDE integration to avoid crash caused by filepicker
  (boo#1015998)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=584
2017-04-28 21:32:26 +00:00
Wolfgang Rosenauer
fcfd6f2d1c - update to Firefox 52.1.0esr (boo#1035082)
MFSA 2017-12
  * CVE-2017-5443 (bmo#1342661)
    Out-of-bounds write during BinHex decoding
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
    Firefox ESR 52.1
  * CVE-2017-5464 (bmo#1347075)
    Memory corruption with accessibility and DOM manipulation
  * CVE-2017-5465 (bmo#1347617)
    Out-of-bounds read in ConvolvePixel
  * CVE-2017-5466 (bmo#1353975)
    Origin confusion when reloading isolated data:text/html URL
  * CVE-2017-5467 (bmo#1347262)
    Memory corruption when drawing Skia content
  * CVE-2017-5460 (bmo#1343642)
    Use-after-free in frame selection
  * CVE-2017-5461 (bmo#1344380)
    Out-of-bounds write in Base64 encoding in NSS
  * CVE-2017-5448 (bmo#1346648)
    Out-of-bounds write in ClearKeyDecryptor
  * CVE-2017-5449 (bmo#1340127)
    Crash during bidirectional unicode manipulation with animation
  * CVE-2017-5446 (bmo#1343505)
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
  * CVE-2017-5447 (bmo#1343552)
    Out-of-bounds read during glyph processing
  * CVE-2017-5444 (bmo#1344461)
    Buffer overflow while parsing application/http-index-format content

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=583
2017-04-20 21:02:48 +00:00
Wolfgang Rosenauer
ef1a98917f - update to Firefox 52.0.2
* Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787)
  * Fix loading tab icons on session restore (bmo#1338009)
  * Fix a crash on startup on Linux (bmo#1345413)
  * Fix new installs erroneously not prompting to change the default
    browser setting (bmo#1343938)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=581
2017-04-03 07:23:02 +00:00
Wolfgang Rosenauer
e7dba2d7e9 - explicitely add libffi build requirement
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=579
2017-03-20 16:28:50 +00:00
Wolfgang Rosenauer
ae8683e30d - disable rust usage for everything but x86(-64)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=578
2017-03-20 16:07:00 +00:00
Wolfgang Rosenauer
43203c9622 - disable rust usage for PPC64LE
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=577
2017-03-20 15:41:53 +00:00
Wolfgang Rosenauer
39f56adaf0 - update to Firefox 52.0.1 (boo#1029822)
MFSA 2017-08
  CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=576
2017-03-17 22:39:31 +00:00
Wolfgang Rosenauer
6ea21fb6f9 - reenable ALSA support which was removed by default upstream
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=575
2017-03-09 12:31:02 +00:00
Wolfgang Rosenauer
6602a2cc2b - update to Firefox 52.0 (boo#1028391)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=574
2017-03-07 23:18:25 +00:00
Wolfgang Rosenauer
2249818fd8 Accepting request 477653 from home:AndreasStieger:branches:mozilla:Factory
add boo#1028391 and CVEs

OBS-URL: https://build.opensuse.org/request/show/477653
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=573
2017-03-07 23:15:47 +00:00
Wolfgang Rosenauer
14ce29297b - update to Firefox 52.0
* requires NSS >= 3.28.3
  * Pages containing insecure password fields now display a warning
    directly within username and password fields.
  * Windows 8 touch screen support for multiprocess Firefox
  * Send and open a tab from one device to another with Sync
  * Removed NPAPI support for plugins other than Flash. Silverlight,
    Java, Acrobat and the like are no longer supported.
  * Removed Battery Status API to reduce fingerprinting of users by
    trackers
- removed obsolete patches
  * mozilla-binutils-visibility.patch
  * mozilla-check_return.patch
  * mozilla-disable-skia-be.patch
  * mozilla-skia-overflow.patch
  * mozilla-skia-ppc-endianess.patch
- rebased patches
- enable rust usage for Tumbleweed

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=572
2017-03-07 08:35:10 +00:00
Wolfgang Rosenauer
3ce0e89892 Accepting request 453042 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 51.0.1

OBS-URL: https://build.opensuse.org/request/show/453042
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=570
2017-01-27 21:48:32 +00:00
Wolfgang Rosenauer
4a4070a0e9 - fix build without skia (big endian archs) (bmo#1319374)
(mozilla-disable-skia-be.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=569
2017-01-27 17:39:50 +00:00
Wolfgang Rosenauer
d2c8956ec2 - add upstream patch to fix PPC64LE (bmo#1319389)
(mozilla-skia-ppc-endianess.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=568
2017-01-27 15:01:24 +00:00
Wolfgang Rosenauer
0f2d4906dd - update to Firefox 51.0
* requires NSPR >= 4.13.1, NSS >= 3.28.1
  * Added support for FLAC (Free Lossless Audio Codec) playback
  * Added support for WebGL 2
  * Added Georgian (ka) and Kabyle (kab) locales
  * Support saving passwords for forms without 'submit' events
  * Improved video performance for users without GPU acceleration
  * Zoom indicator is shown in the URL bar if the zoom level is not
    at default level
  * View passwords from the prompt before saving them
  * Remove Belarusian (be) locale
  * Use Skia for content rendering (Linux)
  * MFSA 2017-01
    CVE-2017-5375: Excessive JIT code allocation allows bypass of
                   ASLR and DEP (bmo#1325200, boo#1021814)
    CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
    CVE-2017-5377: Memory corruption with transforms to create
                   gradients in Skia (bmo#1306883, boo#1021826)
    CVE-2017-5378: Pointer and frame data leakage of Javascript objects
                   (bmo#1312001, bmo#1330769, boo#1021818)
    CVE-2017-5379: Use-after-free in Web Animations
                   (bmo#1309198,boo#1021827)
    CVE-2017-5380: Potential use-after-free during DOM manipulations
                   (bmo#1322107, boo#1021819)
    CVE-2017-5390: Insecure communication methods in Developer Tools
                   JSON viewer (bmo#1297361, boo#1021820)
    CVE-2017-5389: WebExtensions can install additional add-ons via
                   modified host requests (bmo#1308688, boo#1021828)
    CVE-2017-5396: Use-after-free with Media Decoder
                   (bmo#1329403, boo#1021821)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=567
2017-01-25 10:27:08 +00:00
Wolfgang Rosenauer
f6f1953e39 Accepting request 451698 from home:bjoernv:branches:mozilla:Factory
Firefox could not open Google, Wikipedia etc. with HTTPS anymore after update of NSS to 3.28
Sources:
- https://bugs.gentoo.org/show_bug.cgi?id=603622
- https://bugzilla.redhat.com/show_bug.cgi?id=1413303#c5
- https://bugzilla.mozilla.org/show_bug.cgi?id=1290037

OBS-URL: https://build.opensuse.org/request/show/451698
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=566
2017-01-21 08:10:15 +00:00
Wolfgang Rosenauer
47ea133150 - update to Firefox 50.1.0 (boo#1015422)
* MFSA 2016-94
    CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628)
    CVE-2016-9899: Use-after-free while manipulating DOM events and
                   audio elements (bmo#1317409)
    CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
    CVE-2016-9896: Use-after-free with WebVR (bmo#1315543)
    CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
    CVE-2016-9898: Use-after-free in Editor while manipulating
                   DOM subtrees (bmo#1314442)
    CVE-2016-9900: Restricted external resources can be loaded by
                   SVG images through data URLs (bmo#1319122)
    CVE-2016-9904: Cross-origin information leak in shared atoms
                   (bmo#1317936)
    CVE-2016-9901: Data from Pocket server improperly sanitized
                   before execution (bmo#1320057)
    CVE-2016-9902: Pocket extension does not validate the origin
                   of events (bmo#1320039)
    CVE-2016-9903: XSS injection vulnerability in add-ons SDK
                   (bmo#1315435)
    CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
    CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and
                   Firefox ESR 45.6

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=564
2016-12-13 21:10:19 +00:00
Wolfgang Rosenauer
0e804587d5 - update to Firefox 50.1.0 (boo#)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=563
2016-12-12 21:26:20 +00:00
Wolfgang Rosenauer
a7b507dd76 Accepting request 445492 from home:cgrobertson:branches:mozilla:Factory
- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)

OBS-URL: https://build.opensuse.org/request/show/445492
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=562
2016-12-12 18:36:34 +00:00
Wolfgang Rosenauer
120a7e8724 Accepting request 443012 from home:AndreasStieger:branches:mozilla:Factory
Add boo#1012964 to 50.0.2 changelog

OBS-URL: https://build.opensuse.org/request/show/443012
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=560
2016-12-01 17:33:12 +00:00
Wolfgang Rosenauer
01729d0fbe * Firefox crashes with 3rd party Chinese IME when using IME text
(50.0.1)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=559
2016-12-01 03:07:00 +00:00
Wolfgang Rosenauer
3b8276a497 - update to Firefox 50.0.2
security fixes (in 50.0.1): (boo#1012807)
  * MFSA 2016-91
    CVE-2016-9078: data: URL can inherit wrong origin after an
                   HTTP redirect (bmo#1317641)
  security fixes (in 50.0.2)
  * MFSA 2016-92
    CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=558
2016-12-01 03:05:24 +00:00
Wolfgang Rosenauer
a1ebdac66f - update to Firefox 50.0 (boo#1009026)
* requires NSS 3.26.2
  new features
  * Updates to keyboard shortcuts
    Set a preference to have Ctrl+Tab cycle through tabs in recently
    used order
    View a page in Reader Mode by using Ctrl+Alt+R
  * Added option to Find in page that allows users to limit search to
    whole words only
  * Added download protection for a large number of executable file
    types on Windows, Mac and Linux
  * Fixed rendering of dashed and dotted borders with rounded corners
    (border-radius)
  * Added a built-in Emoji set for operating systems without native
    Emoji fonts (Windows 8.0 and lower and Linux)
  * Blocked versions of libavcodec older than 54.35.1
  * additional locale
  security fixes:
  * MFSA 2016-89
    CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
                   (bmo#1292443)
    CVE-2016-5292: URL parsing causes crash (bmo#1288482)
    CVE-2016-5293: Write to arbitrary file with updater and moz
                   maintenance service using updater.log hardlink
		   (Windows only) (bmo#1246945)
    CVE-2016-5294: Arbitrary target directory for result files of
                   update process (Windows only) (bmo#1246972)
    CVE-2016-5297: Incorrect argument length checking in Javascript
                   (bmo#1303678)
    CVE-2016-9064: Addons update must verify IDs match between

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=555
2016-11-15 18:06:29 +00:00
Wolfgang Rosenauer
6f15368db9 Accepting request 437089 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 49.0.2
  * CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
  * CVE-2016-5288: Web content can read cache entries (bsc#1006476)

OBS-URL: https://build.opensuse.org/request/show/437089
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=553
2016-10-24 11:40:07 +00:00
Wolfgang Rosenauer
140f76446a Accepting request 434641 from home:badshah400:firefox-gtk3
**Please wait until successful builds

- Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0
  and fixes have been incorporated by upstream.

OBS-URL: https://build.opensuse.org/request/show/434641
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=551
2016-10-17 13:11:43 +00:00
Wolfgang Rosenauer
9afb5946e2 Accepting request 429896 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 49.0.1

OBS-URL: https://build.opensuse.org/request/show/429896
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=549
2016-09-24 06:25:23 +00:00
Wolfgang Rosenauer
ad9a2b532d new features
* Updated Firefox Login Manager to allow HTTPS pages to use saved
    HTTP logins.
  * Added features to Reader Mode that make it easier on the eyes and
    the ears
  * Improved video performance for users on systems that support
    SSE3 without hardware acceleration
  * Added context menu controls to HTML5 audio and video that let users
    loops files or play files at 1.25x speed
  * Improvements in about:memory reports for tracking font memory usage
  security related
  * MFSA 2016-85
    CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
    mozilla::net::IsValidReferrerPolicy
    CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
    nsCaseTransformTextRunFactory::TransformString
    CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
    PropertyProvider::GetSpacingInternal
    CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
    CVE-2016-5273 (bmo#1280387) - crash in
    mozilla::a11y::HyperTextAccessible::GetChildOffset
    CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
    mozilla::a11y::DocAccessible::ProcessInvalidationList
    CVE-2016-5274 (bmo#1282076) - use-after-free in
    nsFrameManager::CaptureFrameState
    CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
    CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
    mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
    CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
    nsBMPEncoder::AddImageFrame

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=548
2016-09-21 21:34:48 +00:00
Wolfgang Rosenauer
23d3134ccb - update to Firefox 49.0 (boo#999701)
- removed obsolete patches:
  * mozilla-aarch64-48bit-va.patch
  * mozilla-exclude-nametablecpp.patch
  * mozilla-old_configure-bmo1282843.patch
- requires NSS 3.25

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=547
2016-09-20 16:19:47 +00:00
Wolfgang Rosenauer
8f3a8c45f5 Accepting request 423949 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 48.0.2

OBS-URL: https://build.opensuse.org/request/show/423949
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=545
2016-08-31 08:13:42 +00:00
Wolfgang Rosenauer
7c9c7e7cc9 Accepting request 420691 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 48.0.1

OBS-URL: https://build.opensuse.org/request/show/420691
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=543
2016-08-20 21:38:42 +00:00
Wolfgang Rosenauer
d47b90bdde - added upstream patch so system plugins/extensions are correctly
loaded again on x86-64 (bmo#1282843)
  (mozilla-old_configure-bmo1282843.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=542
2016-08-18 06:59:29 +00:00
Wolfgang Rosenauer
0982f0206c Accepting request 417428 from home:pcerny:mozilla:Factory
flex hotfix - changelog update

OBS-URL: https://build.opensuse.org/request/show/417428
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=540
2016-08-08 09:15:08 +00:00
Wolfgang Rosenauer
b20061a222 Accepting request 417132 from home:pcerny:mozilla:Factory
flex hotfix

OBS-URL: https://build.opensuse.org/request/show/417132
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=539
2016-08-05 19:11:43 +00:00
Wolfgang Rosenauer
1728408aaa Accepting request 416757 from home:badshah400:firefox-gtk3
Builds for 42.1 with patch enabled (or disabled), and should do for Factory too

OBS-URL: https://build.opensuse.org/request/show/416757
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=538
2016-08-04 13:49:10 +00:00
Wolfgang Rosenauer
f0b7b2b431 security fixes:
* MFSA 2016-62/CVE-2016-2835/CVE-2016-2836
    Miscellaneous memory safety hazards
  * MFSA 2016-63/CVE-2016-2830 (bmo#1255270)
    Favicon network connection can persist when page is closed
  * MFSA 2016-64/CVE-2016-2838 (bmo#1279814)
    Buffer overflow rendering SVG with bidirectional content
  * MFSA 2016-65/CVE-2016-2839 (bmo#1275339)
    Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
  * MFSA 2016-66/CVE-2016-5251 (bmo#1255570)
    Location bar spoofing via data URLs with malformed/invalid mediatypes
  * MFSA 2016-67/CVE-2016-5252 (bmo#1268854)
    Stack underflow during 2D graphics rendering
  * MFSA 2016-68/CVE-2016-0718 (bmo#1236923)
    Out-of-bounds read during XML parsing in Expat library
  * MFSA 2016-69/CVE-2016-5253 (bmo#1246944)
    Arbitrary file manipulation by local user through Mozilla updater
    and callback application path parameter (Windows-only)
  * MFSA 2016-70/CVE-2016-5254 (bmo#1266963)
    Use-after-free when using alt key and toplevel menus
  * MFSA 2016-71/CVE-2016-5255 (bmo#1212356)
    Crash in incremental garbage collection in JavaScript
  * MFSA 2016-72/CVE-2016-5258 (bmo#1279146)
    Use-after-free in DTLS during WebRTC session shutdown
  * MFSA 2016-73/CVE-2016-5259 (bmo#1282992)
    Use-after-free in service workers with nested sync events
  * MFSA 2016-74/CVE-2016-5260 (bmo#1280294)
    Form input type change from password to text can store plain
    text password in session restore file
  * MFSA 2016-75/CVE-2016-5261 (bmo#1287266)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=537
2016-08-03 04:49:19 +00:00
Wolfgang Rosenauer
fba117331c - update to Firefox 48.0 (boo#991809)
* requires NSS 3.24
  * Process separation (e10s) is enabled for some of you
  * Add-ons that have not been verified and signed by Mozilla will not load
  * WebRTC embetterments
  * The media parser has been redeveloped using the Rust programming
    language
  * better Canvas performance with speedy Skia support
- removed obsolete mozilla-gcc6.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=536
2016-08-03 04:34:40 +00:00
Wolfgang Rosenauer
31e1944594 Accepting request 415720 from home:badshah400:branches:mozilla:Factory
- Update description and screenshots in appdata.xml file.

OBS-URL: https://build.opensuse.org/request/show/415720
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=534
2016-07-29 08:19:31 +00:00
Wolfgang Rosenauer
2c7b769dd2 -fno-inline-small-functions to CFLAGS
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=532
2016-07-24 20:58:14 +00:00
Wolfgang Rosenauer
1d67894392 Accepting request 414914 from home:1Antoine1:branches:mozilla:Factory
Disable some GCC optimizations to fix sigsev at startup on i586. boo#986541

OBS-URL: https://build.opensuse.org/request/show/414914
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=531
2016-07-24 20:38:24 +00:00
Wolfgang Rosenauer
a0dc99e46e Accepting request 412212 from home:Mailaender:branches:mozilla:Factory
Revamped the AppData file:
* less advertisy description
* replaced Windows XP screenshot with GNOME
* HTTPS everywhere
* Update URL to actually show Firefox and not everyone is en_US
* This will never be maintained upstream (see bugzilla) so live with it.

OBS-URL: https://build.opensuse.org/request/show/412212
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=530
2016-07-20 07:26:43 +00:00
Wolfgang Rosenauer
3052298781 Accepting request 405481 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 47.0.1

OBS-URL: https://build.opensuse.org/request/show/405481
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=528
2016-06-29 13:54:41 +00:00
Wolfgang Rosenauer
336127b83a Accepting request 402731 from home:AndreasStieger:branches:mozilla:Factory
patch for boo#984637 can be applied on all targets
add reference to boo#984637

OBS-URL: https://build.opensuse.org/request/show/402731
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=527
2016-06-16 14:00:48 +00:00
Wolfgang Rosenauer
1f8e55111d - mozilla-binutils-visibility.patch to fix build issues with
gcc/binutils combination used in Leap 42.2

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=524
2016-06-15 07:55:15 +00:00
Wolfgang Rosenauer
7441e7733c * add patch mozilla-aarch64-48bit-va.patch
- fix XUL dialog button order under KDE session (boo#984403)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=523
2016-06-14 20:12:53 +00:00
Wolfgang Rosenauer
9fdd4cf285 Accepting request 402022 from home:badshah400:firefox-gtk3
Update gtk3 patch to latest version from Fedora

OBS-URL: https://build.opensuse.org/request/show/402022
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=522
2016-06-14 20:07:58 +00:00
Wolfgang Rosenauer
0f3c39840c Accepting request 401909 from home:algraf:branches:mozilla:Factory
- Fix running on 48bit va aarch64 (bsc#984126)
  - Add patch mozilla-aarch64-48bit-va.patch

OBS-URL: https://build.opensuse.org/request/show/401909
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=521
2016-06-14 19:48:50 +00:00
Wolfgang Rosenauer
b9792ce771 - update to Firefox 47.0 (boo#983549)
* Enable VP9 video codec for users with fast machines
  * Embedded YouTube videos now play with HTML5 video if Flash is
    not installed
  * View and search open tabs from your smartphone or another
    computer in a sidebar
  * Allow no-cache on back/forward navigations for https resources
  security fixes:
  * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
    (boo#983638)
    (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
     bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
     bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
     bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
     bmo#1269729, bmo#1273202, bmo#1273701)
    Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
  * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
    Buffer overflow parsing HTML5 fragments
  * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
    Use-after-free deleting tables from a contenteditable document
  * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
    Addressbar spoofing though the SELECT element
  * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
    Out-of-bounds write with WebGL shader
  * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
    Partial same-origin-policy through setting location.host
    through data URI
  * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
    Use-after-free when textures are used in WebGL operations
    after recycle pool destruction

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=518
2016-06-08 12:26:29 +00:00
Wolfgang Rosenauer
424ee97030 Accepting request 398058 from home:badshah400:branches:mozilla:Factory
Fix building for non-factory openSUSE. The patches have guards themselves wherever needed, we don't need to be paranoid about applying them unconditionally. Sorry for breaking the build earlier.

OBS-URL: https://build.opensuse.org/request/show/398058
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=516
2016-05-26 05:57:29 +00:00
Wolfgang Rosenauer
a5bfddd988 Accepting request 397775 from home:badshah400:branches:openSUSE:Factory:Rings:2-TestDVD
Add patches to build against gcc6, apply these patches only if gcc >= 6 is actually used during compilation.

OBS-URL: https://build.opensuse.org/request/show/397775
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=515
2016-05-25 07:27:59 +00:00
Wolfgang Rosenauer
44ae32c807 Accepting request 396840 from home:dsterba:branches:mozilla:Factory
- enable build with PIE and full relro on x86_64 (boo#980384)

OBS-URL: https://build.opensuse.org/request/show/396840
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=513
2016-05-20 11:04:12 +00:00
Wolfgang Rosenauer
55af92fdfe - update to Firefox 46.0.1
Fixed:
  * Search plugin issue for various locales
  * Add-on signing certificate expiration
  * Service worker update issue
  * Build issue when jit is disabled
  * Limit Sync registration updates
- removed now obsolete mozilla-jit_branch64.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=510
2016-05-07 19:37:00 +00:00
Wolfgang Rosenauer
3779639588 - add mozilla-jit_branch64.patch to avoid PowerPC build failure
(from bmo#1266366)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=508
2016-05-03 20:35:52 +00:00
Wolfgang Rosenauer
e9dadb94d7 Accepting request 393478 from home:michel_mno:branches:mozilla:Factory
new mozilla_add_branch64.patch to avoid PowerPC build failure.
to complete previous request that failed on staging:F

OBS-URL: https://build.opensuse.org/request/show/393478
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=507
2016-05-03 20:02:49 +00:00
Wolfgang Rosenauer
3b138f7f73 (boo#977373, boo#977375, boo#977376)
* MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377)
  * MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378)
  * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812
    (bmo#1252330, bmo#1261776, boo#977379)
  * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380)
  * MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381)
  * MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382)
  * MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384)
  * MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386)
  * MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=506
2016-04-30 07:08:42 +00:00
Wolfgang Rosenauer
41b5455c64 Accepting request 391871 from home:badshah400:firefox-gtk3
Update gtk3 patch so that if applies against ffx 46.0.

OBS-URL: https://build.opensuse.org/request/show/391871
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=502
2016-04-27 23:32:34 +00:00
Wolfgang Rosenauer
97bd16c7cb - update to Firefox 46.0 (boo#977333)
* Improved security of the JavaScript Just In Time (JIT) Compiler
  * WebRTC fixes to improve performance and stability
  * Added support for document.elementsFromPoint
  * Added HKDF support for Web Crypto API
  * requires NSPR 4.12 and NSS 3.22.3
  * added patch to fix unchecked return value
    mozilla-check_return.patch
  * Gtk3 builds not supported at the moment
  security fixes:
  * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807
    Miscellaneous memory safety hazards
  * MFSA 2016-40/CVE-2016-2809 (bmo#1212939)
    Privilege escalation through file deletion by Maintenance Service updater
    (Windows only)
  * MFSA 2016-41/CVE-2016-2810 (bmo#1229681)
    Content provider permission bypass allows malicious application
    to access data (Android only)
  * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 (bmo#1252330, bmo#1261776)
    Use-after-free and buffer overflow in Service Workers
  * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650)
    Disclosure of user actions through JavaScript with motion and
    orientation sensors (only affects mobile variants)
  * MFSA 2016-44/CVE-2016-2814 (bmo#1254721)
    Buffer overflow in libstagefright with CENC offsets
  * MFSA 2016-45/CVE-2016-2816 (bmo#1223743)
    CSP not applied to pages sent with multipart/x-mixed-replace
  * MFSA 2016-46/CVE-2016-2817 (bmo#1227462)
    Elevation of privilege with chrome.tabs.update API in web extensions
  * MFSA 2016-47/CVE-2016-2808 (bmo#1246061)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=500
2016-04-27 07:09:13 +00:00
Wolfgang Rosenauer
e165f239a4 Accepting request 391154 from home:badshah400:branches:mozilla:Factory
mozilla-gtk3_20.patch synced to latest fedora's to fix some scrollbar issues when using gtk 3.20

OBS-URL: https://build.opensuse.org/request/show/391154
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=499
2016-04-24 06:17:46 +00:00
Wolfgang Rosenauer
946a2cf79c Accepting request 389750 from devel:ARM:Factory
- build fixes for arm/aarch64:
  * disable webrtc for arm/aarch64
  * switch away from openGL-ES backend to default for arm/aarch64
   since it almost never builds
  * reenable neon
- reenable webrtc for powerpc as it seems to build

OBS-URL: https://build.opensuse.org/request/show/389750
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=497
2016-04-14 10:14:02 +00:00
Wolfgang Rosenauer
58d2070b38 - Compile against gtk3 depending on whether the macro
%firefox_use_gtk3 is defined or not (e.g., at the prjconf
  level); macro is undefined by default and so gtk2 is used as the
  default toolkit.
- Add BuildRequires for additional packages needed when building
  against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0),
  pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0).
- Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20;
  patch taken from Fedora (bmo#1230955).

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=496
2016-04-12 21:13:00 +00:00
Wolfgang Rosenauer
bb1a23845f Accepting request 387816 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 45.0.2

OBS-URL: https://build.opensuse.org/request/show/387816
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=495
2016-04-12 16:26:19 +00:00
Wolfgang Rosenauer
f9d87d6387 Accepting request 375147 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 45.0.1

OBS-URL: https://build.opensuse.org/request/show/375147
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=493
2016-03-19 08:13:45 +00:00
Wolfgang Rosenauer
a4caa64ef9 - update to Firefox 45.0 (boo#969894)
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
    Miscellaneous memory safety hazards
  * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
    Local file overwriting and potential privilege escalation through
    CSP reports
  * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
    CSP reports fail to strip location information for embedded iframe pages
  * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
    Linux video memory DOS with Intel drivers
  * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
    Memory leak in libstagefright when deleting an array during MP4
    processing
  * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
    Displayed page address can be overridden
  * MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
    Service Worker Manager out-of-bounds read in Service Worker Manager
  * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
    Use-after-free in HTML5 string parser
  * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
    Use-after-free in SetBody
  * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
    Use-after-free when using multiple WebRTC data channels
  * MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
    Memory corruption when modifying a file being read by FileReader
  * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
    Use-after-free during XML transformations
  * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
    Addressbar spoofing though history navigation and Location protocol
    property

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=491
2016-03-08 22:37:32 +00:00
Wolfgang Rosenauer
2d4b618151 - update to Firefox 45.0
* requires NSPR 4.12 / NSS 3.21.1
  * Instant browser tab sharing through Hello
  * Synced Tabs button in button bar
  * Tabs synced via Firefox Accounts from other devices are now shown
    in dropdown area of Awesome Bar when searching
  * Introduce a new preference (network.dns.blockDotOnion) to allow
    blocking .onion at the DNS level
  * Tab Groups (Panorama) feature removed

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=490
2016-03-07 16:25:29 +00:00
Wolfgang Rosenauer
f75dc0e2d0 Accepting request 366570 from home:olh:branches:mozilla:Factory
- Remove B_CNT from symbols.zip filename to reduce build-compare noise

OBS-URL: https://build.opensuse.org/request/show/366570
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=489
2016-03-06 16:21:37 +00:00
Wolfgang Rosenauer
17c09e6be5 units - adding mozilla-reduce-files-per-UnifiedBindings.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=487
2016-02-26 22:35:32 +00:00
Wolfgang Rosenauer
a3bc9c3699 Accepting request 361943 from home:AndreasStieger:branches:mozilla:Factory
- fix build problems on i586, caused by too large unified compile units


Server build is still running, let's see...

OBS-URL: https://build.opensuse.org/request/show/361943
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=486
2016-02-26 21:04:29 +00:00
Wolfgang Rosenauer
3253c98249 - update to Firefox 44.0.2
* MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438)
    Same-origin-policy violation using Service Workers with plugins
  * Fix issue which could lead to the removal of stored passwords
    under certain circumstances (bmo#1242176)
  * Allows spaces in cookie names (bmo#1244505)
  * Disable opus/vorbis audio with H.264 (bmo#1245696)
  * Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
  * Fix a crash in cache networking (bmo#1244076)
  * Fix using WebSockets in service worker controlled pages (bmo#1243942)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=484
2016-02-12 14:47:06 +00:00
Wolfgang Rosenauer
12d483420b Accepting request 356195 from home:AndreasStieger:branches:OBS_Maintained:MozillaFirefox
update bug tracking

OBS-URL: https://build.opensuse.org/request/show/356195
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=481
2016-01-28 06:43:56 +00:00
Wolfgang Rosenauer
2ea3069057 - update to Firefox 44.0 (boo#963520)
* MFSA 2016-01/CVE-2016-1930/CVE-2016-1931
    Miscellaneous memory safety hazards
  * MFSA 2016-02/CVE-2016-1933 (bmo#1231761)
    Out of Memory crash when parsing GIF format images
  * MFSA 2016-03/CVE-2016-1935 (bmo#1220450)
    Buffer overflow in WebGL after out of memory allocation
  * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784)
    Firefox allows for control characters to be set in cookie names
  * MFSA 2016-06/CVE-2016-1937 (bmo#724353)
    Missing delay following user click events in protocol handler dialog
  * MFSA 2016-07/CVE-2016-1938 (bmo#1190248)
    Errors in mp_div and mp_exptmod cryptographic functions in NSS
    (fixed by requiring NSS 3.21)
  * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)
    Addressbar spoofing attacks
  * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
    (bmo#1186621, bmo#1214782, bmo#1232096)
    Unsafe memory manipulation found through code inspection
  * MFSA 2016-11/CVE-2016-1947 (bmo#1237103)
    Application Reputation service disabled in Firefox 43
  * requires NSPR 4.11
  * requires NSS 3.21
- prepare mozilla-kde.patch for Gtk3 builds
- rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=480
2016-01-26 22:39:03 +00:00
Wolfgang Rosenauer
38f5c0b4e7 Accepting request 352991 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 43.0.4

OBS-URL: https://build.opensuse.org/request/show/352991
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=478
2016-01-11 08:19:52 +00:00
Wolfgang Rosenauer
913aba2599 - explicitely requires libXcomposite-devel
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=477
2015-12-29 20:30:21 +00:00
Wolfgang Rosenauer
947695d633 - update to Firefox 43.0.3
* requires NSS 3.20.2 to fix
    MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
    MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
    server signature
  * various changes to support Windows update (SHA-1 vs. SHA-2)
  * workaround Youtube user agent detection issue (bmo#1233970)
- fix file download regression for multi user systems
  (bmo#1233434) (mozilla-bmo1233434.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=475
2015-12-26 13:06:31 +00:00
Wolfgang Rosenauer
5fcce29637 - update to Firefox 43.0 (bnc#959277)
* Improved API support for m4v video playback
  * Users can opt-in to receive search suggestions from the Awesome Bar
  * WebRTC streaming on multiple monitors
  * User selectable second block list for Private Browsing's Tracking
    Protection
  security fixes:
  * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
    Miscellaneous memory safety hazards
  * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
    Crash with JavaScript variable assignment with unboxed objects
  * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
    Same-origin policy violation using perfomance.getEntries and
    history navigation
  * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
    Firefox allows for control characters to be set in cookies
  * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
    Use-after-free in WebRTC when datachannel is used after being
    destroyed
  * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
    Integer overflow allocating extremely large textures
  * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
    Cross-origin information leak through web workers error events
  * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
    Hash in data URI is incorrectly parsed
  * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
    DOS due to malformed frames in HTTP/2
  * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
    Linux file chooser crashes on malformed images due to flaws in
    Jasper library

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=473
2015-12-17 00:06:36 +00:00
Wolfgang Rosenauer
d7dbc2da9b - Add desktop menu action for private browsing window to desktop
- remove obsolete patch mozilla-bmo1005535.patch completely from
  source package to avoid automatic check failures

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=471
2015-11-15 19:53:12 +00:00
Wolfgang Rosenauer
479484011d - Add desktop menu action for private browsing window to desktop
file (boo#954747)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=470
2015-11-12 19:04:14 +00:00
Wolfgang Rosenauer
69197f5305 security fixes:
* MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
    Miscellaneous memory safety hazards
  * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
    Information disclosure through NTLM authentication
  * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
    CSP bypass due to permissive Reader mode whitelist
  * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
    Firefox for Android addressbar can be removed after fullscreen mode
  * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
    Reading sensitive profile files through local HTML file on Android
  * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
    disabling scripts in Add-on SDK panels has no effect
  * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
    Trailing whitespace in IP address hostnames can bypass same-origin policy
  * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
    Buffer overflow during image interactions in canvas
  * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
    Android intents can be used on Firefox for Android to open privileged files
  * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
    XSS attack through intents on Firefox for Android
  * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
    Crash when accessing HTML tables with accessibility tools on OS X
  * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
    CORS preflight is bypassed when non-standard Content-Type headers
    are received
  * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
    Memory corruption in libjar through zip files
  * MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
    Certain escaped characters in host of Location-header are being

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=468
2015-11-03 17:24:31 +00:00
Wolfgang Rosenauer
4461643420 - update to Firefox 42.0 (bnc#952810)
* Private Browsing with Tracking Protection blocks certain Web
    elements that could be used to record your behavior across sites
  * Control Center that contains site security and privacy controls
  * Login Manager improvements
  * WebRTC improvements
  * Indicator added to tabs that play audio with one-click muting
  * Media Source Extension for HTML5 video available for all sites
- requires NSPR 4.10.10 and NSS 3.19.4
- removed obsolete patches
  * mozilla-arm-disable-edsp.patch
  * mozilla-icu-strncat.patch
  * mozilla-skia-be-le.patch
  * toolkit-download-folder.patch
- fixed build with enable-libproxy (bmo#1220399)
  * mozilla-libproxy.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=467
2015-11-03 15:49:03 +00:00
Wolfgang Rosenauer
2de666dd50 - update to Firefox 41.0.2 (bnc#950686)
* MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669)
    Cross-origin restriction bypass using Fetch
- added explicit appdata provides (bnc#949983)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=465
2015-10-16 10:49:41 +00:00
Wolfgang Rosenauer
0e6478e65d - do not build with --enable-stdcxx-compat
(this starts to fail build on various toolchain combinations
  and is not required for openSUSE builds in general

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=463
2015-10-04 09:21:58 +00:00
Wolfgang Rosenauer
a49d69320c - update to Firefox 41.0.1
* Fix a startup crash related to Yandex toolbar and Adblock Plus
    (bmo#1209124)
  * Fix potential hangs with Flash plugins (bmo#1185639)
  * Fix a regression in the bookmark creation (bmo#1206376)
  * Fix a startup crash with some Intel Media Accelerator 3150
    graphic cards (bmo#1207665)
  * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=462
2015-10-01 18:39:43 +00:00
Wolfgang Rosenauer
e6232894a5 ------------------------------------------------------------------
- update to Firefox 40.0.3 (bnc#943550)
  * Disable the asynchronous plugin initialization (bmo#1198590)
  * Fix a segmentation fault in the GStreamer support (bmo#1145230)
  * Fix a regression with some Japanese fonts used in the <input>
    field (bmo#1194055)
  * On some sites, the selection in a select combox box using the
    mouse could be broken (bmo#1194733)
  security fixes
  * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
    Use-after-free when resizing canvas element during restyling
  * MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
    Add-on notification bypass through data URLs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=460
2015-09-23 05:41:29 +00:00
Wolfgang Rosenauer
e28bb154cb - update to Firefox 41.0 (bnc#947003)
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
    Miscellaneous memory safety hazards
  * MFSA 2015-97/CVE-2015-4503 (bmo#994337)
    Memory leak in mozTCPSocket to servers
  * MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
    Out of bounds read in QCMS library with ICC V4 profile attributes
  * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
    Site attribute spoofing on Android by pasting URL with unknown scheme
  * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
    Arbitrary file manipulation by local user through Mozilla updater
  * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
    Buffer overflow in libvpx while parsing vp9 format video
  * MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
    Crash when using debugger with SavedStacks in JavaScript
  * MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
    URL spoofing in reader mode
  * MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
    Use-after-free with shared workers and IndexedDB
  * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
    Buffer overflow while decoding WebM video
  * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
    Use-after-free while manipulating HTML media content
  * MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
    Out-of-bounds read during 2D canvas display on Linux 16-bit
    color depth systems
  * MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
    Scripted proxies can access inner window
  * MFSA 2015-109/CVE-2015-4516 (bmo#904886)
    JavaScript immutable property enforcement can be bypassed

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=459
2015-09-23 05:39:21 +00:00
Wolfgang Rosenauer
7ffa28996e - update to Firefox 41.0 (bnc#)
- rebased patches
- removed obsolete patches
  * mozilla-arm64-libjpeg-turbo.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=458
2015-09-22 06:10:40 +00:00
Wolfgang Rosenauer
97ab9cb840 - update to Firefox 40.0.3 (bnc#943550)
* Disable the asynchronous plugin initialization (bmo#1198590)
  * Fix a segmentation fault in the GStreamer support (bmo#1145230)
  * Fix a regression with some Japanese fonts used in the <input>
    field (bmo#1194055)
  * On some sites, the selection in a select combox box using the
    mouse could be broken (bmo#1194733)
  security fixes
  * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
    Use-after-free when resizing canvas element during restyling
  * MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
    Add-on notification bypass through data URLs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=456
2015-08-28 05:30:26 +00:00
Wolfgang Rosenauer
c24ccd4afb - update to Firefox 40.0 (bnc#940806)
* Added protection against unwanted software downloads
  * Suggested Tiles show sites of interest, based on categories
    from your recent browsing history
  * Hello allows adding a link to conversations to provide context
    on what the conversation will be about
  * New style for add-on manager based on the in-content
    preferences style
  * Improved scrolling, graphics, and video playback performance
    with off main thread compositing (GNU/Linux only)
  * Graphic blocklist mechanism improved: Firefox version ranges
    can be specified, limiting the number of devices blocked
  security fixes:
  * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
    Miscellaneous memory safety hazards
  * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
    Out-of-bounds read with malformed MP3 file
  * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
    Use-after-free in MediaStream playback
  * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
    Redefinition of non-configurable JavaScript object properties
  * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
    Overflow issues in libstagefright
  * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
    Arbitrary file overwriting through Mozilla Maintenance Service
    with hard links (only affected Windows)
  * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
    Out-of-bounds write with Updater and malicious MAR file
    (does not affect openSUSE RPM packages which do not ship the
     updater)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=454
2015-08-12 07:11:49 +00:00
Wolfgang Rosenauer
5cd9f0a774 - security update to Firefox 39.0.3 (bnc#940918)
* MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
    Same origin violation and local file stealing via PDF reader

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=452
2015-08-07 10:23:02 +00:00
Wolfgang Rosenauer
ea519de414 - update to Firefox 39.0 (bnc#935979)
security fixes:
  * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726
    Miscellaneous memory safety hazards
  * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
    Local files or privileged URLs in pages can be opened into new tabs
  * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
    Type confusion in Indexed Database Manager
  * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
    Out-of-bound read while computing an oscillator rendering range in Web Audio
  * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
    Use-after-free in Content Policy due to microtask execution error
  * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
    ECDSA signature validation fails to handle some signatures correctly
    (this fix is shipped by NSS 3.19.1 externally)
  * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
    Use-after-free in workers while using XMLHttpRequest
  * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
    CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
    Vulnerabilities found through code inspection
  * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
    Key pinning is ignored when overridable errors are encountered
  * MFSA 2015-68/CVE-2015-2742 (bmo#1138669)
    OS X crash reports may contain entered key press information
    (not relevant under Linux)
  * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
    Privilege escalation in PDF.js
  * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
    NSS accepts export-length DHE keys with regular DHE cipher suites
    (this fix is shipped by NSS 3.19.1 externally)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=450
2015-07-03 06:21:15 +00:00
Wolfgang Rosenauer
9353554b5d - update to Firefox 39.0
* Share Hello URLs with social networks
  * Support for 'switch' role in ARIA 1.1 (web accessibility)
  * SafeBrowsing malware detection lookups enabled for downloads
    (Mac OS X and Linux)
  * Support for new Unicode 8.0 skin tone emoji
  * Removed support for insecure SSLv3 for network communications
  * Disable use of RC4 except for temporarily whitelisted hosts
  * NPAPI Plug-in performance improved via asynchronous initialization
- dropped mozilla-prefer_plugin_pref.patch as this feature is
  likely not worth maintaining further
- rebased patches
- require NSS 3.19.2

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=449
2015-06-24 19:26:58 +00:00
Wolfgang Rosenauer
51e2af5d00 Accepting request 312501 from home:Andreas_Schwab:Factory
- mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration

OBS-URL: https://build.opensuse.org/request/show/312501
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=448
2015-06-19 06:08:19 +00:00
Wolfgang Rosenauer
d0dd48e06c - update to Firefox 38.0.6
* fixes bmo#1171730 which is not really relevant to oS builds
- fix KDE regression from 38.0.5 builds (bsc#933439)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=447
2015-06-07 20:02:48 +00:00
Wolfgang Rosenauer
e03f1ffc2d - update to Firefox 38.0.5
* Keep track of articles and videos with Pocket
  * Clean formatting for articles and blog posts with Reader View
  * Share the active tab or window in a Hello conversation
- add changes file as source for SRPM (bsc#932142)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=445
2015-06-01 08:32:35 +00:00
Wolfgang Rosenauer
13fb8d74ed Accepting request 307277 from home:michel_mno:branches:mozilla:Factory
- add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from
  https://bugzilla.mozilla.org/show_bug.cgi?id=1153109
  This is for Firefox version 38.0
  similar request as sr #307269 previously done for version 37.0.2

OBS-URL: https://build.opensuse.org/request/show/307277
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=442
2015-05-15 11:08:59 +00:00
Wolfgang Rosenauer
a9fdf6b5ec - update to Firefox 38.0.1
stability and regression fixes
  * Systems with first generation NVidia Optimus graphics cards
    may crash on start-up
  * Users who import cookies from Google Chrome can end up with
    broken websites
  * Large animated images may fail to play and may stop other
    images from loading
- update to Firefox 38.0 (bnc#930622)
  * New tab-based preferences
  * Ruby annotation support
  * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
  security fixes:
  * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
    Miscellaneous memory safety hazards
  * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
    Buffer overflow parsing H.264 video with Linux Gstreamer
  * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
    Buffer overflow with SVG content and CSS
  * MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
    Referrer policy ignored when links opened by middle-click and
    context menu
  * MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
    Out-of-bounds read and write in asm.js validation
  * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
    Use-after-free during text processing with vertical text enabled
  * MFSA 2015-53/CVE-2015-2715 (bmo#988698)
    Use-after-free due to Media Decoder Thread creation during shutdown
  * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
    Buffer overflow when parsing compressed XML

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=441
2015-05-15 09:20:13 +00:00
Wolfgang Rosenauer
8a0ded8a29 - update to 31.7.0 (bnc#)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=440
2015-05-10 20:12:38 +00:00
Wolfgang Rosenauer
98f546d89a - update to Firefox 37.0.2 (bnc#928116)
* MFSA 2015-45/CVE-2015-2706 (bmo#1141081)
    Memory corruption during failed plugin initialization

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=438
2015-04-22 14:54:45 +00:00
Wolfgang Rosenauer
3f9a2a2e9d - update to Firefox 37.0.1 (bnc#926166)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=436
2015-04-07 10:01:31 +00:00
Wolfgang Rosenauer
aece7ba539 - update to Firefox 37.0.1
* MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only)
    Loading privileged content through Reader mode
  * MFSA 2015-44/CVE-2015-0799 (bmo#1148328)
    Certificate verification bypass through the HTTP/2 Alt-Svc header

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=435
2015-04-07 07:34:55 +00:00
Wolfgang Rosenauer
9f194c0737 - update to Firefox 37.0 (bnc#925368)
* Heartbeat user rating system
  * Yandex set as default search provider for the Turkish locale
  * Bing search now uses HTTPS for secure searching
  * Improved protection against site impersonation via OneCRL
    centralized certificate revocation
  * Opportunistically encrypt HTTP traffic where the server supports
    HTTP/2 AltSvc
  * some more behaviour changes for TLS
  security fixes:
  * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
    Miscellaneous memory safety hazards
  * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
    Use-after-free when using the Fluendo MP3 GStreamer plugin
  * MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
    Add-on lightweight theme installation approval bypassed through
    MITM attack
  * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
    resource:// documents can load privileged pages
  * MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
    Out of bounds read in QCMS library
  * MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
    Cursor clickjacking with flash and images (OS X only)
  * MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
    Incorrect memory management for simple-type arrays in WebRTC
  * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
    CORS requests should not follow 30x redirections after preflight
  * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
    Memory corruption crashes in Off Main Thread Compositing
  * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=433
2015-04-01 11:31:46 +00:00
Wolfgang Rosenauer
c579f3ef60 - update to Firefox 37.0
- removed obsolete patches
  * mozilla-bmo1088588.patch
  * mozilla-bmo1108834.patch
- requires NSPR 4.10.8
  mozilla-bmo1005535.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=432
2015-04-01 05:22:19 +00:00
Wolfgang Rosenauer
04d84121d1 Accepting request 292717 from home:k0da:branches:mozilla:Factory
- Fix builds with skia on Power
  mozilla-skia-be-le.patch (patch from #bmo1136958)
  mozilla-bmo1108834.patch
  mozilla-bmo1005535.patch

OBS-URL: https://build.opensuse.org/request/show/292717
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=431
2015-03-28 09:50:17 +00:00
Wolfgang Rosenauer
94f9237755 - update to Firefox 36.0.4 (bnc#923534)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=429
2015-03-22 12:51:39 +00:00
Wolfgang Rosenauer
e8c38e0801 - update to Firefox 36.0.4 (bnc#923495)
* MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
    Privilege escalation through SVG navigation
  * MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
    Code execution through incorrect JavaScript bounds checking
    elimination

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=428
2015-03-22 09:37:21 +00:00
Wolfgang Rosenauer
257d91825b Accepting request 292105 from home:dimstar:Factory
OBS-URL: https://build.opensuse.org/request/show/292105
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=427
2015-03-21 12:49:29 +00:00
Wolfgang Rosenauer
cabc64ee55 - update to Firefox 36.0.1
Bugfixes:
  * Disable the usage of the ANY DNS query type (bmo#1093983)
  * Hello may become inactive until restart (bmo#1137469)
  * Print preferences may not be preserved (bmo#1136855)
  * Hello contact tabs may not be visible (bmo#1137141)
  * Accept hostnames that include an underscore character ("_")
    (bmo#1136616)
  * WebGL may use significant memory with Canvas2d (bmo#1137251)
  * Option -remote has been restored (bmo#1080319)
- added mozilla-skia-bmo1136958.patch to fix build issues for
  ARM and PPC

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=425
2015-03-07 12:10:06 +00:00
Wolfgang Rosenauer
0079985d4c security fixes:
* MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
    Miscellaneous memory safety hazards
  * MFSA 2015-12/CVE-2015-0833 (bmo#945192)
    Invoking Mozilla updater will load locally stored DLL files
    (Windows only)
  * MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
    Appended period to hostnames can bypass HPKP and HSTS protections
  * MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
    Malicious WebGL content crash when writing strings
  * MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
    TLS TURN and STUN connections silently fail to simple TCP connections
  * MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
    Use-after-free in IndexedDB
  * MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
    Buffer overflow in libstagefright during MP4 video playback
  * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
    Double-free when using non-default memory allocators with a
    zero-length XHR
  * MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
    Out-of-bounds read and write while rendering SVG content
  * MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
    Buffer overflow during CSS restyling
  * MFSA 2015-21/CVE-2015-0825 (bmo#1092370)
    Buffer underflow during MP3 playback
  * MFSA 2015-22/CVE-2015-0824 (bmo#1095925)
    Crash using DrawTarget in Cairo graphics library
  * MFSA 2015-23/CVE-2015-0823 (bmo#1098497)
    Use-after-free in Developer Console date with OpenType Sanitiser
  * MFSA 2015-24/CVE-2015-0822 (bmo#1110557)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=423
2015-02-25 06:18:57 +00:00
Wolfgang Rosenauer
e38465171c - update to Firefox 36.0 (bnc#917597)
* mozilla-xremote-client was removed
  * added libclearkey.so media plugin
  * Pinned tiles on the new tab page can be synced
  * Support for the full HTTP/2 protocol. HTTP/2 enables a faster,
    more scalable, and more responsive web.
  * Locale added: Uzbek (uz)
- rebased patches
- requires NSS 3.17.4

- update to Firefox 35.0.1
  * With the Enhanced Steam extension, Firefox could crash (bmo#1123732)
  * Kerberos authentication did not work with alias (bmo#1108971)
  * SVG / CSS animation had a regression causing rendering issues on
    websites like openstreemap.org (bmo#1083079)
  * On Godaddy webmail, Firefox could crash (bmo#1113121)
  * document.baseURI did not get updated to document.location after
    base tag was removed from DOM for site with a CSP (bmo#1121857)
  * With a Right-to-left (RTL) version of Firefox, the text selection
    could be broken (bmo#1104036)
  * CSP had a change in behavior with regard to case sensitivity
    resources loading (bmo#1122445)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=422
2015-02-23 20:32:13 +00:00
Wolfgang Rosenauer
ed1e6f20d0 security fixes:
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
    Miscellaneous memory safety hazards
  * MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
    Uninitialized memory use during bitmap rendering
  * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
    sendBeacon requests lack an Origin header
  * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
    Cookie injection through Proxy Authenticate responses
  * MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
    Read of uninitialized memory in Web Audio
  * MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
    Read-after-free in WebRTC
  * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
    Gecko Media Plugin sandbox escape
  * MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
    Delegated OCSP responder certificates failure with
    id-pkix-ocsp-nocheck extension
  * MFSA 2015-09/CVE-2014-8636 (bmo#987794)
    XrayWrapper bypass through DOM objects

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=420
2015-01-15 06:02:33 +00:00
Wolfgang Rosenauer
1bda786938 - update to Firefox 35.0 (bnc#910669)
notable features:
  * Firefox Hello with new rooms-based conversations model
  * Implemented HTTP Public Key Pinning Extension (for enhanced
    authentication of encrypted connections)
- rebased patches
- dropped explicit support for everything older than 12.3
  (including SLES11)
  * merge firefox-kde.patch and firefox-kde-114.patch
  * dropped mozilla-sle11.patch
- reworked specfile to build conditionally based on release channel
  either Firefox or Firefox Developer Edition
- added mozilla-openaes-decl.patch to fix implicit declarations
- obsolete tracker-miner-firefox < 0.15 because it leads to startup
  crashes (bnc#908892)
- rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=419
2015-01-14 18:32:16 +00:00
Wolfgang Rosenauer
d89c587eeb Accepting request 265117 from home:Ledest:bashisms
fix bashism in mozilla.sh script

OBS-URL: https://build.opensuse.org/request/show/265117
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=417
2014-12-15 18:32:23 +00:00
Wolfgang Rosenauer
4a13134b83 - update to Firefox 34.0.5 (bnc#908009)
* Default search engine changed to Yahoo! for North America
  * Default search engine changed to Yandex for Belarusian, Kazakh,
    and Russian locales
  * Improved search bar (en-US only)
  * Firefox Hello real-time communication client
  * Easily switch themes/personas directly in the Customizing mode
  * Implementation of HTTP/2 (draft14) and ALPN
  * Disabled SSLv3
  * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
    Miscellaneous memory safety hazards
  * MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
    XBL bindings accessible via improper CSS declarations
  * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
    XMLHttpRequest crashes with some input streams
  * MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
    CSP leaks redirect data via violation reports
  * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
    Use-after-free during HTML5 parsing
  * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
    Buffer overflow while parsing media content
  * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
    Bad casting from the BasicThebesLayer to BasicContainerLayer
- rebased patches
- limit linker memory usage for %ix86

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=415
2014-12-02 22:01:52 +00:00
Wolfgang Rosenauer
140e4a12ee - requires NSS 3.17.2
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=414
2014-11-10 16:05:57 +00:00
Wolfgang Rosenauer
b5acd11036 - update to Firefox 33.1
* Adding DuckDuckGo as a search option (upstream)
  * Forget Button added
  * Enhanced Tiles
  * Privacy tour introduced
- fix typo in GStreamer Recommends
- use proper macros for ARM

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=413
2014-11-10 15:49:04 +00:00
Wolfgang Rosenauer
849a660683 Accepting request 259749 from home:Guillaume_G:branches:mozilla:Factory
- Disable elf-hack for aarch64
- Enable EGL for aarch64
- Limit RAM usage during link for %arm
- Fix _constraints for ARM

OBS-URL: https://build.opensuse.org/request/show/259749
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=411
2014-11-06 20:54:53 +00:00
Wolfgang Rosenauer
ab979e2eb7 Accepting request 259483 from devel:ARM:Factory
- use proper macros for ARM 

- use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too
  to fix compiling.
- pass '-Wl,--no-keep-memory' to linker to reduce required memory during
  linking on arm.

OBS-URL: https://build.opensuse.org/request/show/259483
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=410
2014-11-04 23:02:38 +00:00
Wolfgang Rosenauer
113f1f2433 - update to Firefox 33.0.2
* Fix a startup crash with some combination of hardware and drivers
  33.0.1
  * Firefox displays a black screen at start-up with certain
    graphics drivers
- adjusted _constraints for ARM

- added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=408
2014-10-30 12:43:09 +00:00
Wolfgang Rosenauer
b0bbfbf8c8 - define /usr/share/myspell as additional dictionary location
and remove add-plugins.sh finally (bnc#900639)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=407
2014-10-25 08:51:04 +00:00
Wolfgang Rosenauer
fd45b34aba - use Firefox default optimization flags instead of -Os
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=405
2014-10-19 19:45:31 +00:00
Wolfgang Rosenauer
159486ad08 Accepting request 257650 from home:Vindex17:branches:mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/257650
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=404
2014-10-19 19:40:39 +00:00
Wolfgang Rosenauer
3d4d28e3ed - fix build for all ppc by not enabling elf-hack
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=402
2014-10-15 14:13:02 +00:00
Wolfgang Rosenauer
8cec21d43a - fix build for ppc64 and ppc64le by not enabling elf-hack
(bnc#901213)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=401
2014-10-15 08:16:22 +00:00
Wolfgang Rosenauer
637aa82eee Security:
* MFSA 2014-74/CVE-2014-1574/CVE-2014-1575
    Miscellaneous memory safety hazards
  * MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
    Buffer overflow during CSS manipulation
  * MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
    Web Audio memory corruption issues with custom waveforms
  * MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
    Out-of-bounds write with WebM video
  * MFSA 2014-78/CVE-2014-1580 (bmo#1063733)
    Further uninitialized memory use during GIF rendering
  * MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
    Use-after-free interacting with text directionality
  * MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190)
    Key pinning bypasses
  * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
    Inconsistent video sharing within iframe
  * MFSA 2014-82/CVE-2014-1583 (bmo#1015540)
    Accessing cross-origin objects via the Alarms API
    (only relevant for installed web apps)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=400
2014-10-14 17:22:36 +00:00
Wolfgang Rosenauer
2f02270073 - update to Firefox 33.0 (bnc#900941)
New features:
  * OpenH264 support (sandboxed)
  * Enhanced Tiles
  * Improved search experience through the location bar
  * Slimmer and faster JavaScript strings
  * New CSP (Content Security Policy) backend
  * Support for connecting to HTTP proxy over HTTPS
  * Improved reliability of the session restoration
  * Proprietary window.crypto properties/functions removed
- requires NSPR 4.10.7
- requires NSS 3.17.1
- removed obsolete patches:
  * mozilla-ppc.patch
  * mozilla-libproxy-compat.patch
- added basic appdata information

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=399
2014-10-13 18:00:43 +00:00
Wolfgang Rosenauer
ab5934fcc8 - use some more build flags to align with upstream
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=397
2014-09-22 17:07:48 +00:00
Wolfgang Rosenauer
6d0dbb410f - update to Firefox 32.0.2
* just a version bump for our builds
  * fixed the in application update process for certain environments
    (in application update is not enabled in openSUSE and Linux
    is unaffected in any case)
- build with --disable-optimize for 13.1 and above for i586 to
  workaround miscompilations (bnc#896624)

- update to Firefox 32.0.1
  * fixed stability issues for computers with multiple graphics cards
  * mixed content icon may be incorrectly displayed instead of lock
    icon for SSL sites in 32.0 (
  * WebRTC: setRemoteDescription() silently fails if no success
    callback is specified (bmo#1063971)

- update to Firefox 32.0 (bnc#894370)
  * MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562
- rebased patches
- requires NSS 3.16.4
- removed upstreamed patch
  * mozilla-aarch64-bmo-810631.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=396
2014-09-22 16:35:40 +00:00
Wolfgang Rosenauer
5bd4ec3405 * MFSA 2014-67/CVE-2014-1553/CVE-2014-1562
Miscellaneous memory safety hazards
  * MFSA 2014-68/CVE-2014-1563 (bmo#1018524)
    Use-after-free during DOM interactions with SVG
  * MFSA 2014-69/CVE-2014-1564 (bmo#1045977)
    Uninitialized memory use during GIF rendering
  * MFSA 2014-70/CVE-2014-1565 (bmo#1047831)
    Out-of-bounds read in Web Audio audio timeline
  * MFSA 2014-72/CVE-2014-1567 (bmo#1037641)
    Use-after-free setting text directionality

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=394
2014-09-02 18:09:51 +00:00
Wolfgang Rosenauer
894acf7ddc - update to Firefox 31.1.0esr (bnc#894370)
- changes to support compilation on 11.4
  * explicit xz BuildRequires
  * mozilla-nullptr-gcc45.patch
  * remove unresolved makeinfo BuildRequires

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=393
2014-09-01 09:59:18 +00:00
Tomáš Chvátal
0b181e39af Accepting request 245272 from home:sbehlert:branches:mozilla:Factory
- adapted _constraints, used more than 3900MB on s390x during
  last build

OBS-URL: https://build.opensuse.org/request/show/245272
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=392
2014-09-01 09:07:28 +00:00
Wolfgang Rosenauer
62729f3b1a * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548
Miscellaneous memory safety hazards
  * MFSA 2014-57/CVE-2014-1549 (bmo#1020205)
    Buffer overflow during Web Audio buffering for playback
  * MFSA 2014-58/CVE-2014-1550 (bmo#1020411)
    Use-after-free in Web Audio due to incorrect control message ordering
  * MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375)
    Toolbar dialog customization event spoofing
  * MFSA 2014-61/CVE-2014-1555 (bmo#1023121)
    Use-after-free with FireOnStateChange event
  * MFSA 2014-62/CVE-2014-1556 (bmo#1028891)
    Exploitable WebGL crash with Cesium JavaScript library
  * MFSA 2014-63/CVE-2014-1544 (bmo#963150)
    Use-after-free while when manipulating certificates in the trusted cache
    (solved with NSS 3.16.2 requirement)
  * MFSA 2014-64/CVE-2014-1557 (bmo#913805)
    Crash in Skia library when scaling high quality images
  * MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560
    (bmo#1015973, bmo#1026022, bmo#997795)
    Certificate parsing broken by non-standard character encoding
  * MFSA 2014-66/CVE-2014-1552 (bmo#985135)
    IFRAME sandbox same-origin access through redirect

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=390
2014-07-23 05:15:12 +00:00
Wolfgang Rosenauer
51d960176f - update to Firefox 31.0 (bnc#887746)
- use EGL on ARM
- rebased patches
- requires NSS 3.16.2
- requires python-devel (not only python)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=389
2014-07-21 09:32:46 +00:00
Wolfgang Rosenauer
3fe418d0af * mozilla-ppc64le-build.patch
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=386
2014-06-11 12:36:21 +00:00
Wolfgang Rosenauer
8d269f7222 * MFSA 2014-55/CVE-2014-1545 (bmo#1018783)
Out of bounds write in NSPR

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=385
2014-06-11 11:12:30 +00:00
Wolfgang Rosenauer
83b187e5a4 - update to Firefox 30.0 (bnc#881874)
* MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
    (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
     bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
     bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
     bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
     bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
     bmo#1009952, bmo#1011007)
    Miscellaneous memory safety hazards (rv:30.0)
  * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
    (bmo#989994, bmo#999274, bmo#1005584)
    Use-after-free and out of bounds issues found using Address
    Sanitizer
  * MFSA 2014-50/CVE-2014-1539 (bmo#995603)
    Clickjacking through cursor invisability after Flash interaction
  * MFSA 2014-51/CVE-2014-1540 (bmo#978862)
    Use-after-free in Event Listener Manager
  * MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
    Use-after-free with SMIL Animation Controller
  * MFSA 2014-53/CVE-2014-1542 (bmo#991533)
    Buffer overflow in Web Audio Speex resampler
  * MFSA 2014-54/CVE-2014-1543 (bmo#1011859)
    Buffer overflow in Gamepad API
- rebased patches
- removed obsolete patches
  * firefox-browser-css.patch
  * mozilla-aarch64-bmo-962488.patch
  * mozilla-aarch64-bmo-963023.patch
  * mozilla-aarch64-bmo-963024.patch
  * mozilla-aarch64-bmo-963027.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=384
2014-06-11 08:41:30 +00:00
Wolfgang Rosenauer
25ebccd71b - update to Firefox 29.0.1
* Seer disabled by default (bmo#1005958)
  * Session Restore failed with a corrupted sessionstore.js file
    (bmo#1001167)
  * pdf.js printing white page (bmo#1003707, bnc#876833)
- general.useragent.locale gets overwritten with en-US while it
  should be using the active langpack's setting

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=382
2014-05-11 18:09:20 +00:00
Wolfgang Rosenauer
e05b18faa7 * MFSA 2014-34/CVE-2014-1518/CVE-2014-1519
Miscellaneous memory safety hazards
  * MFSA 2014-36/CVE-2014-1522 (bmo#995289)
    Web Audio memory corruption issues
  * MFSA 2014-37/CVE-2014-1523 (bmo#969226)
    Out of bounds read while decoding JPG images
  * MFSA 2014-38/CVE-2014-1524 (bmo#989183)
    Buffer overflow when using non-XBL object as XBL
  * MFSA 2014-39/CVE-2014-1525 (bmo#989210)
    Use-after-free in the Text Track Manager for HTML video
  * MFSA 2014-41/CVE-2014-1528 (bmo#963962)
    Out-of-bounds write in Cairo
  * MFSA 2014-42/CVE-2014-1529 (bmo#987003)
    Privilege escalation through Web Notification API
  * MFSA 2014-43/CVE-2014-1530 (bmo#895557)
    Cross-site scripting (XSS) using history navigations
  * MFSA 2014-44/CVE-2014-1531 (bmo#987140)
    Use-after-free in imgLoader while resizing images
  * MFSA 2014-45/CVE-2014-1492 (bmo#903885)
    Incorrect IDNA domain name matching for wildcard certificates
    (fixed by NSS 3.16)
  * MFSA 2014-46/CVE-2014-1532 (bmo#966006)
    Use-after-free in nsHostResolver
  * MFSA 2014-47/CVE-2014-1526 (bmo#988106)
    Debugger can bypass XrayWrappers with JavaScript

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=379
2014-04-29 21:22:41 +00:00
Wolfgang Rosenauer
9d19809515 - update to Firefox 29.0 (bnc#875378)
- rebased patches
- removed obsolete patches
  * firefox-browser-css.patch
  * mozilla-aarch64-599882cfb998.diff
  * mozilla-aarch64-bmo-963028.patch
  * mozilla-aarch64-bmo-963029.patch
  * mozilla-aarch64-bmo-963030.patch
  * mozilla-aarch64-bmo-963031.patch
- requires NSS 3.16
- added mozilla-icu-strncat.patch to fix post build checks
- add mozilla-aarch64-599882cfb998.patch,
- Add patch for bmo#973977
- Refresh mozilla-ppc64le-xpcom.patch patch
- Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=378
2014-04-27 16:09:32 +00:00
Wolfgang Rosenauer
eda8b9c884 Accepting request 229482 from devel:ARM:Factory
- add mozilla-aarch64-599882cfb998.patch, 
      mozilla-aarch64-bmo-810631.patch,
      mozilla-aarch64-bmo-962488.patch,
      mozilla-aarch64-bmo-963030.patch,
      mozilla-aarch64-bmo-963027.patch,
      mozilla-aarch64-bmo-963028.patch,
      mozilla-aarch64-bmo-963029.patch,
      mozilla-aarch64-bmo-963023.patch,
      mozilla-aarch64-bmo-963024.patch,
      mozilla-aarch64-bmo-963031.patch: AArch64 porting

OBS-URL: https://build.opensuse.org/request/show/229482
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=376
2014-04-13 14:47:41 +00:00
Wolfgang Rosenauer
27336c8295 Accepting request 227348 from openSUSE:Factory:PowerPC
Build fixes for ppc64 and ppc64le

OBS-URL: https://build.opensuse.org/request/show/227348
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=374
2014-03-25 08:26:07 +00:00
Wolfgang Rosenauer
98c325ede9 Accepting request 227064 from openSUSE:Factory:PowerPC
- Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build systm 
- modified patches:
  * mozilla-ppc64le-xpcom.patch

OBS-URL: https://build.opensuse.org/request/show/227064
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=373
2014-03-22 08:18:58 +00:00
Wolfgang Rosenauer
bf382156d6 * JS math correctness issue (bmo#941381)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=371
2014-03-20 06:30:56 +00:00
Wolfgang Rosenauer
ee63deb207 - update to Firefox 28.0 (bnc#868603)
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
    Miscellaneous memory safety hazards
  * MFSA 2014-17/CVE-2014-1497 (bmo#966311)
    Out of bounds read during WAV file decoding
  * MFSA 2014-18/CVE-2014-1498 (bmo#935618)
    crypto.generateCRMFRequest does not validate type of key
  * MFSA 2014-19/CVE-2014-1499 (bmo#961512)
    Spoofing attack on WebRTC permission prompt
  * MFSA 2014-20/CVE-2014-1500 (bmo#956524)
    onbeforeunload and Javascript navigation DOS
  * MFSA 2014-22/CVE-2014-1502 (bmo#972622)
    WebGL content injection from one domain to rendering in another
  * MFSA 2014-23/CVE-2014-1504 (bmo#911547)
    Content Security Policy for data: documents not preserved by
    session restore
  * MFSA 2014-26/CVE-2014-1508 (bmo#963198)
    Information disclosure through polygon rendering in MathML
  * MFSA 2014-27/CVE-2014-1509 (bmo#966021)
    Memory corruption in Cairo during PDF font rendering
  * MFSA 2014-28/CVE-2014-1505 (bmo#941887)
    SVG filters information disclosure through feDisplacementMap
  * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
    Privilege escalation using WebIDL-implemented APIs
  * MFSA 2014-30/CVE-2014-1512 (bmo#982957)
    Use-after-free in TypeObject
  * MFSA 2014-31/CVE-2014-1513 (bmo#982974)
    Out-of-bounds read/write through neutering ArrayBuffer objects
  * MFSA 2014-32/CVE-2014-1514 (bmo#983344)
    Out-of-bounds write through TypedArrayObject after neutering

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=370
2014-03-18 19:44:32 +00:00
Wolfgang Rosenauer
a86d99f987 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=368 2014-02-24 10:45:40 +00:00
Wolfgang Rosenauer
2e55657fde - update to Firefox 27.0.1
* Fixed stability issues with Greasemonkey and other JS that used
    ClearTimeoutOrInterval
  * JS math correctness issue (bnc#941381)
- incorporate Google API key for geolocation (bnc#864170)
- updated list of "other" locales in RPM requirements

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=366
2014-02-23 10:04:06 +00:00