1
0
Commit Graph

746 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
151a4b1f05 - Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
- (re-)enable LTO on Tumbleweed
  sandbox containment, to be able to open /proc/sys/crypto/fips_enabled
- Add patch to fix build on aarch64 (bmo#1729124)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=941
2021-10-27 15:33:17 +00:00
Wolfgang Rosenauer
ae15405da4 Accepting request 927437 from home:iznogood:branches:mozilla:Factory
- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires.

OBS-URL: https://build.opensuse.org/request/show/927437
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=940
2021-10-27 15:31:55 +00:00
Wolfgang Rosenauer
7f5ab49250 Accepting request 927257 from home:marxin:branches:mozilla:Factory
- Enable LTO for openSUSE Tumbleweed.

OBS-URL: https://build.opensuse.org/request/show/927257
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=939
2021-10-27 15:31:17 +00:00
Wolfgang Rosenauer
07e2068a94 Accepting request 926488 from home:MSirringhaus:branches:mozilla:Factory
- Rebase mozilla-sandbox-fips.patch to punch another hole in the
  sandbox containment, to be able to open /proc/sys/crypto/fips_enabled 
  from within the newly introduced socket process sandbox.
  This fixes bsc#1191815 and bsc#1190141

OBS-URL: https://build.opensuse.org/request/show/926488
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=938
2021-10-21 06:51:24 +00:00
Wolfgang Rosenauer
d9fccc7f41 Accepting request 926012 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Add patch to fix build on aarch64 - bmo#1729124 
  * mozilla-bmo1729124.patch

OBS-URL: https://build.opensuse.org/request/show/926012
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=937
2021-10-18 14:39:26 +00:00
Wolfgang Rosenauer
317e7b9c84 - Mozilla Firefox 93.0
* supports the new AVIF image format
  * PDF viewer now supports filling more forms (XFA-based forms)
  * now blocks downloads that rely on insecure connections,
    protecting against potentially malicious or unsafe downloads
  * Improved web compatibility for privacy protections with SmartBlock 3.0
  * Introducing a new referrer tracking protection in Strict Tracking
    Protection and Private Browsing
  * TLS ciphersuites that use 3DES have been disabled. Such
    ciphersuites can only be enabled when deprecated versions of
    TLS are also enabled
  * The download panel now follows the Firefox visual styles
  MFSA 2021-43 (bsc#1191332)
  * CVE-2021-38496 (bmo#1725335)
    Use-after-free in MessageTask
  * CVE-2021-38497 (bmo#1726621)
    Validation message could have been overlaid on another origin
  * CVE-2021-38498 (bmo#1729642)
    Use-after-free of nsLanguageAtomService object
  * CVE-2021-32810 (bmo#1729813)
    https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
    Data race in crossbeam-deque
  * CVE-2021-38500 (bmo#1725854, bmo#1728321)
    Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
  * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
    Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
  * CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
    Memory safety bugs fixed in Firefox 93
- removed obsolete mozilla-bmo1708709.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=936
2021-10-06 07:02:07 +00:00
Wolfgang Rosenauer
d7bcd62a7b Accepting request 921886 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 92.0.1
  * Fixed: Fixes an issue where audio playback was not working on
    some Linux systems (bmo#1730499)
  * Fixed: Fixes issues with the findbar close button on
    different operating systems (bmo#1728368)

OBS-URL: https://build.opensuse.org/request/show/921886
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=935
2021-09-27 20:21:10 +00:00
Wolfgang Rosenauer
655acc0f45 - Mozilla Firefox 92.0
* More secure connections: Firefox can now automatically upgrade to
    HTTPS using HTTPS RR as Alt-Svc headers
  * Full-range color levels are now supported for video playback on
    many systems
  MFSA 2021-38 (bsc#1190269)
  * CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240,
    bmo#1712242, bmo#1729259)
    Handling custom intents could lead to crashes and UI spoofs
  * CVE-2021-38491 (bmo#1551886)
    Mixed-Content-Blocking was unable to check opaque origins
  * CVE-2021-38492 (bmo#1721107)
    Navigating to `mk:` URL scheme could load Internet Explorer
  * CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107)
    Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and
    Firefox ESR 91.1
  * CVE-2021-38494 (bmo#1723920, bmo#1725638)
    Memory safety bugs fixed in Firefox 92
- updated appdata
- remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
  (does not apply anymore; unclear if obsolete)
- bring back mozilla-silence-no-return-type.patch and
  run post-build-checks everywhere again
- requires NSS 3.69.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=934
2021-09-07 19:29:05 +00:00
Wolfgang Rosenauer
5dfb50213d Accepting request 915209 from home:badshah400:branches:mozilla:Factory
Fixes a nasty bug, introduced in firefox version 91.x, on wayland systems with font-scaling greater than 1 that causes pop-up menus (clicking on bookmark icon in address bar, for example) to incessantly flicker. Patch taken from upstream bug report and rebased to apply cleanly against current version. Tested to work on GNOME on Wayland on TW 20210829.

OBS-URL: https://build.opensuse.org/request/show/915209
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=933
2021-09-02 06:57:55 +00:00
Wolfgang Rosenauer
7ec3a08d55 - Bump using with GCC (tested locally).
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=932
2021-08-29 14:46:22 +00:00
Wolfgang Rosenauer
13628da26b Accepting request 913358 from home:marxin:branches:mozilla:Factory
- Bump using with GCC (tested locally).

OBS-URL: https://build.opensuse.org/request/show/913358
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=931
2021-08-29 14:45:03 +00:00
Wolfgang Rosenauer
b349085c8c Accepting request 914701 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 91.0.2

OBS-URL: https://build.opensuse.org/request/show/914701
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=930
2021-08-28 14:28:05 +00:00
Wolfgang Rosenauer
08f2bc94ea * Fixed an issue causing buttons on the tab bar to be resized when
loading certain websites (bmo#1704404)
  * Fixed an issue which caused tabs from private windows to be
    visible in non-private windows when viewing switch-to-tab results
    in the address bar panel (bmo#1720369)
  * Various stability fixes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=929
2021-08-18 06:44:45 +00:00
Wolfgang Rosenauer
d4f253eebc - Mozilla Firefox 91.0.1
MFSA 2021-37 (bsc#1189547)
  * CVE-2021-29991 (bmo#1724896)
    Header Splitting possible with HTTP/3 Responses

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=928
2021-08-18 06:41:08 +00:00
Wolfgang Rosenauer
efa14df02c MFSA 2021-33 (bsc#1188891)
* CVE-2021-29986 (bmo#1696138)
    Race condition when resolving DNS names could have led to
    memory corruption
  * CVE-2021-29981 (bmo#1707774)
    Live range splitting could have led to conflicting
    assignments in the JIT
  * CVE-2021-29988 (bmo#1717922)
    Memory corruption as a result of incorrect style treatment
  * CVE-2021-29983 (bmo#1719088)
    Firefox for Android could get stuck in fullscreen mode
  * CVE-2021-29984 (bmo#1720031)
    Incorrect instruction reordering during JIT optimization
  * CVE-2021-29980 (bmo#1722204)
    Uninitialized memory in a canvas object could have led to
    memory corruption
  * CVE-2021-29987 (bmo#1716129)
    Users could have been tricked into accepting unwanted
    permissions on Linux
  * CVE-2021-29985 (bmo#1722083)
    Use-after-free media channels
  * CVE-2021-29982 (bmo#1715318)
    Single bit data leak due to incorrect JIT optimization and
    type confusion
  * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
    bmo#1719998, bmo#1720568)
    Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
  * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778,
    bmo#1719319, bmo#1722073)
    Memory safety bugs fixed in Firefox 91

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=927
2021-08-13 21:34:50 +00:00
Wolfgang Rosenauer
4da575923b - Mozilla Firefox 91.0
MFSA 2021-?? (boo#1188891)
- requires
  * rustc/cargo >= 1.51
  * NSPR >= 4.32
  * NSS >= 3.68
- force-disable webrender on BE platforms

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=926
2021-08-11 20:19:19 +00:00
Wolfgang Rosenauer
788b177a3e Accepting request 908072 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 90.0.2

OBS-URL: https://build.opensuse.org/request/show/908072
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=925
2021-07-24 09:18:43 +00:00
Wolfgang Rosenauer
e3d947378c OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=924 2021-07-19 22:17:11 +00:00
Wolfgang Rosenauer
8b6bd667de Accepting request 907190 from home:AndreasStieger:branches:mozilla:Factory
90.0.1

OBS-URL: https://build.opensuse.org/request/show/907190
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=923
2021-07-19 21:56:47 +00:00
Wolfgang Rosenauer
1ef79265b6 - Mozilla Firefox 90.0
MFSA 2021-28 (bsc#1188275)
  * CVE-2021-29970 (bmo#1709976)
    Use-after-free in accessibility features of a document
  * CVE-2021-29971 (bmo#1713638)
    Granted permissions only compared host; omitting scheme and
    port on Android
  * CVE-2021-30547 (bmo#1715766)
    Out of bounds write in ANGLE
  * CVE-2021-29972 (bmo#1696816)
    Use of out-of-date library included use-after-free
    vulnerability
  * CVE-2021-29973 (bmo#1701932)
    Password autofill on HTTP websites was enabled without user
    interaction on Android
  * CVE-2021-29974 (bmo#1704843)
    HSTS errors could be overridden when network partitioning was
    enabled
  * CVE-2021-29975 (bmo#1713259)
    Text message could be overlaid on top of another website
  * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
    bmo#1711576, bmo#1714391)
    Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
  * CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316,
    bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357,
    bmo#1714066)
    Memory safety bugs fixed in Firefox 90
- requires
  NSPR 4.31
  NSS 3.66

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=922
2021-07-15 21:12:05 +00:00
Wolfgang Rosenauer
e05ce7eaa9 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=921 2021-06-23 19:59:17 +00:00
Wolfgang Rosenauer
51a90989f8 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=920 2021-06-23 19:58:06 +00:00
Wolfgang Rosenauer
ab800db342 Accepting request 901577 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 89.0.1 (boo#1187648):
  * Fixed: Fix occasional hangs with Software WebRender on Linux
    (bmo#1708224)

OBS-URL: https://build.opensuse.org/request/show/901577
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=919
2021-06-23 19:56:32 +00:00
Wolfgang Rosenauer
537d85fe11 Accepting request 900942 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 89.0.1

OBS-URL: https://build.opensuse.org/request/show/900942
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=918
2021-06-19 15:20:27 +00:00
Wolfgang Rosenauer
006265e486 - switched TW/x86_64 to clang as the last platform due to
https://bugs.gentoo.org/792705
- but LTO with clang is broken in TW so disable LTO for it
  https://bugs.llvm.org/show_bug.cgi?id=47872

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=916
2021-06-05 11:13:48 +00:00
Wolfgang Rosenauer
7b9642bf40 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=915 2021-06-05 07:34:47 +00:00
Wolfgang Rosenauer
cc06761f2f OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=914 2021-06-05 07:08:44 +00:00
Wolfgang Rosenauer
b1df184d28 * UI redesign
* The Event Timing API is now supported
  * The CSS forced-colors media query is now supported
  MFSA 2021-23 (bsc#1186696)
  * CVE-2021-29965 (bmo#1709257)
    Password Manager on Firefox for Android susceptible to domain
    spoofing
  * CVE-2021-29960 (bmo#1675965)
    Filenames printed from private browsing mode incorrectly
    retained in preferences
  * CVE-2021-29961 (bmo#1700235)
    Firefox UI spoof using `<select>` elements and CSS scaling
  * CVE-2021-29963 (bmo#1705068)
    Shared cookies for search suggestions in private browsing mode
  * CVE-2021-29964 (bmo#1706501)
    Out of bounds-read when parsing a `WM_COPYDATA` message
  * CVE-2021-29959 (bmo#1395819)
    Devices could be re-enabled without additional permission prompt
  * CVE-2021-29962 (bmo#1701673)
    No rate-limiting for popups on Firefox for Android
  * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
    bmo#1704722, bmo#1706041)
    Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
  * CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124)
    Memory safety bugs fixed in Firefox 89

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=913
2021-06-01 13:45:38 +00:00
Wolfgang Rosenauer
f3c1fa05f9 - Mozilla Firefox 89.0
- require
  NSS >= 3.64
  rust-cbindgen >= 0.19.0
- do not rely on nodejs10 packagename anymore

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=912
2021-06-01 13:39:35 +00:00
Wolfgang Rosenauer
eb1266408f Accepting request 891041 from home:Guillaume_G:branches:openSUSE:Factory:ARM
- Relax RAM and disk constraints for aarch64

OBS-URL: https://build.opensuse.org/request/show/891041
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=910
2021-05-11 14:17:04 +00:00
Wolfgang Rosenauer
39e811e051 Accepting request 890804 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 88.0.1
bsc#1185633
boo#1185658

OBS-URL: https://build.opensuse.org/request/show/890804
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=908
2021-05-05 21:12:50 +00:00
Wolfgang Rosenauer
3870f9c6b6 - add compatibility for libavcodec58_134
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=906
2021-05-02 19:03:42 +00:00
Wolfgang Rosenauer
9b2c9b32ce - Mozilla Firefox 88.0
* New: PDF forms now support JavaScript embedded in PDF files.
    Some PDF forms use JavaScript for validation and other
    interactive features
  * New: Print updates: Margin units are now localized
  * New: Smooth pinch-zooming using a touchpad is now supported
    on Linux
  * New: To protect against cross-site privacy leaks, Firefox now
    isolates window.name data to the website that created it.
    Learn more
  * Changed: Firefox will not prompt for access to your
    microphone or camera if you’ve already granted access to the
    same device on the same site in the same tab within the past
    50 seconds. This new grace period reduces the number of times
    you’re prompted to grant device access
  * Changed: The ‘Take a Screenshot’ feature was removed from the
    Page Actions menu in the url bar. To take a screenshot,
    right-click to open the context menu. You can also add a
    screenshots shortcut directly to your toolbar via the
    Customize menu. Open the Firefox menu and select Customize…
  * Changed: FTP support has been disabled, and its full removal
    is planned for an upcoming release. Addressing this security
    risk reduces the likelihood of an attack while also removing
    support for a non-encrypted protocol
  * Developer: Introduced a new toggle button in the Network
    panel for switching between JSON formatted HTTP response and
    raw data (as received over the wire).
    !enter image description here
  * Enterprise: Various bug fixes and new policies have been
    implemented in the latest version of Firefox. You can see

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=904
2021-04-20 07:57:25 +00:00
Wolfgang Rosenauer
106ed5cb05 - Switch to clang_build globally; just on TW/x86_64 it does not work
due to unreolved externals `__rust_probestack' - disable clang_build
  then.
- useccache: Add conditionals to enable/disable ccache.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=902
2021-03-27 14:02:10 +00:00
Wolfgang Rosenauer
d51fd4059a - Mozilla Firefox 87.0
* requires NSS 3.62
  * removed obsolete BigEndian ICU build workaround
  * rebased patches
  MFSA 2021-10 (bsc#1183942)
  * CVE-2021-23981 (bmo#1692832)
    Texture upload into an unbound backing buffer resulted in an
    out-of-bound read
  * CVE-2021-23982 (bmo#1677046)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2021-23983 (bmo#1692684)
    Transitions for invalid ::marker properties resulted in memory
    corruption
  * CVE-2021-23984 (bmo#1693664)
    Malicious extensions could have spoofed popup information
  * CVE-2021-23985 (bmo#1659129)
    Devtools remote debugging feature could have been enabled
    without indication to the user
  * CVE-2021-23986 (bmo#1692623)
    A malicious extension could have performed credential-less
    same origin policy violations
  * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
    bmo#1690718)
    Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
  * CVE-2021-23988 (bmo#1684994, bmo#1686653)
    Memory safety bugs fixed in Firefox 87

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=901
2021-03-25 21:32:32 +00:00
Wolfgang Rosenauer
598016be52 Accepting request 879494 from home:marxin:branches:mozilla:Factory
- Set memory limits for DWZ to 4x.

OBS-URL: https://build.opensuse.org/request/show/879494
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=900
2021-03-17 08:41:08 +00:00
Wolfgang Rosenauer
c538f7d283 Accepting request 878726 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 86.0.1

OBS-URL: https://build.opensuse.org/request/show/878726
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=898
2021-03-13 09:26:25 +00:00
Wolfgang Rosenauer
b4482da8fa OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=896 2021-02-24 12:21:26 +00:00
Wolfgang Rosenauer
e8a1c7a40b - Mozilla Firefox 86.0
* requires NSS >= 3.61
  * requires rust-cbindgen >= 0.16.0
  * Firefox now supports simultaneously watching multiple videos in
    Picture-in-Picture.
  * Total Cookie Protection to Strict Mode
  * https://www.mozilla.org/en-US/firefox/86.0/releasenotes
  MSFA 2021-07 (bsc#1182614)
  * CVE-2021-23969 (bmo#1542194)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23970 (bmo#1681724)
    Multithreaded WASM triggered assertions validating separation
    of script domains
  * CVE-2021-23968 (bmo#1687342)
    Content Security Policy violation report could have contained
    the destination of a redirect
  * CVE-2021-23974 (bmo#1528997, bmo#1683627)
    noscript elements could have led to an HTML Sanitizer bypass
  * CVE-2021-23971 (bmo#1678545)
    A website's Referrer-Policy could have been be overridden,
    potentially resulting in the full URL being sent as a Referrer
  * CVE-2021-23976 (bmo#1684627)
    Local spoofing of web manifests for arbitrary pages in
    Firefox for Android
  * CVE-2021-23977 (bmo#1684761)
    Malicious application could read sensitive data from Firefox
    for Android's application directories
  * CVE-2021-23972 (bmo#1683536)
    HTTP Auth phishing warning was omitted when a redirect is

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=895
2021-02-24 11:49:39 +00:00
Wolfgang Rosenauer
326240ab1d Accepting request 873214 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 85.0.2

OBS-URL: https://build.opensuse.org/request/show/873214
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=893
2021-02-17 21:15:35 +00:00
Wolfgang Rosenauer
2d0a314ecf Accepting request 873173 from home:michel_mno:branches:mozilla:Factory
- Use %limit_build macros for PowerPC to avoid oom build failure

OBS-URL: https://build.opensuse.org/request/show/873173
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=892
2021-02-17 21:14:36 +00:00
Wolfgang Rosenauer
1744f2efc7 Accepting request 870516 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 85.0.1

OBS-URL: https://build.opensuse.org/request/show/870516
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=890
2021-02-09 12:40:21 +00:00
Wolfgang Rosenauer
ee9c609811 - Mozilla Firefox 85.0
* Adobe Flash is completely history
  * supercookie protection
  * new bookmark handling and features
  MFSA 2021-03 (bsc#1181414)
  * CVE-2021-23953 (bmo#1683940)
    Cross-origin information leakage via redirected PDF requests
  * CVE-2021-23954 (bmo#1684020)
    Type confusion when using logical assignment operators in
    JavaScript switch statements
  * CVE-2021-23955 (bmo#1684837)
    Clickjacking across tabs through misusing requestPointerLock
  * CVE-2021-23956 (bmo#1338637)
    File picker dialog could have been used to disclose a
    complete directory
  * CVE-2021-23957 (bmo#1584582)
    Iframe sandbox could have been bypassed on Android via the
    intent URL scheme
  * CVE-2021-23958 (bmo#1642747)
    Screen sharing permission leaked across tabs
  * CVE-2021-23959 (bmo#1659035)
    Cross-Site Scripting in error pages on Firefox for Android
  * CVE-2021-23960 (bmo#1675755)
    Use-after-poison for incorrectly redeclared JavaScript
    variables during GC
  * CVE-2021-23961 (bmo#1677940)
    More internal network hosts could have been probed by a
    malicious webpage
  * CVE-2021-23962 (bmo#1677194)
    Use-after-poison in

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=888
2021-01-26 21:38:39 +00:00
Wolfgang Rosenauer
3269619cc2 Accepting request 862420 from home:Mailaender:branches:mozilla:Factory
Fixed the screenshot links.

OBS-URL: https://build.opensuse.org/request/show/862420
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=886
2021-01-11 18:42:03 +00:00
Wolfgang Rosenauer
fbf027988a Accepting request 861463 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 84.0.2
  MFSA 2021-01 (bsc#1180623)
  * CVE-2020-16044 (bmo#1683964)
    Use-after-free write when handling a malicious COOKIE-ECHO
    SCTP chunk

OBS-URL: https://build.opensuse.org/request/show/861463
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=884
2021-01-07 20:33:44 +00:00
Wolfgang Rosenauer
17c9d3e87b - Mozilla Firefox 84.0.1
* Fixed problems loading secure websites and crashes for users
    with certain third-party PKCS11 modules and smartcards installed
    (bmo#1682881) (fixed in NSS 3.59.1)
  * Fixed a bug causing some Unity JS games to not load on Apple
    Silicon devices due to improper detection of the OS version
    (bmo#1680516)
- requires NSS 3.59.1

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=882
2021-01-02 09:24:42 +00:00
Wolfgang Rosenauer
70fb53e62e - Mozilla Firefox 84.0
* Firefox 84 is the final release to support Adobe Flash
  * WebRender is enabled by default when run on GNOME-based X11
    Linux desktops
  MFSA 2020-54 (bsc#1180039))
  * CVE-2020-16042 (bmo#1679003)
    Operations on a BigInt could have caused uninitialized memory
    to be exposed
  * CVE-2020-26971 (bmo#1663466)
    Heap buffer overflow in WebGL
  * CVE-2020-26972 (bmo#1671382)
    Use-After-Free in WebGL
  * CVE-2020-26973 (bmo#1680084)
    CSS Sanitizer performed incorrect sanitization
  * CVE-2020-26974 (bmo#1681022)
    Incorrect cast of StyleGenericFlexBasis resulted in a heap
    use-after-free
  * CVE-2020-26975 (bmo#1661071)
    Malicious applications on Android could have induced Firefox
    for Android into sending arbitrary attacker-specified headers
  * CVE-2020-26976 (bmo#1674343)
    HTTPS pages could have been intercepted by a registered
    service worker when they should not have been
  * CVE-2020-26977 (bmo#1676311)
    URL spoofing via unresponsive port in Firefox for Android
  * CVE-2020-26978 (bmo#1677047)
    Internal network hosts could have been probed by a malicious
    webpage
  * CVE-2020-26979 (bmo#1641287, bmo#1673299)
    When entering an address in the address or search bars, a

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=880
2020-12-16 22:40:17 +00:00
Wolfgang Rosenauer
1a48836fb2 Accepting request 854531 from home:marxin:branches:mozilla:Factory
- PGO is still broken as can be seen here:
  https://bugzilla.mozilla.org/show_bug.cgi?id=1680306

OBS-URL: https://build.opensuse.org/request/show/854531
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=879
2020-12-10 12:07:53 +00:00
Wolfgang Rosenauer
ae9afbb746 Accepting request 853750 from home:marxin:branches:mozilla:Factory
- Add fix-gcc-pgo.patch and enable PGO again.

OBS-URL: https://build.opensuse.org/request/show/853750
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=878
2020-12-08 10:41:13 +00:00
Wolfgang Rosenauer
850afd3a6f Accepting request 852867 from home:marxin:branches:mozilla:Factory
- Enable again LTO as gcc10 package is fixed.

Fixed gcc10 is in devel project and is approaching openSUSE:Factory
in a staging project.

OBS-URL: https://build.opensuse.org/request/show/852867
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=877
2020-12-03 17:48:21 +00:00