1
0
Commit Graph

23 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
d5337670c2 Accepting request 811243 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 77.0.1
  * Disable automatic selection of DNS over HTTPS providers during
    a test to enable wider deployment in a more controlled way
    (bmo#1642723)

OBS-URL: https://build.opensuse.org/request/show/811243
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=831
2020-06-04 06:00:26 +00:00
Wolfgang Rosenauer
5c3bb08acd - Mozilla Firefox 77.0
* view and manage web certificates more easily on the new
    about:certificate page
  * improvements in accessibility
  * significant improvements to JavaScript debugging
  MFSA 2020-20 (bsc#1172402)
  * CVE-2020-12399 (bmo#1631576)
    Timing attack on DSA signatures in NSS library
    (fixed with external NSS >= 3.52.1)
  * CVE-2020-12405 (bmo#1631618)
    Use-after-free in SharedWorkerService
  * CVE-2020-12406 (bmo#1639590)
    JavaScript type confusion with NativeTypes
  * CVE-2020-12407 (bmo#1637112)
    WebRender leaking GPU memory when using border-image CSS
    directive
  * CVE-2020-12408 (bmo#1623888)
    URL spoofing when using IP addresses
  * CVE-2020-12409 (bmo#1619305, bmo#1632717)
    Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
  * CVE-2020-12411 (bmo#1620972, bmo#1625333)
    Memory safety bugs fixed in Firefox 77
- requires
  * NSS >= 3.52.1
  * rust-cbindgen >= 1.14.1
  * clang >= 5
- added mozilla-bmo1634646.patch as part of fixing PGO build
  (still not working)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=830
2020-06-02 14:55:49 +00:00
Wolfgang Rosenauer
d5f3632780 - Mozilla Firefox 76.0.1
* Fixed a bug causing some add-ons such as Amazon Assistant to see
    multiple onConnect events, impairing functionality (bmo#1635637)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=827
2020-05-12 21:40:30 +00:00
Wolfgang Rosenauer
f1f2bf264a - Mozilla Firefox 76.0
* Lockwise improvements
  * Improvements in Picture-in-Picture feature
  * Support Audio Worklets
  MFSA-2020-16 (bsc#1171186)
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-12388 (bmo#1618911)
    Sandbox escape with improperly guarded Access Tokens
  * CVE-2020-12389 (bmo#1554110)
    Sandbox escape with improperly separated process types
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12390 (bmo#1141959)
    Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
  * CVE-2020-12391 (bmo#1457100)
    Content-Security-Policy bypass using object elements
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2020-12394 (bmo#1628288)
    URL spoofing in location bar when unfocussed
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
    Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
  * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
    bmo#1622291, bmo#1627644)
    Memory safety bugs fixed in Firefox 76

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=825
2020-05-05 19:25:39 +00:00
Wolfgang Rosenauer
f0a9acb709 - Mozilla Firefox 75.0
- removed obsolete patch
  mozilla-bmo1609538.patch
- requires
  * rust >= 1.41
  * rust-cbindgen >= 0.13.1
  * mozilla-nss >= 3.51
  * nodejs10 >= 10.19

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=821
2020-04-07 12:21:48 +00:00
Wolfgang Rosenauer
474c698ebf - Mozilla Firefox 74.0.1
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=817
2020-04-03 15:25:40 +00:00
Wolfgang Rosenauer
a9628fa6ae - Mozilla Firefox 74.0
* https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
  MFSA 2020-08 (bsc#1166238)
  * CVE-2020-6805 (bmo#1610880)
    Use-after-free when removing data about origins
  * CVE-2020-6806 (bmo#1612308)
    BodyStream::OnInputStreamReady was missing protections against
    state confusion
  * CVE-2020-6807 (bmo#1614971)
    Use-after-free in cubeb during stream destruction
  * CVE-2020-6808 (bmo#1247968)
    URL Spoofing via javascript: URL
  * CVE-2020-6809 (bmo#1420296)
    Web Extensions with the all-urls permission could access local
    files
  * CVE-2020-6810 (bmo#1432856)
    Focusing a popup while in fullscreen could have obscured the
    fullscreen notification
  * CVE-2020-6811 (bmo#1607742)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2019-20503 (bmo#1613765)
    Out of bounds reads in sctp_load_addresses_from_init
  * CVE-2020-6812 (bmo#1616661)
    The names of AirPods with personally identifiable information
    were exposed to websites with camera or microphone permission
  * CVE-2020-6813 (bmo#1605814)
    @import statements in CSS could bypass the Content Security
    Policy nonce feature
  * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=809
2020-03-12 19:14:24 +00:00
Wolfgang Rosenauer
32b74d8c4c - Mozilla Firefox 73.0.1
* Resolved problems connecting to the RBC Royal Bank website
    (bmo#1613943)
  * Fixed Firefox unexpectedly exiting when leaving Print Preview mode
    (bmo#1611133)
  * Fixed crashes when playing encrypted content on some Linux systems
    (bmo#1614535)
- start in wayland mode when running under wayland session

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=804
2020-02-20 13:56:27 +00:00
Wolfgang Rosenauer
82f4bf17d0 - Mozilla Firefox 73.0
* Added support for setting a default zoom level applicable for all
    web content
  * High-contrast mode has been updated to allow background images
  * Improved audio quality when playing back audio at a faster or
    slower speed
  * Added NextDNS as alternative option for DNS over HTTPS
  MFSA 2020-05 (bsc#1163368)
  * CVE-2020-6796 (bmo#1610426)
    Missing bounds check on shared memory read in the parent process
  * CVE-2020-6797 (bmo#1596668) (MacOS X only)
    Extensions granted downloads.open permission could open arbitrary
    applications on Mac OSX
  * CVE-2020-6798 (bmo#1602944)
    Incorrect parsing of template tag could result in JavaScript injection
  * CVE-2020-6799 (bmo#1606596) (Windows only)
    Arbitrary code execution when opening pdf links from other
    applications, when Firefox is configured as default pdf reader
  * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
    bmo#1608580,bmo#1608785,bmo#1605777)
    Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
  * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492)
    Memory safety bugs fixed in Firefox 73
- updated requirements
  * rust >= 1.39
  * NSS >= 3.49.2
  * rust-cbindgen >= 0.12.0
- rebased patches
- removed obsolete patch
  * mozilla-bmo1601707.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=802
2020-02-12 14:14:39 +00:00
Wolfgang Rosenauer
f7f1c3fabe - Mozilla Firefox 72.0.2
* Various stability fixes
  * Fixed issues opening files with spaces in their path (bmo#1601905)
  * Fixed a hang opening about:logins when a master password is set
    (bmo#1606992)
  * Fixed a web compatibility issue with CSS Shadow Parts which
    shipped in Firefox 72 (bmo#1604989)
  * Fixed inconsistent playback performance for fullscreen 1080p
    videos on some systems (bmo#1608485)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=798
2020-01-22 10:33:47 +00:00
Wolfgang Rosenauer
31f1b363df - Mozilla Firefox 72.0.1
- Mozilla Firefox 72.0
  * block fingerprinting scripts by default
  * new notification pop-ups
  * Picture-in-picture video
  MFSA 2020-01
  * CVE-2019-17016 (bmo#1599181)
    Bypass of @namespace CSS sanitization during pasting
  * CVE-2019-17017 (bmo#1603055)
    Type Confusion in XPCVariant.cpp
  * CVE-2019-17020 (bmo#1597645)
    Content Security Policy not applied to XSL stylesheets applied
    to XML documents
  * CVE-2019-17022 (bmo#1602843)
    CSS sanitization does not escape HTML tags
  * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME)
    NSS may negotiate TLS 1.2 or below after a TLS 1.3
    HelloRetryRequest had been sent
  * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826)
    Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
  * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965
    bmo#1595692,bmo#1597321,bmo#1597481)
    Memory safety bugs fixed in Firefox 72
- update create-tar.sh to skip compare-locales
- requires NSPR 4.24 and NSS 3.48
- removed usage of browser-plugins convention for NPAPI plugins
  from start wrapper and changed the RPM macro to the
  /usr/$LIB/mozilla/plugins location (boo#1160302)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=793
2020-01-08 11:59:18 +00:00
Wolfgang Rosenauer
474457216d - Mozilla Firefox 71.0
* Improvements to Lockwise, our integrated password manager
  * More information about Enhanced Tracking Protection in action
  * Native MP3 decoding on Windows, Linux, and macOS
  * Configuration page (about:config) reimplemented in HTML
  * New kiosk mode functionality, which allows maximum screen space
    for customer-facing displays
  MFSA 2019-36
  * CVE-2019-11756 (bmo#1508776)
    Use-after-free of SFTKSession object
  * CVE-2019-17008 (bmo#1546331)
    Use-after-free in worker destruction
  * CVE-2019-13722 (bmo#1580156) (Windows only)
    Stack corruption due to incorrect number of arguments in WebRTC code
  * CVE-2019-17014 (bmo#1322864)
    Dragging and dropping a cross-origin resource, incorrectly loaded
    as an image, could result in information disclosure
  * CVE-2019-17010 (bmo#1581084)
    Use-after-free when performing device orientation checks
  * CVE-2019-17005 (bmo#1584170)
    Buffer overflow in plain text serializer
  * CVE-2019-17011 (bmo#1591334)
    Use-after-free when retrieving a document in antitracking
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209
    bmo#1580288, bmo#1585760, bmo#1592502)
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
  * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937
    bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865
    bmo#1594181)
    Memory safety bugs fixed in Firefox 71

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=789
2019-12-09 07:58:52 +00:00
Wolfgang Rosenauer
c5265ac327 - Mozilla Firefox 70.0.1
* Fix for an issue that caused some websites or page elements using
    dynamic JavaScript to fail to load. (bmo#1592136)
  * Title bar no longer shows in full screen view (bmo#1588747)
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
  big endian platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=787
2019-11-01 14:24:05 +00:00
Wolfgang Rosenauer
9b8d4398e7 - Mozilla Firefox 70.0
* more privacy protections from Enhanced Tracking Protection
  * Firefox Lockwise passwordmanager
  * Improvements to core engine components, for better browsing on more sites
  * Improved privacy and security indicators
  MFSA 2019-34
  * CVE-2018-6156 (bmo#1480088)
    Heap buffer overflow in FEC processing in WebRTC
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11765 (bmo#1562582)
    Incorrect permissions could be granted to a website
  * CVE-2019-17000 (bmo#1441468)
    CSP bypass using object tag with data: URI
  * CVE-2019-17001 (bmo#1587976)
    CSP bypass using object tag when script-src 'none' is specified
  * CVE-2019-17002 (bmo#1561056)
    upgrade-insecure-requests was not being honored for links dragged and dropped

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=786
2019-10-25 09:13:30 +00:00
Wolfgang Rosenauer
929b941313 - Mozilla Firefox 69.0.3
* Fixed Yahoo mail users being prompted to download files when
    clicking on emails (bmo#1582848)
- devel package build can easily be disabled now

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=783
2019-10-13 16:07:47 +00:00
Wolfgang Rosenauer
13cc39d491 - Mozilla Firefox 69.0.2
- updated supported locale list
- remove obsolete kde.js setting (boo#1151186) and related patch
  firefox-add-kde.js-in-order-to-survive-PGO-build.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=778
2019-10-03 08:42:59 +00:00
Wolfgang Rosenauer
a21dd9a5f8 - update create-tar.sh to latest revision and adjusted tar_stamps
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=773
2019-09-25 11:40:52 +00:00
Wolfgang Rosenauer
1f7d350ac4 - Mozilla Firefox 69.0.1
* Fixed external programs launching in the background when clicking
    a link from inside Firefox to launch them (bmo#1570845)
  * Usability improvements to the Add-ons Manager for users with
    screen readers (bmo#1567600)
  * Fixed the Captive Portal notification bar not being dismissable
    in some situations after login is complete (bmo#1578633)
  * Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454)
  * Fixed missing stacks in the Developer Tools Performance section
    (bmo#1578354)
  MFSA 2019-31
  * CVE-2019-11754 (bmo#1580506)
    Pointer Lock is enabled with no user notification
- disable DOH by default

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=768
2019-09-20 07:16:58 +00:00
Wolfgang Rosenauer
0c3a6afdc4 - Mozilla Firefox 69.0
* Enhanced Tracking Protection (ETP) for stronger privacy protections
  * Block Autoplay feature is enhanced to give users the option to block
    any video
  * Users in the US or using the en-US browser, can get a new “New Tab”
    page experience connecting to the best of Pocket's content.
  * Support for the Web Authentication HmacSecret extension via
    Windows Hello introduced.
  * Support for receiving multiple video codecs with this release makes
    it easier for WebRTC conferencing services to mix video from
    different clients.
- requires
  * rust/cargo >= 1.35
  * rust-cbindgen >= 0.9.0
  * mozilla-nss >= 3.45
- rebased patches
  * mozilla-bmo1504834-part1.patch (currently unused as it breaks LE)
  * mozilla-bmo1504834-part2.patch (currently unused as it breaks LE)
  * mozilla-bmo1504834-part3.patch (currently unused as it breaks LE)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=765
2019-09-09 06:28:12 +00:00
Wolfgang Rosenauer
a552e67ce1 - Mozilla Firefox 68.1.0
MFSA 2019-26
  * CVE-2019-11751 (bmo#1572838; Windows only)
    Malicious code execution through command line parameters
  * CVE-2019-11746 (bmo#1564449)
    Use-after-free while manipulating video
  * CVE-2019-11744 (bmo#1562033)
    XSS by breaking out of title and textarea elements using innerHTML
  * CVE-2019-11742 (bmo#1559715)
    Same-origin policy violation with SVG filters and canvas to steal
    cross-origin images
  * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
    File manipulation and privilege escalation in Mozilla Maintenance Service
  * CVE-2019-11753 (bmo#1574980; Windows only)
    Privilege escalation with Mozilla Maintenance Service in custom
    Firefox installation location
  * CVE-2019-11752 (bmo#1501152)
    Use-after-free while extracting a key value in IndexedDB
  * CVE-2019-9812 (bmo#1538008, bmo#1538015)
    Sandbox escape through Firefox Sync
  * CVE-2019-11743 (bmo#1560495)
    Cross-origin access to unload event attributes
  * CVE-2019-11748 (bmo#1564588)
    Persistence of WebRTC permissions in a third party context
  * CVE-2019-11749 (bmo#1565374)
    Camera information available without prompting using getUserMedia
  * CVE-2019-11750 (bmo#1568397)
    Type confusion in Spidermonkey
  * CVE-2019-11738 (bmo#1452037)
    Content security policy bypass through hash-based sources in directives

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=760
2019-09-04 08:35:37 +00:00
Wolfgang Rosenauer
91c849f4d1 Accepting request 724472 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 68.0.2 MFSA 2019-24 (boo#1145665) CVE-2019-11733

OBS-URL: https://build.opensuse.org/request/show/724472
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=757
2019-08-19 06:30:53 +00:00
Wolfgang Rosenauer
e50c943778 - Mozilla Firefox 68.0.1
* Fixed missing Full Screen button when watching videos in full
    screen mode on HBO GO (bmo#1562837)
  * Fixed a bug causing incorrect messages to appear for some
    locales when sites try to request the use of the Storage
    Access API (bmo#1558503)
  * Users in Russian regions may have their default search engine
    changed (bmo#1565315)
  * Built-in search engines in some locales do not function
    correctly (bmo#1565779)
  * SupportMenu policy doesn't always work (bmo#1553290)
  * Allow the privacy.file_unique_origin pref to be controlled by
    policy (bmo#1563759)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=753
2019-07-19 14:43:08 +00:00
Wolfgang Rosenauer
c4b62217a3 - Mozilla Firefox 68.0
* Dark mode in reader view
  * Improved extension security and discovery
  * Cryptomining and fingerprinting protections are added to strict
    content blocking settings in Privacy & Security preferences
  * Camera and microphone access now require an HTTPS connection
  MFSA 2019-21 (bsc#1140868)
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
    Sandbox escape via installation of malicious languagepack
  * CVE-2019-11711 (bmo#1552541)
    Script injection within domain through inner window reuse
  * CVE-2019-11712 (bmo#1543804)
    Cross-origin POST requests can be made with NPAPI plugins by
    following 308 redirects
  * CVE-2019-11713 (bmo#1528481)
    Use-after-free with HTTP/2 cached stream
  * CVE-2019-11714 (bmo#1542593)
    NeckoChild can trigger crash when accessed off of main thread
  * CVE-2019-11729 (bmo#1515342)
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
  * CVE-2019-11715 (bmo#1555523)
    HTML parsing error can contribute to content XSS
  * CVE-2019-11716 (bmo#1552632)
    globalThis not enumerable until accessed
  * CVE-2019-11717 (bmo#1548306)
    Caret character improperly escaped in origins
  * CVE-2019-11718 (bmo#1408349)
    Activity Stream writes unsanitized content to innerHTML
  * CVE-2019-11719 (bmo#1540541)
    Out-of-bounds read when importing curve25519 private key

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=748
2019-07-09 21:21:11 +00:00