1
0
Commit Graph

1009 Commits

Author SHA256 Message Date
Dominique Leuenberger
9161b661cd Accepting request 964778 from mozilla:Factory
- MozillaFirefox 98.0.2:
  * Fixed: Fixed an issue preventing users from typing in Address
    Bar after opening new tab and pressing cmd + enter
    (bmo#1757376)
  * Fixed: Fixed an issue causing some users to crash in out-of-
    memory conditions (bmo#1757618)
  * Fixed: Fixed an issue in session history which caused some
    sites to fail to load (bmo#1758664)
  * Fixed: Fixed an add-on specific compatibility issue
    (bmo#1759162)

- Change mozilla-kde.patch to follow the GNOME registry
  behavior for new MIME types to avoid opening downloaded files
  without any inquiries (bsc#1197319)

- Add patch to fix start-up on aarch64:
  * mozilla-bmo1757571.patch

- exclude slow cpus for building 

- Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer,
  faster buildhosts, as the others struggle to build FF.

- Mozilla Firefox 98.0.1:
  * Yandex and Mail.ru have been removed as optional search
    providers in the drop-down search menu in Firefox

OBS-URL: https://build.opensuse.org/request/show/964778
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=362
2022-03-28 14:59:45 +00:00
Wolfgang Rosenauer
9ce6769347 Accepting request 964729 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 98.0.2

OBS-URL: https://build.opensuse.org/request/show/964729
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=968
2022-03-24 22:14:52 +00:00
Wolfgang Rosenauer
eb06ba482c Accepting request 964625 from home:DarkWav
Change mozilla-kde.patch to follow the GNOME registry behavior for new MIME types to avoid opening downloaded files without any inquiries (bsc#1197319)

In Firefox 98.0, improvements to the download panel have been made to just download files instead of asking the user what to do with them. Unfortunately this causes some unwanted behavior inside nsKDERegistry as its unconditional call to the function 

mimeInfo->SetPreferredAction(nsIMIMEInfo::useSystemDefault);

results in the browser opening many file types after download without any inquiries.
By replacing this unconditional call with the conditional one found in nsGNOMERegistry as of 98.0, this issue can be avoided:
3b6a1dc7fb/uriloader/exthandler/unix/nsGNOMERegistry.cpp (L98)

If you have any suggestions for improvement, please let me know!

OBS-URL: https://build.opensuse.org/request/show/964625
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=967
2022-03-24 22:11:50 +00:00
Wolfgang Rosenauer
e338663852 Accepting request 963933 from home:Guillaume_G:branches:mozilla:Factory
- Add patch to fix start-up on aarch64:
  * mozilla-bmo1757571.patch

OBS-URL: https://build.opensuse.org/request/show/963933
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=966
2022-03-24 22:10:34 +00:00
Wolfgang Rosenauer
412d94f808 Accepting request 962488 from home:dirkmueller:Factory
- exclude slow cpus for building

OBS-URL: https://build.opensuse.org/request/show/962488
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=965
2022-03-17 22:01:16 +00:00
Wolfgang Rosenauer
e9b727c942 Accepting request 962436 from home:MSirringhaus:branches:mozilla:Factory
- Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer,
  faster buildhosts, as the others struggle to build FF.

OBS-URL: https://build.opensuse.org/request/show/962436
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=964
2022-03-17 12:01:47 +00:00
Dominique Leuenberger
9cd520ec95 Accepting request 960656 from mozilla:Factory
- Mozilla Firefox 98.0
  * Firefox has a new optimized download flow
  * other changes as documented here
    https://www.mozilla.org/en-US/firefox/98.0/releasenotes
  MFSA 2022-10 (bsc#1196900)
  * CVE-2022-26383 (bmo#1742421)
    Browser window spoof using fullscreen mode
  * CVE-2022-26384 (bmo#1744352)
    iframe allow-scripts sandbox bypass
  * CVE-2022-26387 (bmo#1752979)
    Time-of-check time-of-use bug when verifying add-on signatures
  * CVE-2022-26381 (bmo#1736243)
    Use-after-free in text reflows
  * CVE-2022-26382 (bmo#1741888)
    Autofill Text could be exfiltrated via side-channel attacks
  * CVE-2022-26385 (bmo#1747526)
    Use-after-free in thread shutdown
  * CVE-2022-0843 (bmo#1746523, bmo#1749062, bmo#1749164, bmo#1749214,
    bmo#1749610, bmo#1750032, bmo#1752100, bmo#1752405, bmo#1753612,
    bmo#1754508)
    Memory safety bugs fixed in Firefox 98
- requires NSS 3.75
- add mozilla-bmo1756347.patch to fix i586 build

- Remove bashisms ("source" and "function" keywords) from
  mozilla.sh.in to ally with the #!/bin/sh shebang. If the end user
  has either dash-sh package or busybox-sh to handle Bourn Shell
  scripts rather than having bash-sh package, the script would
  fail. Using "." instead of "source" and "create_langpack_link()"
  function definition is enough to keep both sides sane,

OBS-URL: https://build.opensuse.org/request/show/960656
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=361
2022-03-13 19:24:17 +00:00
Wolfgang Rosenauer
8a33a9d65f - add mozilla-bmo1756347.patch to fix i586 build
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=962
2022-03-09 22:00:20 +00:00
Wolfgang Rosenauer
b0ba7186c6 - Mozilla Firefox 98.0
* Firefox has a new optimized download flow
  * other changes as documented here
    https://www.mozilla.org/en-US/firefox/98.0/releasenotes
  MFSA 2022-10 (bsc#1196900)
  * CVE-2022-26383 (bmo#1742421)
    Browser window spoof using fullscreen mode
  * CVE-2022-26384 (bmo#1744352)
    iframe allow-scripts sandbox bypass
  * CVE-2022-26387 (bmo#1752979)
    Time-of-check time-of-use bug when verifying add-on signatures
  * CVE-2022-26381 (bmo#1736243)
    Use-after-free in text reflows
  * CVE-2022-26382 (bmo#1741888)
    Autofill Text could be exfiltrated via side-channel attacks
  * CVE-2022-26385 (bmo#1747526)
    Use-after-free in thread shutdown
  * CVE-2022-0843 (bmo#1746523, bmo#1749062, bmo#1749164, bmo#1749214,
    bmo#1749610, bmo#1750032, bmo#1752100, bmo#1752405, bmo#1753612,
    bmo#1754508)
    Memory safety bugs fixed in Firefox 98
- requires NSS 3.75

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=961
2022-03-09 09:44:23 +00:00
Wolfgang Rosenauer
5614e0ad85 Accepting request 954372 from home:luc14n0:branches:mozilla:Factory
Remove bashisms from mozilla.sh.in file.

OBS-URL: https://build.opensuse.org/request/show/954372
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=960
2022-02-27 10:00:32 +00:00
Dominique Leuenberger
2e4eeec7cd Accepting request 955949 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/955949
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=360
2022-02-21 16:45:57 +00:00
Wolfgang Rosenauer
1aa3604ee4 Accepting request 955943 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 97.0.1

OBS-URL: https://build.opensuse.org/request/show/955943
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=959
2022-02-18 21:48:06 +00:00
Dominique Leuenberger
59553e4ce4 Accepting request 952887 from mozilla:Factory
- Mozilla Firefox 97.0
  MFSA 2022-04 (bsc#1195682)
  * CVE-2022-22753 (bmo#1732435)
    Privilege Escalation to SYSTEM on Windows via Maintenance Service
  * CVE-2022-22754 (bmo#1750565)
    Extensions could have bypassed permission confirmation during update
  * CVE-2022-22755 (bmo#1309630)
    XSL could have allowed JavaScript execution after a tab was closed
  * CVE-2022-22756 (bmo#1317873)
    Drag and dropping an image could have resulted in the dropped
    object being an executable
  * CVE-2022-22757 (bmo#1720098)
    Remote Agent did not prevent local websites from connecting
  * CVE-2022-22758 (bmo#1728742)
    tel: links could have sent USSD codes to the dialer on
    Firefox for Android
  * CVE-2022-22759 (bmo#1739957)
    Sandboxed iframes could have executed script if the parent
    appended elements
  * CVE-2022-22760 (bmo#1740985, bmo#1748503)
    Cross-Origin responses could be distinguished between script
    and non-script content-types
  * CVE-2022-22761 (bmo#1745566)
    frame-ancestors Content Security Policy directive was not
    enforced for framed extension pages
  * CVE-2022-22762 (bmo#1743931)
    JavaScript Dialogs could have been displayed over other
    domains on Firefox for Android
  * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
    bmo#1748210, bmo#1748279)

OBS-URL: https://build.opensuse.org/request/show/952887
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=359
2022-02-10 22:11:36 +00:00
Wolfgang Rosenauer
4e431c39c0 - Mozilla Firefox 97.0
MFSA 2022-04 (bsc#1195682)
  * CVE-2022-22753 (bmo#1732435)
    Privilege Escalation to SYSTEM on Windows via Maintenance Service
  * CVE-2022-22754 (bmo#1750565)
    Extensions could have bypassed permission confirmation during update
  * CVE-2022-22755 (bmo#1309630)
    XSL could have allowed JavaScript execution after a tab was closed
  * CVE-2022-22756 (bmo#1317873)
    Drag and dropping an image could have resulted in the dropped
    object being an executable
  * CVE-2022-22757 (bmo#1720098)
    Remote Agent did not prevent local websites from connecting
  * CVE-2022-22758 (bmo#1728742)
    tel: links could have sent USSD codes to the dialer on
    Firefox for Android
  * CVE-2022-22759 (bmo#1739957)
    Sandboxed iframes could have executed script if the parent
    appended elements
  * CVE-2022-22760 (bmo#1740985, bmo#1748503)
    Cross-Origin responses could be distinguished between script
    and non-script content-types
  * CVE-2022-22761 (bmo#1745566)
    frame-ancestors Content Security Policy directive was not
    enforced for framed extension pages
  * CVE-2022-22762 (bmo#1743931)
    JavaScript Dialogs could have been displayed over other
    domains on Firefox for Android
  * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
    bmo#1748210, bmo#1748279)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=958
2022-02-08 14:33:04 +00:00
Wolfgang Rosenauer
2764c59751 Accepting request 952269 from home:dirkmueller:Factory
- remove memoryperjob and use %limit instead. this allows to
  adapt to more worker types, and lowers the time the package
  is stuck in "scheduling". raising memory above 8 to lower
  risk for LTO jobs to run OOM
- add hack to disable -Wl,--gc-section which avoids a binutils
  segfault on x86
- change mozilla-reduce-rust-debuginfo.patch: use -g1 everywhere

OBS-URL: https://build.opensuse.org/request/show/952269
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=957
2022-02-08 08:38:01 +00:00
Wolfgang Rosenauer
9162c87eb4 Accepting request 951346 from home:dirkmueller:branches:mozilla:Factory
- disable ccache, this adds about 1 minute of build time and 
  over 2 GB of disk space usage without benefit on OBS builds
- build with rust-simd like upstream does
- use -g1 for debuginfo generation as this is what upstream 
  does as well and it saves ~ 2GB of writes
- use %limit on x86_64 to scale down to less capable workers
- disable install stripping so that debuginfo is useful
- use autopatch
- cleanup constraints to specify only jobs, physicalmemory
  and memoryperjob to be more flexible on which host to build
  on

OBS-URL: https://build.opensuse.org/request/show/951346
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=956
2022-02-03 17:24:14 +00:00
Dominique Leuenberger
299ea7a00e Accepting request 949716 from mozilla:Factory
- Mozilla Firefox 96.0.3 (bsc#1195230)
  * Fixed an issue that allowed unexpected data to be submitted in
    some of our search telemetry (bmo#1752317)

OBS-URL: https://build.opensuse.org/request/show/949716
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=358
2022-02-01 13:02:32 +00:00
Wolfgang Rosenauer
f2fb960d33 - Mozilla Firefox 96.0.3 (bsc#1195230)
* Fixed an issue that allowed unexpected data to be submitted in
    some of our search telemetry (bmo#1752317)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=955
2022-01-28 15:33:21 +00:00
Dominique Leuenberger
9179663693 Accepting request 948332 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/948332
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=357
2022-01-26 20:26:30 +00:00
Wolfgang Rosenauer
81795c233e Accepting request 948330 from home:marxin:branches:mozilla:Factory
- Enable -fimplicit-constexpr for GCC 12+.

OBS-URL: https://build.opensuse.org/request/show/948330
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=954
2022-01-24 08:24:06 +00:00
Dominique Leuenberger
3ed41c23b7 Accepting request 947863 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/947863
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=356
2022-01-23 11:15:08 +00:00
Wolfgang Rosenauer
68541949af Accepting request 947794 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 96.0.2

OBS-URL: https://build.opensuse.org/request/show/947794
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=953
2022-01-21 07:26:07 +00:00
Dominique Leuenberger
a2243d4df8 Accepting request 946473 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/946473
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=355
2022-01-15 20:45:12 +00:00
Wolfgang Rosenauer
ab7bde2994 Accepting request 946472 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 96.0.1 boo#1194677

OBS-URL: https://build.opensuse.org/request/show/946472
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=952
2022-01-14 17:14:41 +00:00
Dominique Leuenberger
e950884a22 Accepting request 945699 from mozilla:Factory
- Mozilla Firefox 96.0
  * https://www.mozilla.org/en-US/firefox/96.0/releasenotes
  MFSA 2022-01 (bsc#1194547)
  * CVE-2022-22746 (bmo#1735071)
    Calling into reportValidity could have lead to fullscreen
    window spoof
  * CVE-2022-22743 (bmo#1739220)
    Browser window spoof using fullscreen mode
  * CVE-2022-22742 (bmo#1739923)
    Out-of-bounds memory access when inserting text in edit mode
  * CVE-2022-22741 (bmo#1740389)
    Browser window spoof using fullscreen mode
  * CVE-2022-22740 (bmo#1742334)
    Use-after-free of ChannelEventQueue::mOwner
  * CVE-2022-22738 (bmo#1742382)
    Heap-buffer-overflow in blendGaussianBlur
  * CVE-2022-22737 (bmo#1745874)
    Race condition when playing audio files
  * CVE-2021-4140 (bmo#1746720)
    Iframe sandbox bypass with XSLT
  * CVE-2022-22750 (bmo#1566608)
    IPC passing of resource handles could have lead to sandbox
    bypass
  * CVE-2022-22749 (bmo#1705094)
    Lack of URL restrictions when scanning QR codes
  * CVE-2022-22748 (bmo#1705211)
    Spoofed origin on external protocol launch dialog
  * CVE-2022-22745 (bmo#1735856)
    Leaking cross-origin URLs through securitypolicyviolation
    event

OBS-URL: https://build.opensuse.org/request/show/945699
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=354
2022-01-12 23:22:14 +00:00
Wolfgang Rosenauer
abe4d87b4e - Mozilla Firefox 96.0
* https://www.mozilla.org/en-US/firefox/96.0/releasenotes
  MFSA 2022-01 (bsc#1194547)
  * CVE-2022-22746 (bmo#1735071)
    Calling into reportValidity could have lead to fullscreen
    window spoof
  * CVE-2022-22743 (bmo#1739220)
    Browser window spoof using fullscreen mode
  * CVE-2022-22742 (bmo#1739923)
    Out-of-bounds memory access when inserting text in edit mode
  * CVE-2022-22741 (bmo#1740389)
    Browser window spoof using fullscreen mode
  * CVE-2022-22740 (bmo#1742334)
    Use-after-free of ChannelEventQueue::mOwner
  * CVE-2022-22738 (bmo#1742382)
    Heap-buffer-overflow in blendGaussianBlur
  * CVE-2022-22737 (bmo#1745874)
    Race condition when playing audio files
  * CVE-2021-4140 (bmo#1746720)
    Iframe sandbox bypass with XSLT
  * CVE-2022-22750 (bmo#1566608)
    IPC passing of resource handles could have lead to sandbox
    bypass
  * CVE-2022-22749 (bmo#1705094)
    Lack of URL restrictions when scanning QR codes
  * CVE-2022-22748 (bmo#1705211)
    Spoofed origin on external protocol launch dialog
  * CVE-2022-22745 (bmo#1735856)
    Leaking cross-origin URLs through securitypolicyviolation
    event

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=951
2022-01-11 22:06:33 +00:00
Dominique Leuenberger
2f267289f4 Accepting request 943041 from mozilla:Factory
- Add upstream patches:
  * mozilla-bmo1745560.patch: Fix build against wayland 1.20.
  * mozilla-bmo1744896.patch: Create WaylandVsyncSource on window
    creation

- Mozilla Firefox 95.0.2
  * Addresses frequent crashes experienced by users with C/E/Z-Series
    "Bobcat" CPUs running on Windows 7, 8, and 8.1.
- updated constraints for ppc and x86-64

OBS-URL: https://build.opensuse.org/request/show/943041
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=353
2021-12-30 14:55:28 +00:00
Wolfgang Rosenauer
2942ef5aaf - Mozilla Firefox 95.0.2
* Addresses frequent crashes experienced by users with C/E/Z-Series
    "Bobcat" CPUs running on Windows 7, 8, and 8.1.
- updated constraints for ppc and x86-64

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=950
2021-12-29 10:25:00 +00:00
Wolfgang Rosenauer
b18fda39cd Accepting request 943030 from home:iznogood:branches:mozilla:Factory
- Add upstream patches:
  * mozilla-bmo1745560.patch: Fix build against wayland 1.20.
  * mozilla-bmo1744896.patch: Create WaylandVsyncSource on window
    creation

OBS-URL: https://build.opensuse.org/request/show/943030
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=949
2021-12-29 09:38:41 +00:00
Dominique Leuenberger
d77c0d569f Accepting request 941230 from mozilla:Factory
- Mozilla Firefox 95.0.1 (bsc#1193845)
  * Fixed frequent
    MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
    messages when trying to connect to various microsoft.com
    domains (bmo#1745600)
  * Fix for a WebRender crash on some Linux/X11 systems (bmo#1741956)
  * Fix for a frequent Windows shutdown crash (bmo#1738984)
  * Fix websites contrast issues for some Linux users with
    Dark mode set at OS level (bmo#1740518)

OBS-URL: https://build.opensuse.org/request/show/941230
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=352
2021-12-18 19:29:25 +00:00
Wolfgang Rosenauer
f6424d435d - Mozilla Firefox 95.0.1 (bsc#1193845)
* Fixed frequent
    MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
    messages when trying to connect to various microsoft.com
    domains (bmo#1745600)
  * Fix for a WebRender crash on some Linux/X11 systems (bmo#1741956)
  * Fix for a frequent Windows shutdown crash (bmo#1738984)
  * Fix websites contrast issues for some Linux users with
    Dark mode set at OS level (bmo#1740518)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=948
2021-12-17 14:07:38 +00:00
Dominique Leuenberger
d51a26c5ed Accepting request 936364 from mozilla:Factory
- Mozilla Firefox 95.0
  * You can now move the Picture-in-Picture toggle button to the
    opposite side of the video. Simply look for the new context menu
    option Move Picture-in-Picture Toggle to Left (Right) Side.
  * To better protect Firefox users against side-channel attacks such
    as Spectre, Site Isolation is now enabled for all Firefox 95 users.
  * https://www.mozilla.org/en-US/firefox/95.0/releasenotes
  MFSA 2021-52 (bsc#1193485)
  * CVE-2021-43536 (bmo#1730120)
    URL leakage when navigating while executing asynchronous
    function
  * CVE-2021-43537 (bmo#1738237)
    Heap buffer overflow when using structured clone
  * CVE-2021-43538 (bmo#1739091)
    Missing fullscreen and pointer lock notification when
    requesting both
  * CVE-2021-43539 (bmo#1739683)
    GC rooting failure when calling wasm instance methods
  * MOZ-2021-0010 (bmo#1735852)
    Use-after-free in fullscreen objects on MacOS
  * CVE-2021-43540 (bmo#1636629)
    WebExtensions could have installed persistent ServiceWorkers
  * CVE-2021-43541 (bmo#1696685)
    External protocol handler parameters were unescaped
  * CVE-2021-43542 (bmo#1723281)
    XMLHttpRequest error codes could have leaked the existence of
    an external protocol handler
  * CVE-2021-43543 (bmo#1738418)
    Bypass of CSP sandbox directive when embedding
  * CVE-2021-43544 (bmo#1739934)

OBS-URL: https://build.opensuse.org/request/show/936364
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=351
2021-12-11 23:56:09 +00:00
Wolfgang Rosenauer
79dbc14d01 - Mozilla Firefox 95.0
* You can now move the Picture-in-Picture toggle button to the
    opposite side of the video. Simply look for the new context menu
    option Move Picture-in-Picture Toggle to Left (Right) Side.
  * To better protect Firefox users against side-channel attacks such
    as Spectre, Site Isolation is now enabled for all Firefox 95 users.
  * https://www.mozilla.org/en-US/firefox/95.0/releasenotes
  MFSA 2021-52 (bsc#1193485)
  * CVE-2021-43536 (bmo#1730120)
    URL leakage when navigating while executing asynchronous
    function
  * CVE-2021-43537 (bmo#1738237)
    Heap buffer overflow when using structured clone
  * CVE-2021-43538 (bmo#1739091)
    Missing fullscreen and pointer lock notification when
    requesting both
  * CVE-2021-43539 (bmo#1739683)
    GC rooting failure when calling wasm instance methods
  * MOZ-2021-0010 (bmo#1735852)
    Use-after-free in fullscreen objects on MacOS
  * CVE-2021-43540 (bmo#1636629)
    WebExtensions could have installed persistent ServiceWorkers
  * CVE-2021-43541 (bmo#1696685)
    External protocol handler parameters were unescaped
  * CVE-2021-43542 (bmo#1723281)
    XMLHttpRequest error codes could have leaked the existence of
    an external protocol handler
  * CVE-2021-43543 (bmo#1738418)
    Bypass of CSP sandbox directive when embedding
  * CVE-2021-43544 (bmo#1739934)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=947
2021-12-07 21:12:25 +00:00
Wolfgang Rosenauer
0d5bac4eb8 Accepting request 935283 from home:AndreasStieger:branches:mozilla:Factory
- remove x-scheme-handler/ftp from firefox.desktop boo#1193321

OBS-URL: https://build.opensuse.org/request/show/935283
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=946
2021-12-02 21:24:56 +00:00
Wolfgang Rosenauer
a4862dbb50 Accepting request 934031 from home:iznogood:branches:mozilla:Factory
- Drop unused libidl-devel BuildRequires.

OBS-URL: https://build.opensuse.org/request/show/934031
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=945
2021-11-30 07:53:04 +00:00
Dominique Leuenberger
cbeaa1a7c6 Accepting request 933355 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/933355
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=350
2021-11-26 23:50:35 +00:00
Wolfgang Rosenauer
4e8a9f546c Accepting request 933349 from home:AndreasStieger:branches:mozilla:Factory
94.0.2 boo#1193014

OBS-URL: https://build.opensuse.org/request/show/933349
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=944
2021-11-23 22:50:02 +00:00
Dominique Leuenberger
577f513dd4 Accepting request 929844 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/929844
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=349
2021-11-08 16:24:08 +00:00
Wolfgang Rosenauer
e36ee00a57 Accepting request 929747 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 94.0.1

OBS-URL: https://build.opensuse.org/request/show/929747
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=943
2021-11-06 10:32:26 +00:00
Wolfgang Rosenauer
8739ae12dd - Mozilla Firefox 94.0
* https://www.mozilla.org/en-US/firefox/94.0/releasenotes
  MFSA 2021-48 (bsc#1192250)
  * CVE-2021-38503 (bmo#1729517)
    iframe sandbox rules did not apply to XSLT stylesheets
  * CVE-2021-38504 (bmo#1730156)
    Use-after-free in file picker dialog
  * CVE-2021-38505 (bmo#1730194)
    Windows 10 Cloud Clipboard may have recorded sensitive user data
  * CVE-2021-38506 (bmo#1730750)
    Firefox could be coaxed into going into fullscreen mode
    without notification or warning
  * CVE-2021-38507 (bmo#1730935)
    Opportunistic Encryption in HTTP2 could be used to bypass the
    Same-Origin-Policy on services hosted on other ports
  * MOZ-2021-0003 (bmo#1736886)
    Universal XSS in Firefox for Android via QR Code URLs
  * CVE-2021-38508 (bmo#1366818)
    Permission Prompt could be overlaid, resulting in user
    confusion and potential spoofing
  * MOZ-2021-0004 (bmo#1659155)
    Web Extensions could access pre-redirect URL when their
    context menu was triggered by a user
  * CVE-2021-38509 (bmo#1718571)
    Javascript alert box could have been spoofed onto an
    arbitrary domain
  * CVE-2021-38510 (bmo#1731779)
    Download Protections were bypassed by .inetloc files on Mac OS
  * MOZ-2021-0005 (bmo#1719203)
    'Copy Image Link' context menu action could have been abused

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=942
2021-11-02 13:51:34 +00:00
Dominique Leuenberger
1221141379 Accepting request 927811 from mozilla:Factory
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
- (re-)enable LTO on Tumbleweed

- Rebase mozilla-sandbox-fips.patch to punch another hole in the
  sandbox containment, to be able to open /proc/sys/crypto/fips_enabled
  from within the newly introduced socket process sandbox.
  This fixes bsc#1191815 and bsc#1190141

- Add patch to fix build on aarch64 (bmo#1729124)

OBS-URL: https://build.opensuse.org/request/show/927811
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=348
2021-10-29 20:33:08 +00:00
Wolfgang Rosenauer
151a4b1f05 - Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
- (re-)enable LTO on Tumbleweed
  sandbox containment, to be able to open /proc/sys/crypto/fips_enabled
- Add patch to fix build on aarch64 (bmo#1729124)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=941
2021-10-27 15:33:17 +00:00
Wolfgang Rosenauer
ae15405da4 Accepting request 927437 from home:iznogood:branches:mozilla:Factory
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires.

OBS-URL: https://build.opensuse.org/request/show/927437
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=940
2021-10-27 15:31:55 +00:00
Wolfgang Rosenauer
7f5ab49250 Accepting request 927257 from home:marxin:branches:mozilla:Factory
- Enable LTO for openSUSE Tumbleweed.

OBS-URL: https://build.opensuse.org/request/show/927257
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=939
2021-10-27 15:31:17 +00:00
Wolfgang Rosenauer
07e2068a94 Accepting request 926488 from home:MSirringhaus:branches:mozilla:Factory
- Rebase mozilla-sandbox-fips.patch to punch another hole in the
  sandbox containment, to be able to open /proc/sys/crypto/fips_enabled 
  from within the newly introduced socket process sandbox.
  This fixes bsc#1191815 and bsc#1190141

OBS-URL: https://build.opensuse.org/request/show/926488
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=938
2021-10-21 06:51:24 +00:00
Dominique Leuenberger
53dc001d8c Accepting request 926026 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/926026
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=347
2021-10-20 18:23:50 +00:00
Wolfgang Rosenauer
d9fccc7f41 Accepting request 926012 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Add patch to fix build on aarch64 - bmo#1729124 
  * mozilla-bmo1729124.patch

OBS-URL: https://build.opensuse.org/request/show/926012
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=937
2021-10-18 14:39:26 +00:00
Dominique Leuenberger
da443c7a7f Accepting request 923417 from mozilla:Factory
- Mozilla Firefox 93.0
  * supports the new AVIF image format
  * PDF viewer now supports filling more forms (XFA-based forms)
  * now blocks downloads that rely on insecure connections,
    protecting against potentially malicious or unsafe downloads
  * Improved web compatibility for privacy protections with SmartBlock 3.0
  * Introducing a new referrer tracking protection in Strict Tracking
    Protection and Private Browsing
  * TLS ciphersuites that use 3DES have been disabled. Such
    ciphersuites can only be enabled when deprecated versions of
    TLS are also enabled
  * The download panel now follows the Firefox visual styles
  MFSA 2021-43 (bsc#1191332)
  * CVE-2021-38496 (bmo#1725335)
    Use-after-free in MessageTask
  * CVE-2021-38497 (bmo#1726621)
    Validation message could have been overlaid on another origin
  * CVE-2021-38498 (bmo#1729642)
    Use-after-free of nsLanguageAtomService object
  * CVE-2021-32810 (bmo#1729813)
    https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
    Data race in crossbeam-deque
  * CVE-2021-38500 (bmo#1725854, bmo#1728321)
    Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
  * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
    Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
  * CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
    Memory safety bugs fixed in Firefox 93
- removed obsolete mozilla-bmo1708709.patch

OBS-URL: https://build.opensuse.org/request/show/923417
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=346
2021-10-12 19:48:11 +00:00
Wolfgang Rosenauer
317e7b9c84 - Mozilla Firefox 93.0
* supports the new AVIF image format
  * PDF viewer now supports filling more forms (XFA-based forms)
  * now blocks downloads that rely on insecure connections,
    protecting against potentially malicious or unsafe downloads
  * Improved web compatibility for privacy protections with SmartBlock 3.0
  * Introducing a new referrer tracking protection in Strict Tracking
    Protection and Private Browsing
  * TLS ciphersuites that use 3DES have been disabled. Such
    ciphersuites can only be enabled when deprecated versions of
    TLS are also enabled
  * The download panel now follows the Firefox visual styles
  MFSA 2021-43 (bsc#1191332)
  * CVE-2021-38496 (bmo#1725335)
    Use-after-free in MessageTask
  * CVE-2021-38497 (bmo#1726621)
    Validation message could have been overlaid on another origin
  * CVE-2021-38498 (bmo#1729642)
    Use-after-free of nsLanguageAtomService object
  * CVE-2021-32810 (bmo#1729813)
    https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
    Data race in crossbeam-deque
  * CVE-2021-38500 (bmo#1725854, bmo#1728321)
    Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
  * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
    Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
  * CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
    Memory safety bugs fixed in Firefox 93
- removed obsolete mozilla-bmo1708709.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=936
2021-10-06 07:02:07 +00:00
Dominique Leuenberger
c0180c6ed8 Accepting request 921893 from mozilla:Factory
OBS-URL: https://build.opensuse.org/request/show/921893
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/MozillaFirefox?expand=0&rev=345
2021-09-30 21:43:12 +00:00