1
0
Commit Graph

581 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
c538f7d283 Accepting request 878726 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 86.0.1

OBS-URL: https://build.opensuse.org/request/show/878726
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=898
2021-03-13 09:26:25 +00:00
Wolfgang Rosenauer
e8a1c7a40b - Mozilla Firefox 86.0
* requires NSS >= 3.61
  * requires rust-cbindgen >= 0.16.0
  * Firefox now supports simultaneously watching multiple videos in
    Picture-in-Picture.
  * Total Cookie Protection to Strict Mode
  * https://www.mozilla.org/en-US/firefox/86.0/releasenotes
  MSFA 2021-07 (bsc#1182614)
  * CVE-2021-23969 (bmo#1542194)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23970 (bmo#1681724)
    Multithreaded WASM triggered assertions validating separation
    of script domains
  * CVE-2021-23968 (bmo#1687342)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23974 (bmo#1528997, bmo#1683627)
    noscript elements could have led to an HTML Sanitizer bypass
  * CVE-2021-23971 (bmo#1678545)
    A website's Referrer-Policy could have been be overridden,
    potentially resulting in the full URL being sent as a Referrer
  * CVE-2021-23976 (bmo#1684627)
    Local spoofing of web manifests for arbitrary pages in
    Firefox for Android
  * CVE-2021-23977 (bmo#1684761)
    Malicious application could read sensitive data from Firefox
    for Android's application directories
  * CVE-2021-23972 (bmo#1683536)
    HTTP Auth phishing warning was omitted when a redirect is

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=895
2021-02-24 11:49:39 +00:00
Wolfgang Rosenauer
326240ab1d Accepting request 873214 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 85.0.2

OBS-URL: https://build.opensuse.org/request/show/873214
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=893
2021-02-17 21:15:35 +00:00
Wolfgang Rosenauer
2d0a314ecf Accepting request 873173 from home:michel_mno:branches:mozilla:Factory
- Use %limit_build macros for PowerPC to avoid oom build failure

OBS-URL: https://build.opensuse.org/request/show/873173
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=892
2021-02-17 21:14:36 +00:00
Wolfgang Rosenauer
1744f2efc7 Accepting request 870516 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 85.0.1

OBS-URL: https://build.opensuse.org/request/show/870516
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=890
2021-02-09 12:40:21 +00:00
Wolfgang Rosenauer
ee9c609811 - Mozilla Firefox 85.0
* Adobe Flash is completely history
  * supercookie protection
  * new bookmark handling and features
  MFSA 2021-03 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2021-23955 (bmo#1684837)
    Clickjacking across tabs through misusing requestPointerLock
  * CVE-2021-23956 (bmo#1338637)
    File picker dialog could have been used to disclose a
    complete directory
  * CVE-2021-23957 (bmo#1584582)
    Iframe sandbox could have been bypassed on Android via the
    intent URL scheme
  * CVE-2021-23958 (bmo#1642747)
    Screen sharing permission leaked across tabs
  * CVE-2021-23959 (bmo#1659035)
    Cross-Site Scripting in error pages on Firefox for Android
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23962 (bmo#1677194)
    Use-after-poison in

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=888
2021-01-26 21:38:39 +00:00
Wolfgang Rosenauer
3269619cc2 Accepting request 862420 from home:Mailaender:branches:mozilla:Factory
Fixed the screenshot links.

OBS-URL: https://build.opensuse.org/request/show/862420
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=886
2021-01-11 18:42:03 +00:00
Wolfgang Rosenauer
fbf027988a Accepting request 861463 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 84.0.2
  MFSA 2021-01 (bsc#1180623)
  * CVE-2020-16044 (bmo#1683964)
    Use-after-free write when handling a malicious COOKIE-ECHO
    SCTP chunk

OBS-URL: https://build.opensuse.org/request/show/861463
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=884
2021-01-07 20:33:44 +00:00
Wolfgang Rosenauer
17c9d3e87b - Mozilla Firefox 84.0.1
* Fixed problems loading secure websites and crashes for users
    with certain third-party PKCS11 modules and smartcards installed
    (bmo#1682881) (fixed in NSS 3.59.1)
  * Fixed a bug causing some Unity JS games to not load on Apple
    Silicon devices due to improper detection of the OS version
    (bmo#1680516)
- requires NSS 3.59.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=882
2021-01-02 09:24:42 +00:00
Wolfgang Rosenauer
70fb53e62e - Mozilla Firefox 84.0
* Firefox 84 is the final release to support Adobe Flash
  * WebRender is enabled by default when run on GNOME-based X11
    Linux desktops
  MFSA 2020-54 (bsc#1180039))
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26972 (bmo#1671382)
    Use-After-Free in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26975 (bmo#1661071)
    Malicious applications on Android could have induced Firefox
    for Android into sending arbitrary attacker-specified headers
  * CVE-2020-26976 (bmo#1674343)
    HTTPS pages could have been intercepted by a registered
    service worker when they should not have been
  * CVE-2020-26977 (bmo#1676311)
    URL spoofing via unresponsive port in Firefox for Android
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-26979 (bmo#1641287, bmo#1673299)
    When entering an address in the address or search bars, a

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 22:40:17 +00:00
Wolfgang Rosenauer
1a48836fb2 Accepting request 854531 from home:marxin:branches:mozilla:Factory
- PGO is still broken as can be seen here:
  https://bugzilla.mozilla.org/show_bug.cgi?id=1680306

OBS-URL: https://build.opensuse.org/request/show/854531
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=879
2020-12-10 12:07:53 +00:00
Wolfgang Rosenauer
ae9afbb746 Accepting request 853750 from home:marxin:branches:mozilla:Factory
- Add fix-gcc-pgo.patch and enable PGO again.

OBS-URL: https://build.opensuse.org/request/show/853750
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=878
2020-12-08 10:41:13 +00:00
Wolfgang Rosenauer
850afd3a6f Accepting request 852867 from home:marxin:branches:mozilla:Factory
- Enable again LTO as gcc10 package is fixed.

Fixed gcc10 is in devel project and is approaching openSUSE:Factory
in a staging project.

OBS-URL: https://build.opensuse.org/request/show/852867
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=877
2020-12-03 17:48:21 +00:00
Wolfgang Rosenauer
c7f8f5880d - Add/Enable GNOME search provider
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=875
2020-11-21 08:13:23 +00:00
Wolfgang Rosenauer
200347945f Accepting request 845404 from home:kkirill:branches:mozilla:Factory
Enable GNOME Shell search provider akin to Fedora by
- providing firefox-search-provider.ini file for GNOME Shell search provider (copy from Fedora)
- setting the browser.gnome-search-provider.enabled to true

OBS-URL: https://build.opensuse.org/request/show/845404
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=874
2020-11-21 08:10:39 +00:00
Wolfgang Rosenauer
74592d9c27 - disable LTO on TW because of ICEs in gcc
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=873
2020-11-20 06:19:02 +00:00
Wolfgang Rosenauer
75f3df970c - switch to build with clang (as gcc produces only ICEs on TW)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=872
2020-11-19 22:03:00 +00:00
Wolfgang Rosenauer
695b9a520a - Mozilla Firefox 83.0
* major update for SpiderMonkey improving performance significantly
  * optional HTTPS-Only mode
  * more improvements
    https://www.mozilla.org/en-US/firefox/83.0/releasenotes/
  MFSA 2020-50 (bsc#1178824))
  * CVE-2020-26951 (bmo#1667113)
    Parsing mismatches could confuse and bypass security
    sanitizer for chrome privileged code
  * CVE-2020-26952 (bmo#1667685)
    Out of memory handling of JITed, inlined functions could lead
    to a memory corruption
  * CVE-2020-16012 (bmo#1642028)
    Variable time processing of cross-origin images during
    drawImage calls
  * CVE-2020-26953 (bmo#1656741)
    Fullscreen could be enabled without displaying the security UI
  * CVE-2020-26954 (bmo#1657026)
    Local spoofing of web manifests for arbitrary pages in
    Firefox for Android
  * CVE-2020-26955 (bmo#1663261)
    Cookies set during file downloads are shared between normal
    and Private Browsing Mode in Firefox for Android
  * CVE-2020-26956 (bmo#1666300)
    XSS through paste (manual and clipboard API)
  * CVE-2020-26957 (bmo#1667179)
    OneCRL was not working in Firefox for Android
  * CVE-2020-26958 (bmo#1669355)
    Requests intercepted through ServiceWorkers lacked MIME type
    restrictions

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=871
2020-11-19 13:09:37 +00:00
Wolfgang Rosenauer
cc6291512a - Mozilla Firefox 82.0.3
MSFA 2020-49
  * CVE-2020-26950 (bmo#1675905)
    Write side effects in MCallGetProperty opcode not accounted for

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=868
2020-11-09 16:14:06 +00:00
Wolfgang Rosenauer
a33735930f - Mozilla Firefox 82.0.2
* few bugfixes for introduced regressions

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=867
2020-11-02 09:07:47 +00:00
Wolfgang Rosenauer
07ba0d6bad MFSA 2020-45 (bsc#1177872)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=865
2020-10-21 20:15:44 +00:00
Wolfgang Rosenauer
9d0a0f0165 * https://www.mozilla.org/en-US/firefox/82.0/releasenotes/
MFSA 2020-45 (bsc#1177872)
  * CVE-2020-15969 (bmo#1666570)
    Use-after-free in usersctp
  * CVE-2020-15254 (bmo#1668514)
    Undefined behavior in bounded channel of crossbeam rust crate
  * CVE-2020-15680 (bmo#1658881)
    Presence of external protocol handlers could be determined
    through image tags
  * CVE-2020-15681 (bmo#1666568)
    Multiple WASM threads may have overwritten each others' stub
    table entries
  * CVE-2020-15682 (bmo#1636654)
    The domain associated with the prompt to open an external
    protocol could be spoofed to display the incorrect origin
  * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954,
    bmo#1662760, bmo#1663439, bmo#1666140)
    Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
  * CVE-2020-15684 (bmo#1653764, bmo#1661402, bmo#1662259,
    bmo#1664257)
    Memory safety bugs fixed in Firefox 82

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=864
2020-10-21 09:43:59 +00:00
Wolfgang Rosenauer
3505fbb031 - Mozilla Firefox 82.0
- requires
  * NSPR 4.29
  * NSS 3.57

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=863
2020-10-19 20:37:04 +00:00
Wolfgang Rosenauer
2032051695 - Mozilla Firefox 81.0.1
* https://www.mozilla.org/en-US/firefox/81.0.1/releasenotes/
- remove obsolete python2 build requires

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=861
2020-10-01 20:03:49 +00:00
Wolfgang Rosenauer
fd799ac59e Accepting request 838827 from home:Guillaume_G:branches:mozilla:Factory
- Increase disk requirements in _constraints to match current needs

OBS-URL: https://build.opensuse.org/request/show/838827
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=860
2020-10-01 09:04:20 +00:00
Wolfgang Rosenauer
0250e894cb - require python3-curses as workaround to fix i586 build
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=859
2020-09-29 10:48:52 +00:00
Wolfgang Rosenauer
5afd51282e - Mozilla Firefox 81.0
* https://www.mozilla.org/en-US/firefox/81.0/releasenotes
  MFSA 2020-42 (bsc#1176756)
  * CVE-2020-15675 (bmo#1654211)
    Use-After-Free in WebGL
  * CVE-2020-15677 (bmo#1641487)
    Download origin spoofing via redirect
  * CVE-2020-15676 (bmo#1646140)
    XSS when pasting attacker-controlled data into a
    contenteditable element
  * CVE-2020-15678 (bmo#1660211)
    When recursing through layers while scrolling, an iterator
    may have become invalid, resulting in a potential use-after-
    free scenario
  * CVE-2020-15673 (bmo#1648493, bmo#1660800)
    Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
  * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293)
    Memory safety bugs fixed in Firefox 81
- requires
  NSPR 4.28
  NSS 3.56
- removed obsolete patches
  * mozilla-system-nspr.patch
  * mozilla-bmo1661715.patch
  * mozilla-silence-no-return-type.patch
- skip post-build-checks for 15.0 and 15.1
- add revert-795c8762b16b.patch to fix LTO builds with gcc
  (related to bmo#1644409)
- Use %limit_build macro again for aarch64 and armv7, instead of

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=858
2020-09-22 14:04:54 +00:00
Wolfgang Rosenauer
49c4b18dfc Accepting request 835187 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Use %limit_build macro again for aarch64 and armv7, instead of 
  the new memoryperjob _constraints to use more workers

OBS-URL: https://build.opensuse.org/request/show/835187
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=857
2020-09-17 12:12:41 +00:00
Wolfgang Rosenauer
9689fbd025 MFSA 2020-36 (bsc#1175686)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=855
2020-08-25 19:21:33 +00:00
Wolfgang Rosenauer
57739184dc - added mozilla-system-nspr.patch (bmo#1661096)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=854
2020-08-25 18:24:16 +00:00
Wolfgang Rosenauer
f9c0480028 - Mozilla Firefox 80.0
MFSA 2020- (bsc#1175686)
  * CVE-2020-15663 (bmo#1643199)
    Downgrade attack on the Mozilla Maintenance Service could
    have resulted in escalation of privilege
  * CVE-2020-15664 (bmo#1658214)
    Attacker-induced prompt for extension installation
  * CVE-2020-12401 (bmo#1631573)
    Timing-attack on ECDSA signature generation
  * CVE-2020-6829 (bmo#1631583)
    P-384 and P-521 vulnerable to an electro-magnetic side
    channel attack on signature generation
  * CVE-2020-12400 (bmo#1623116)
    P-384 and P-521 vulnerable to a side channel attack on
    modular inversion
  * CVE-2020-15665 (bmo#1651636)
    Address bar not reset when choosing to stay on a page after
    the beforeunload dialog is shown
  * CVE-2020-15666 (bmo#1450853)
    MediaError message property leaks cross-origin response
    status
  * CVE-2020-15667 (bmo#1653371)
    Heap overflow when processing an update file
  * CVE-2020-15668 (bmo#1651520)
    Data Race when reading certificate information
  * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
    bmo#1656957)
    Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
- requires
  * NSPR 4.27

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=853
2020-08-25 18:18:25 +00:00
Wolfgang Rosenauer
9f9bb3e928 Accepting request 828191 from home:marxin:branches:mozilla:Factory
- Use new memoryperjob _constraints instead of %limit_build macro.

OBS-URL: https://build.opensuse.org/request/show/828191
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=852
2020-08-20 13:10:52 +00:00
Wolfgang Rosenauer
185b328f4f - use ccache for build
- replace versioned RPM deps with requires_ge
- parallelize locale build

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=851
2020-08-13 22:06:03 +00:00
Wolfgang Rosenauer
50acacf655 Accepting request 824701 from home:guoyunhe:branches:mozilla:Factory2
- Change *.appdata.xml location to latest AppStream standard

OBS-URL: https://build.opensuse.org/request/show/824701
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=850
2020-08-10 09:14:34 +00:00
Wolfgang Rosenauer
8addddfe67 - Mozilla Firefox 79.0
MFSA 2020-30 (bsc#1174538)
  * CVE-2020-15652 (bmo#1634872)
    Potential leak of redirect targets when loading scripts in a worker
  * CVE-2020-6514 (bmo#1642792)
    WebRTC data channel leaks internal address to peer
  * CVE-2020-15655 (bmo#1645204)
    Extension APIs could be used to bypass Same-Origin Policy
  * CVE-2020-15653 (bmo#1521542)
    Bypassing iframe sandbox when allowing popups
  * CVE-2020-6463 (bmo#1635293)
    Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
  * CVE-2020-15656 (bmo#1647293)
    Type confusion for special arguments in IonMonkey
  * CVE-2020-15658 (bmo#1637745)
    Overriding file type when saving to disk
  * CVE-2020-15657 (bmo#1644954)
    DLL hijacking due to incorrect loading path
  * CVE-2020-15654 (bmo#1648333)
    Custom cursor can overlay user interface
  * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
    bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
    bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
    Memory safety bugs fixed in Firefox 79
- updated dependency requirements:
  * mozilla-nspr >= 4.26
  * mozilla-nss >= 3.54
  * rust >= 1.43
  * rust-cbindgen >= 0.14.3
- removed obsolete patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=847
2020-07-29 07:07:58 +00:00
Wolfgang Rosenauer
0c32c99eba - fixed syntax issue in desktop file (boo#1174360)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=845
2020-07-21 21:32:07 +00:00
Wolfgang Rosenauer
31ba8c3028 (patch provided by Atri Bhattacharya <badshah400@gmail.com>
- enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320)
  (Plasma 5.19.3 is now in TW)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=843
2020-07-17 15:09:12 +00:00
Wolfgang Rosenauer
47a7a10c4f Accepting request 821486 from home:badshah400:branches:mozilla:Factory
- Add mozilla-libavcodec58_91.patch to link against updated
  soversion of libavcodec (58.91) with ffmpeg >= 4.3.

OBS-URL: https://build.opensuse.org/request/show/821486
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=842
2020-07-17 15:04:42 +00:00
Wolfgang Rosenauer
63bc80aa5e - Mozilla Firefox 78.0.2
* Fixed an accessibility regression in reader mode (bmo#1650922)
  * Made the address bar more resilient to data corruption in the
    user profile (bmo#1649981)
  * Fixed a regression opening certain external applications (bmo#1650162)
  MFSA 2020-28
  * CVE pending (bmo#1644076)
    X-Frame-Options bypass using object or embed tags
- Google API key is not usable for geolocation service

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=840
2020-07-13 13:15:06 +00:00
Wolfgang Rosenauer
fba870626f - added desktop file actions
- do not use XINPUT2 for the moment until Plasma 5.19.3 has landed
  (boo#1173993)
- rework langpack integration (boo#1173991)
  * ship XPIs instead of directories
  * allow addon sideloading
  * mark signatures for langpacks non-mandatory
  * do not autodisable user profile scopes
* Google API key is not usable for geolocation service

- Mozilla Firefox 78.0.2
  * Fixed an accessibility regression in reader mode (bmo#1650922)
  * Made the address bar more resilient to data corruption in the
    user profile (bmo#1649981)
  * Fixed a regression opening certain external applications (bmo#1650162)
  MFSA 2020-28
  * CVE pending (bmo#1644076)
    X-Frame-Options bypass using object or embed tags

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=839
2020-07-12 17:40:52 +00:00
Wolfgang Rosenauer
b65efa1613 - fix pipewire support for TW (boo#1172903)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=838
2020-07-06 22:08:51 +00:00
Wolfgang Rosenauer
7efaeba3d2 - removed obsolete patches
* mozilla-bmo1634646.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=836
2020-07-03 20:04:08 +00:00
Wolfgang Rosenauer
13e2ddea0f - Mozilla Firefox 78.0.1
* Fixed an issue which could cause installed search engines to not
    be visible when upgrading from a previous release.
- enable MOZ_USE_XINPUT2 for TW (boo#1173320)
  * Protections Dashboard (about:protections)
  * WebRTC not interrupted by screensaver anymore
  * disabled TLS 1.0 and 1.1 by default
  MFSA 2020-24 (bsc#1173576)
  * CVE-2020-12415 (bmo#1586630)
    AppCache manifest poisoning due to url encoded character processing
  * CVE-2020-12416 (bmo#1639734)
    Use-after-free in WebRTC VideoBroadcaster
  * CVE-2020-12417 (bmo#1640737)
    Memory corruption due to missing sign-extension for ValueTags
    on ARM64
  * CVE-2020-12418 (bmo#1641303)
    Information disclosure due to manipulated URL object
  * CVE-2020-12419 (bmo#1643874)
    Use-after-free in nsGlobalWindowInner
  * CVE-2020-12420 (bmo#1643437)
    Use-After-Free when trying to connect to a STUN server
  * CVE-2020-12402 (bmo#1631597)
    RSA Key Generation vulnerable to side-channel attack
  * CVE-2020-12421 (bmo#1308251)
    Add-On updates did not respect the same certificate trust
    rules as software updates
  * CVE-2020-12422 (bmo#1450353)
    Integer overflow in nsJPEGEncoder::emptyOutputBuffer
  * CVE-2020-12423 (bmo#1642400)
    DLL Hijacking due to searching %PATH% for a library

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=835
2020-07-03 06:52:59 +00:00
Wolfgang Rosenauer
d08406e896 - Mozilla Firefox 78.0
* startup notifications now using Gtk instead of libnotify
  * PDF downloads now show an option to open the PDF directly in Firefox
- requires
  * NSS >= 3.53.1
  * nodejs >= 10.21
  * Gtk+3 >= 3.14
- removed obsolete patch
  * mozilla-s390-bigendian.patch
- Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build
  WebRTC with pipewire support to enable screen sharing under
  Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3)
  appropriately (boo#1172903).
- adding SLE12 compatibility in spec file
- add patches for s390x
  * mozilla-bmo1602730.patch (bmo#1602730)
  * mozilla-bmo1626236.patch (bmo#1626236)
  * mozilla-bmo998749.patch (bmo#998749)
  * mozilla-s390x-skia-gradient.patch
- update create-tar.sh
- Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=834
2020-06-30 11:39:58 +00:00
Wolfgang Rosenauer
3d2e40a031 Accepting request 813117 from home:Guillaume_G:branches:mozilla:Factory
- Exclude armv6, since it is unbuildable since about 3 years

OBS-URL: https://build.opensuse.org/request/show/813117
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=833
2020-06-10 07:35:21 +00:00
Wolfgang Rosenauer
d5337670c2 Accepting request 811243 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 77.0.1
  * Disable automatic selection of DNS over HTTPS providers during
    a test to enable wider deployment in a more controlled way
    (bmo#1642723)

OBS-URL: https://build.opensuse.org/request/show/811243
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=831
2020-06-04 06:00:26 +00:00
Wolfgang Rosenauer
5c3bb08acd - Mozilla Firefox 77.0
* view and manage web certificates more easily on the new
    about:certificate page
  * improvements in accessibility
  * significant improvements to JavaScript debugging
  MFSA 2020-20 (bsc#1172402)
  * CVE-2020-12399 (bmo#1631576)
    Timing attack on DSA signatures in NSS library
    (fixed with external NSS >= 3.52.1)
  * CVE-2020-12405 (bmo#1631618)
    Use-after-free in SharedWorkerService
  * CVE-2020-12406 (bmo#1639590)
    JavaScript type confusion with NativeTypes
  * CVE-2020-12407 (bmo#1637112)
    WebRender leaking GPU memory when using border-image CSS
    directive
  * CVE-2020-12408 (bmo#1623888)
    URL spoofing when using IP addresses
  * CVE-2020-12409 (bmo#1619305, bmo#1632717)
    Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
  * CVE-2020-12411 (bmo#1620972, bmo#1625333)
    Memory safety bugs fixed in Firefox 77
- requires
  * NSS >= 3.52.1
  * rust-cbindgen >= 1.14.1
  * clang >= 5
- added mozilla-bmo1634646.patch as part of fixing PGO build
  (still not working)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=830
2020-06-02 14:55:49 +00:00
Wolfgang Rosenauer
15bd5b7707 Accepting request 805351 from home:michel_mno:branches:mozilla:Factory
- change again _constraints for ppc64le use <physicalmemory>
  and increase limit_build in spec file to reduce max_jobs.

OBS-URL: https://build.opensuse.org/request/show/805351
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=828
2020-05-14 06:50:59 +00:00
Wolfgang Rosenauer
d5f3632780 - Mozilla Firefox 76.0.1
* Fixed a bug causing some add-ons such as Amazon Assistant to see
    multiple onConnect events, impairing functionality (bmo#1635637)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=827
2020-05-12 21:40:30 +00:00
Wolfgang Rosenauer
f1f2bf264a - Mozilla Firefox 76.0
* Lockwise improvements
  * Improvements in Picture-in-Picture feature
  * Support Audio Worklets
  MFSA-2020-16 (bsc#1171186)
  * CVE-2020-12387 (bmo#1545345)
    Use-after-free during worker shutdown
  * CVE-2020-12388 (bmo#1618911)
    Sandbox escape with improperly guarded Access Tokens
  * CVE-2020-12389 (bmo#1554110)
    Sandbox escape with improperly separated process types
  * CVE-2020-6831 (bmo#1632241)
    Buffer overflow in SCTP chunk input validation
  * CVE-2020-12390 (bmo#1141959)
    Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
  * CVE-2020-12391 (bmo#1457100)
    Content-Security-Policy bypass using object elements
  * CVE-2020-12392 (bmo#1614468)
    Arbitrary local file access with 'Copy as cURL'
  * CVE-2020-12393 (bmo#1615471)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2020-12394 (bmo#1628288)
    URL spoofing in location bar when unfocussed
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
    Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
  * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
    bmo#1622291, bmo#1627644)
    Memory safety bugs fixed in Firefox 76

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=825
2020-05-05 19:25:39 +00:00