1
0
Commit Graph

395 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
a958854f92 Accepting request 560783 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 57.0.3 bsc#1074235

OBS-URL: https://build.opensuse.org/request/show/560783
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=622
2017-12-31 08:46:35 +00:00
Wolfgang Rosenauer
ef7f78afd2 Accepting request 555580 from home:AndreasStieger:branches:mozilla:Factory
amend changelog

OBS-URL: https://build.opensuse.org/request/show/555580
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=620
2017-12-11 08:35:28 +00:00
Wolfgang Rosenauer
5ab1f22724 Accepting request 555271 from home:dimstar:Factory
- Explicitly buildrequires python2-xml: The build system relies on
  it. We wrongly relied on other packages pulling it in for us.

- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.

OBS-URL: https://build.opensuse.org/request/show/555271
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=619
2017-12-11 08:32:40 +00:00
Wolfgang Rosenauer
0eb4f70103 - update to Firefox 57.0.1
* Fix a video color distortion issue on YouTube and other video
    sites with some AMD devices (bmo#1417442)
  * Fix an issue with prefs.js when the profile path has non-ascii
    characters (bmo#1420427)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=617
2017-12-03 16:35:26 +00:00
Wolfgang Rosenauer
06e8aeb58c - Add mozilla-bmo1360278.patch
The new config entry is named ui.context_menus.after_mouseup
  (default : false).

- Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled
  widget.allow-client-side-decoration=true
  (mozilla-bmo1399611-csd.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=615
2017-11-24 22:07:36 +00:00
Wolfgang Rosenauer
e0fb118b81 Accepting request 544148 from home:cgiboudeaux:branches:mozilla:Factory
- Add firefox-show-context-menu-on-mouse-release.patch
  This is upstream's version of the previous patch creating a
  preference to restore the Firefox < 57 behaviour.
  The new config entry is named ui.context_menus.after_mouseup
  (default : false). Fixes bmo#1360278.

OBS-URL: https://build.opensuse.org/request/show/544148
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=614
2017-11-24 21:53:29 +00:00
Wolfgang Rosenauer
fe9ab0007d Accepting request 542056 from home:cgiboudeaux:branches:mozilla:Factory
- Add show-context-menu-on-mouse-release.patch.
  Starting with Firefox 57, the context menu appears on key press.
  This patch creates a config entry to restore the
  old behaviour. Without the patch, the mouse gesture extensions
  require 2 clicks to work (bmo#1360278). The config entry is named
  "input.contextMenu.onRelease" (default: false).

OBS-URL: https://build.opensuse.org/request/show/542056
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=613
2017-11-18 08:20:26 +00:00
Wolfgang Rosenauer
1975148d10 fix changelog
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=611
2017-11-15 06:46:35 +00:00
Wolfgang Rosenauer
c3624659ef - update to Firefox 57.0b14
* Firefox Quantum
  * Photon UI
  * Unified address and search bar
  * AMD VP9 hardware video decoder support
  * Added support for Date/Time input
  * stricter security sandbox blocking filesystem reading and
    writing on Linux systems
  * middle mouse paste in the content area no longer navigates to
    URLs by default on Unix systems
  MFSA 2017-24
  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
    Use-after-free of PressShell while restyling layout
  * CVE-2017-7830 (bmo#1408990)
    Cross-origin URL information leak through Resource Timing API
  * CVE-2017-7831 (bmo#1392026)
    Information disclosure of exposed properties on JavaScript proxy
    objects
  * CVE-2017-7832 (bmo#1408782)
    Domain spoofing through use of dotless 'i' character followed
    by accent markers
  * CVE-2017-7833 (bmo#1370497)
    Domain spoofing with Arabic and Indic vowel marker characters
  * CVE-2017-7834 (bmo#1358009)
    data: URLs opened in new tabs bypass CSP protections
  * CVE-2017-7835 (bmo#1402363)
    Mixed content blocking incorrectly applies with redirects
  * CVE-2017-7836 (bmo#1401339)
    Pingsender dynamically loads libcurl on Linux and OS X
  * CVE-2017-7837 (bmo#1325923)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=610
2017-11-14 23:17:59 +00:00
Wolfgang Rosenauer
238d2bd9f9 - update to Firefox 56.0.2
* Disable Form Autofill completely on user request (bmo#1404531)
  * Fix for video-related crashes on Windows 7 (bmo#1409141)
  * Correct detection for 64-bit GSSAPI authentication (bmo#1409275)
  * Fix for shutdown crash (bmo#1404105)

- update to Firefox 56.0.1
  * Block D3D11 when using Intel drivers on Windows 7 systems with
    partial AVX support (bmo#1403353)
  -> just to sync the version number
- enable stylo for TW (requires LLVM >= 3.9)
- queue KDE filepicker requests to avoid non-opening file dialogs
  happening in certain situations (contributed by Ignaz Forster)
- the placeholder dot in KDE file dialog in case of empty filenames
  was removed, apparently not required (anymore)
  (contributed by Ignaz Forster)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=609
2017-10-30 06:56:57 +00:00
Wolfgang Rosenauer
520970847d - Correct plugin directory for aarch64 (boo#1061207). The wrapper
script was not detecting aarch64 as a 64 bit architecture, thus
  used /usr/lib/browser-plugins/.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=607
2017-10-01 21:17:54 +00:00
Wolfgang Rosenauer
263c14d0f3 Accepting request 530202 from home:Zaitor:branches:mozilla:Factory
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
  pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
  pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
  pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
  looks for.

OBS-URL: https://build.opensuse.org/request/show/530202
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=605
2017-10-01 21:08:36 +00:00
Wolfgang Rosenauer
1bfb30f717 * Firefox Screenshots
MFSA 2017-21
  * CVE-2017-7793 (bmo#1371889)
    Use-after-free with Fetch API
  * CVE-2017-7817 (bmo#1356596) (Android-only)
    Firefox for Android address bar spoofing through fullscreen mode
  * CVE-2017-7818 (bmo#1363723)
    Use-after-free during ARIA array manipulation
  * CVE-2017-7819 (bmo#1380292)
    Use-after-free while resizing images in design mode
  * CVE-2017-7824 (bmo#1398381)
    Buffer overflow when drawing and validating elements with ANGLE
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
    Use-after-free in TLS 1.2 generating handshake hashes
  * CVE-2017-7812 (bmo#1379842)
    Drag and drop of malicious page content to the tab bar can open locally stored files
  * CVE-2017-7814 (bmo#1376036)
    Blob and data URLs bypass phishing and malware protection warnings
  * CVE-2017-7813 (bmo#1383951)
    Integer truncation in the JavaScript parser
  * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
    OS X fonts render some Tibetan and Arabic unicode characters as spaces
  * CVE-2017-7815 (bmo#1368981)
    Spoofing attack with modal dialogs on non-e10s installations
  * CVE-2017-7816 (bmo#1380597)
    WebExtensions can load about: URLs in extension UI
  * CVE-2017-7821 (bmo#1346515)
    WebExtensions can download and open non-executable files without user interaction
  * CVE-2017-7823 (bmo#1396320)
    CSP sandbox directive did not create a unique origin

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=604
2017-09-29 06:26:35 +00:00
Wolfgang Rosenauer
9b2ce29f83 - update to Firefox 56.0 (boo#1060445)
* Find Options/Preferences more quickly with new search function
  * Media is no longer auto-played when opened in a background tab
  * Enable CSS Grid Layout View
- requires NSPR 4.16 and NSS 3.32.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=603
2017-09-28 08:44:46 +00:00
Wolfgang Rosenauer
8462a9b8f6 Accepting request 529098 from home:dimstar:Factory
- Add alsa-devel BuildRequires: we care for ALSA support to be
  built and thus need to ensure we get the dependencies in place.
  In the past, alsa-devel was pulled in by accident: we
  buildrequire libgnome-devel. This required esound-devel and that
  in turn pulled in alsa-devel for us. libgnome is being fixed to
  no longer require esound-devel.

OBS-URL: https://build.opensuse.org/request/show/529098
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=602
2017-09-28 08:27:23 +00:00
Wolfgang Rosenauer
f0b77e0133 - update to Firefox 55.0.3
* Fix an issue with addons when using a path containing non-ascii
    characters (bmo#1389160)
  * Fix file uploads to some websites, including YouTube (bmo#1383518)
- fix Google API key build integration
- add mozilla-ucontext.patch to fix Tumbleweed build
- do not enable XINPUT2 for now (boo#1053959)

- update to Firefox 55.0.1
  * Fix a regression the tab restoration process (bmo#1388160)
  * Fix a problem causing What's new pages not to be displayed (bmo#1386224)
  * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370)
  * Disable the predictor prefetch (bmo#1388160)

- update to Firefox 55.0 (boo#1052829)
  * Browsing sessions with a high number of tabs are now restored
    in an instant
  * Sidebar (bookmarks, history, synced tabs) can now be moved to
    the right edge of the window
  * Fine-tune your browser performance from the Preferences/Options page.
  * Make screenshots of webpages, and save them locally or upload
    them to the cloud. This feature will undergo A/B testing and
    will not be visible for some users.
  * Added Belarusian (be) locale
  * Simplify print jobs from within print preview
  * Use virtual reality devices with the web with the introduction
    of WebVR
  * Search suggestions are now enabled by default for users who
    haven't explicitly opted-out
  * Search with any installed search engine directly from the

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=601
2017-09-05 10:10:37 +00:00
Wolfgang Rosenauer
00cbc455c9 Accepting request 515330 from home:Andreas_Schwab:Factory
- mozilla-ucontext.patch: use ucontext_t instead of struct ucontext

OBS-URL: https://build.opensuse.org/request/show/515330
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=599
2017-08-09 10:10:53 +00:00
Wolfgang Rosenauer
b7e1035064 - update to Firefox 52.3esr (boo#1052829)
MFSA 2017-19
  * CVE-2017-7798 (bmo#1371586, bmo#1372112)
    XUL injection in the style editor in devtools
  * CVE-2017-7800 (bmo#1374047)
    Use-after-free in WebSockets during disconnection
  * CVE-2017-7801 (bmo#1371259)
    Use-after-free with marquee during window resizing
  * CVE-2017-7784 (bmo#1376087)
    Use-after-free with image observers
  * CVE-2017-7802 (bmo#1378147)
    Use-after-free resizing image elements
  * CVE-2017-7785 (bmo#1356985)
    Buffer overflow manipulating ARIA attributes in DOM
  * CVE-2017-7786 (bmo#1365189)
    Buffer overflow while painting non-displayable SVG
  * CVE-2017-7753 (bmo#1353312)
    Out-of-bounds read with cached style data and pseudo-elements#
  * CVE-2017-7787 (bmo#1322896)
    Same-origin policy bypass with iframes through page reloads
  * CVE-2017-7807 (bmo#1376459)
    Domain hijacking through AppCache fallback
  * CVE-2017-7792 (bmo#1368652)
    Buffer overflow viewing certificates with an extremely long OID
  * CVE-2017-7804 (bmo#1372849)
    Memory protection bypass through WindowsDllDetourPatcher
  * CVE-2017-7791 (bmo#1365875)
    Spoofing following page navigation with data: protocol and modal alerts
  * CVE-2017-7782 (bmo#1344034)
    WindowsDllDetourPatcher allocates memory without DEP protections

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=598
2017-08-08 19:59:47 +00:00
Wolfgang Rosenauer
39f69ee80f Accepting request 508300 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 52.2.1esr, with a slightly faster create-tar.sh

OBS-URL: https://build.opensuse.org/request/show/508300
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=596
2017-07-14 07:51:30 +00:00
Wolfgang Rosenauer
09b85d1e80 - update to Firefox 52.2esr (boo#1043960)
MFSA 2017-16
  * CVE-2017-5472 (bmo#1365602)
    Use-after-free using destroyed node when regenerating trees
  * CVE-2017-7749 (bmo#1355039)
    Use-after-free during docshell reloading
  * CVE-2017-7750 (bmo#1356558)
    Use-after-free with track elements
  * CVE-2017-7751 (bmo#1363396)
    Use-after-free with content viewer listeners
  * CVE-2017-7752 (bmo#1359547)
    Use-after-free with IME input
  * CVE-2017-7754 (bmo#1357090)
    Out-of-bounds read in WebGL with ImageInfo object
  * CVE-2017-7755 (bmo#1361326)
    Privilege escalation through Firefox Installer with same
    directory DLL files (Windows only)
  * CVE-2017-7756 (bmo#1366595)
    Use-after-free and use-after-scope logging XHR header errors
  * CVE-2017-7757 (bmo#1356824)
    Use-after-free in IndexedDB
  * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
    CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
    CVE-2017-7777
    Vulnerabilities in the Graphite 2 library
  * CVE-2017-7758 (bmo#1368490)
    Out-of-bounds read in Opus encoder
  * CVE-2017-7760 (bmo#1348645)
    File manipulation and privilege escalation via callback parameter
    in Mozilla Windows Updater and Maintenance Service (Windows only)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=594
2017-06-14 09:43:07 +00:00
Wolfgang Rosenauer
1dc1d33afa - remove -fno-inline-small-functions and explicitely optimize with
-O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=592
2017-05-24 18:34:48 +00:00
Wolfgang Rosenauer
cce32d5c86 - remove -fno-inline-small-functions which breaks with gcc7
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=591
2017-05-24 14:54:04 +00:00
Wolfgang Rosenauer
278dea96e3 - remove -fno-inline-small-functions
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=590
2017-05-23 14:01:40 +00:00
Wolfgang Rosenauer
878eeecd5a - only optimize with -O2 for openSUSE > 13.2/Leap 42 (gcc7)
(boo#1040105)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=589
2017-05-22 11:55:44 +00:00
Wolfgang Rosenauer
f3477f70fa - update to Firefox 52.1.1
MFSA 2017-14
  * CVE-2017-5031: Use after free in ANGLE (bmo#1328762)
                   (Windows only, Linux not affected)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=587
2017-05-09 05:56:43 +00:00
Wolfgang Rosenauer
7578571bec - switch to Mozilla's geolocation service (boo#1026989)
- removed mozilla-preferences.patch obsoleted by overriding via
  firefox.js
- fixed KDE integration to avoid crash caused by filepicker
  (boo#1015998)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=584
2017-04-28 21:32:26 +00:00
Wolfgang Rosenauer
fcfd6f2d1c - update to Firefox 52.1.0esr (boo#1035082)
MFSA 2017-12
  * CVE-2017-5443 (bmo#1342661)
    Out-of-bounds write during BinHex decoding
  * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
     bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
    Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
    Firefox ESR 52.1
  * CVE-2017-5464 (bmo#1347075)
    Memory corruption with accessibility and DOM manipulation
  * CVE-2017-5465 (bmo#1347617)
    Out-of-bounds read in ConvolvePixel
  * CVE-2017-5466 (bmo#1353975)
    Origin confusion when reloading isolated data:text/html URL
  * CVE-2017-5467 (bmo#1347262)
    Memory corruption when drawing Skia content
  * CVE-2017-5460 (bmo#1343642)
    Use-after-free in frame selection
  * CVE-2017-5461 (bmo#1344380)
    Out-of-bounds write in Base64 encoding in NSS
  * CVE-2017-5448 (bmo#1346648)
    Out-of-bounds write in ClearKeyDecryptor
  * CVE-2017-5449 (bmo#1340127)
    Crash during bidirectional unicode manipulation with animation
  * CVE-2017-5446 (bmo#1343505)
    Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
  * CVE-2017-5447 (bmo#1343552)
    Out-of-bounds read during glyph processing
  * CVE-2017-5444 (bmo#1344461)
    Buffer overflow while parsing application/http-index-format content

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=583
2017-04-20 21:02:48 +00:00
Wolfgang Rosenauer
ef1a98917f - update to Firefox 52.0.2
* Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787)
  * Fix loading tab icons on session restore (bmo#1338009)
  * Fix a crash on startup on Linux (bmo#1345413)
  * Fix new installs erroneously not prompting to change the default
    browser setting (bmo#1343938)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=581
2017-04-03 07:23:02 +00:00
Wolfgang Rosenauer
e7dba2d7e9 - explicitely add libffi build requirement
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=579
2017-03-20 16:28:50 +00:00
Wolfgang Rosenauer
ae8683e30d - disable rust usage for everything but x86(-64)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=578
2017-03-20 16:07:00 +00:00
Wolfgang Rosenauer
43203c9622 - disable rust usage for PPC64LE
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=577
2017-03-20 15:41:53 +00:00
Wolfgang Rosenauer
39f56adaf0 - update to Firefox 52.0.1 (boo#1029822)
MFSA 2017-08
  CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=576
2017-03-17 22:39:31 +00:00
Wolfgang Rosenauer
6ea21fb6f9 - reenable ALSA support which was removed by default upstream
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=575
2017-03-09 12:31:02 +00:00
Wolfgang Rosenauer
6602a2cc2b - update to Firefox 52.0 (boo#1028391)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=574
2017-03-07 23:18:25 +00:00
Wolfgang Rosenauer
2249818fd8 Accepting request 477653 from home:AndreasStieger:branches:mozilla:Factory
add boo#1028391 and CVEs

OBS-URL: https://build.opensuse.org/request/show/477653
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=573
2017-03-07 23:15:47 +00:00
Wolfgang Rosenauer
14ce29297b - update to Firefox 52.0
* requires NSS >= 3.28.3
  * Pages containing insecure password fields now display a warning
    directly within username and password fields.
  * Windows 8 touch screen support for multiprocess Firefox
  * Send and open a tab from one device to another with Sync
  * Removed NPAPI support for plugins other than Flash. Silverlight,
    Java, Acrobat and the like are no longer supported.
  * Removed Battery Status API to reduce fingerprinting of users by
    trackers
- removed obsolete patches
  * mozilla-binutils-visibility.patch
  * mozilla-check_return.patch
  * mozilla-disable-skia-be.patch
  * mozilla-skia-overflow.patch
  * mozilla-skia-ppc-endianess.patch
- rebased patches
- enable rust usage for Tumbleweed

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=572
2017-03-07 08:35:10 +00:00
Wolfgang Rosenauer
3ce0e89892 Accepting request 453042 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 51.0.1

OBS-URL: https://build.opensuse.org/request/show/453042
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=570
2017-01-27 21:48:32 +00:00
Wolfgang Rosenauer
4a4070a0e9 - fix build without skia (big endian archs) (bmo#1319374)
(mozilla-disable-skia-be.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=569
2017-01-27 17:39:50 +00:00
Wolfgang Rosenauer
d2c8956ec2 - add upstream patch to fix PPC64LE (bmo#1319389)
(mozilla-skia-ppc-endianess.patch)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=568
2017-01-27 15:01:24 +00:00
Wolfgang Rosenauer
0f2d4906dd - update to Firefox 51.0
* requires NSPR >= 4.13.1, NSS >= 3.28.1
  * Added support for FLAC (Free Lossless Audio Codec) playback
  * Added support for WebGL 2
  * Added Georgian (ka) and Kabyle (kab) locales
  * Support saving passwords for forms without 'submit' events
  * Improved video performance for users without GPU acceleration
  * Zoom indicator is shown in the URL bar if the zoom level is not
    at default level
  * View passwords from the prompt before saving them
  * Remove Belarusian (be) locale
  * Use Skia for content rendering (Linux)
  * MFSA 2017-01
    CVE-2017-5375: Excessive JIT code allocation allows bypass of
                   ASLR and DEP (bmo#1325200, boo#1021814)
    CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
    CVE-2017-5377: Memory corruption with transforms to create
                   gradients in Skia (bmo#1306883, boo#1021826)
    CVE-2017-5378: Pointer and frame data leakage of Javascript objects
                   (bmo#1312001, bmo#1330769, boo#1021818)
    CVE-2017-5379: Use-after-free in Web Animations
                   (bmo#1309198,boo#1021827)
    CVE-2017-5380: Potential use-after-free during DOM manipulations
                   (bmo#1322107, boo#1021819)
    CVE-2017-5390: Insecure communication methods in Developer Tools
                   JSON viewer (bmo#1297361, boo#1021820)
    CVE-2017-5389: WebExtensions can install additional add-ons via
                   modified host requests (bmo#1308688, boo#1021828)
    CVE-2017-5396: Use-after-free with Media Decoder
                   (bmo#1329403, boo#1021821)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=567
2017-01-25 10:27:08 +00:00
Wolfgang Rosenauer
f6f1953e39 Accepting request 451698 from home:bjoernv:branches:mozilla:Factory
Firefox could not open Google, Wikipedia etc. with HTTPS anymore after update of NSS to 3.28
Sources:
- https://bugs.gentoo.org/show_bug.cgi?id=603622
- https://bugzilla.redhat.com/show_bug.cgi?id=1413303#c5
- https://bugzilla.mozilla.org/show_bug.cgi?id=1290037

OBS-URL: https://build.opensuse.org/request/show/451698
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=566
2017-01-21 08:10:15 +00:00
Wolfgang Rosenauer
47ea133150 - update to Firefox 50.1.0 (boo#1015422)
* MFSA 2016-94
    CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628)
    CVE-2016-9899: Use-after-free while manipulating DOM events and
                   audio elements (bmo#1317409)
    CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
    CVE-2016-9896: Use-after-free with WebVR (bmo#1315543)
    CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
    CVE-2016-9898: Use-after-free in Editor while manipulating
                   DOM subtrees (bmo#1314442)
    CVE-2016-9900: Restricted external resources can be loaded by
                   SVG images through data URLs (bmo#1319122)
    CVE-2016-9904: Cross-origin information leak in shared atoms
                   (bmo#1317936)
    CVE-2016-9901: Data from Pocket server improperly sanitized
                   before execution (bmo#1320057)
    CVE-2016-9902: Pocket extension does not validate the origin
                   of events (bmo#1320039)
    CVE-2016-9903: XSS injection vulnerability in add-ons SDK
                   (bmo#1315435)
    CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
    CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and
                   Firefox ESR 45.6

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=564
2016-12-13 21:10:19 +00:00
Wolfgang Rosenauer
0e804587d5 - update to Firefox 50.1.0 (boo#)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=563
2016-12-12 21:26:20 +00:00
Wolfgang Rosenauer
a7b507dd76 Accepting request 445492 from home:cgrobertson:branches:mozilla:Factory
- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)

OBS-URL: https://build.opensuse.org/request/show/445492
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=562
2016-12-12 18:36:34 +00:00
Wolfgang Rosenauer
120a7e8724 Accepting request 443012 from home:AndreasStieger:branches:mozilla:Factory
Add boo#1012964 to 50.0.2 changelog

OBS-URL: https://build.opensuse.org/request/show/443012
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=560
2016-12-01 17:33:12 +00:00
Wolfgang Rosenauer
01729d0fbe * Firefox crashes with 3rd party Chinese IME when using IME text
(50.0.1)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=559
2016-12-01 03:07:00 +00:00
Wolfgang Rosenauer
3b8276a497 - update to Firefox 50.0.2
security fixes (in 50.0.1): (boo#1012807)
  * MFSA 2016-91
    CVE-2016-9078: data: URL can inherit wrong origin after an
                   HTTP redirect (bmo#1317641)
  security fixes (in 50.0.2)
  * MFSA 2016-92
    CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=558
2016-12-01 03:05:24 +00:00
Wolfgang Rosenauer
a1ebdac66f - update to Firefox 50.0 (boo#1009026)
* requires NSS 3.26.2
  new features
  * Updates to keyboard shortcuts
    Set a preference to have Ctrl+Tab cycle through tabs in recently
    used order
    View a page in Reader Mode by using Ctrl+Alt+R
  * Added option to Find in page that allows users to limit search to
    whole words only
  * Added download protection for a large number of executable file
    types on Windows, Mac and Linux
  * Fixed rendering of dashed and dotted borders with rounded corners
    (border-radius)
  * Added a built-in Emoji set for operating systems without native
    Emoji fonts (Windows 8.0 and lower and Linux)
  * Blocked versions of libavcodec older than 54.35.1
  * additional locale
  security fixes:
  * MFSA 2016-89
    CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
                   (bmo#1292443)
    CVE-2016-5292: URL parsing causes crash (bmo#1288482)
    CVE-2016-5293: Write to arbitrary file with updater and moz
                   maintenance service using updater.log hardlink
		   (Windows only) (bmo#1246945)
    CVE-2016-5294: Arbitrary target directory for result files of
                   update process (Windows only) (bmo#1246972)
    CVE-2016-5297: Incorrect argument length checking in Javascript
                   (bmo#1303678)
    CVE-2016-9064: Addons update must verify IDs match between

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=555
2016-11-15 18:06:29 +00:00
Wolfgang Rosenauer
6f15368db9 Accepting request 437089 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 49.0.2
  * CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
  * CVE-2016-5288: Web content can read cache entries (bsc#1006476)

OBS-URL: https://build.opensuse.org/request/show/437089
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=553
2016-10-24 11:40:07 +00:00
Wolfgang Rosenauer
140f76446a Accepting request 434641 from home:badshah400:firefox-gtk3
**Please wait until successful builds

- Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0
  and fixes have been incorporated by upstream.

OBS-URL: https://build.opensuse.org/request/show/434641
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=551
2016-10-17 13:11:43 +00:00