1
0
Commit Graph

746 Commits

Author SHA256 Message Date
Wolfgang Rosenauer
22075779bc MFSA 2019-18 (boo#1138614)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=743
2019-06-18 20:41:18 +00:00
Wolfgang Rosenauer
2a64714492 - Mozilla Firefox 67.0.3
MFSA 2019-18
  * CVE-2019-11707 (bmo#1544386)
    Type confusion in Array.pop

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=742
2019-06-18 18:51:07 +00:00
Wolfgang Rosenauer
55599abb93 - Mozilla Firefox 67.0.2
* Fixed: Fix JavaScript error ("TypeError: data is null in
    PrivacyFilter.jsm") in console which may significantly degrade
    sessionstore reliability and performance (bmo#1553413)
  * Fixed: Proxy authentication dialog box repeatedly pops up
    asking to authenticate after upgrading to Firefox 67 (bmo#1548804)
  * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's
    implementation (bmo#1551282)
  * Fixed: Starting in safe mode on Linux or macOS causes Firefox
    to think on the subsequent launch that the profile is too
    recent to be used with this version of Firefox (bmo#1556612)
  * Fixed: Linux distribution users can't easily install/use
    additional/different languages using the built-in preferences
    UI (bmo#1554744)
  * Fixed: Developer tools users can't copy the href/src content
    from various HTML tags via the context menu in the Inspector
    markup view (bmo#1552275)
  * Fixed: Custom home page is broken with clearing data on shutdown
    settings applied (bmo#1554167)
  * Fixed: Performance-regression for eclipse RAP based applications
    (bmo#1555962)
  * Fixed: macOS 10.15 crash fix (bmo#1556076)
  * Fixed: Can't start two downloads in parallel via <a download>
    anymore (bmo#1542912)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=741
2019-06-12 21:30:01 +00:00
Wolfgang Rosenauer
fc63e9e0d5 - Mozilla Firefox 67.0.1
* enable enhanced tracking protection by default for new users
  * upgrade of Facebook container to version 2.0
  * new version of Firefox Lockwise (password management)
  * new version of Firefox Monitor
  * Firefox Send improvements

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=740
2019-06-09 08:21:04 +00:00
Wolfgang Rosenauer
cbfad89df5 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=738 2019-05-24 10:52:31 +00:00
Wolfgang Rosenauer
553111b006 MFSA 2019-13 (boo#1135824)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=737
2019-05-23 07:51:20 +00:00
Wolfgang Rosenauer
3a4466d1cf - Mozilla Firefox 67.0
* Firefox 67 will be able to run different Firefox installs side by side
    https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
  * Tabs can now be pinned from the Page Actions menu in the address bar
  * Users can block known cryptominers and fingerprinters in the
    Custom settings or their Content Blocking preferences
  * The Import Data from Another Browser feature is now also available
    from the File menu
  * Firefox will now protect you against running older versions which
    can lead to data corruption and stability issues
  * Easier access to your list of saved logins from the main menu and
    login autocomplete
  * We’ve added a toolbar menu for your Firefox Account to provide more
    transparency for when you are synced, sharing data across devices
    and with Firefox. Personalize the appearance of the menu with your
    own avatar
  * Enable FIDO U2F API, and permit registrations for Google Accounts
  * Enabled AV1 support on Linux
  MFSA 2019-13
  * CVE-2019-9815 (bmo#1546544)
    Disable hyperthreading on content JavaScript threads on macOS
  * CVE-2019-9816 (bmo#1536768)
    Type confusion with object groups and UnboxedObjects
  * CVE-2019-9817 (bmo#1540221)
    Stealing of cross-domain images using canvas
  * CVE-2019-9818 (bmo#1542581) (Windows only)
    Use-after-free in crash generation server
  * CVE-2019-9819 (bmo#1532553)
    Compartment mismatch with fetch API
  * CVE-2019-9820 (bmo#1536405)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=736
2019-05-22 20:38:29 +00:00
Wolfgang Rosenauer
c6af23c61b - Mozilla Firefox 66.0.5
* Fixed: Further improvements to re-enable web extensions which
    had been disabled for users with a master password set (bmo#1549249)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=734
2019-05-10 19:46:56 +00:00
Wolfgang Rosenauer
5b3482e861 - Mozilla Firefox 66.0.4 (boo#1134126)
* fix extension certificate chain
    https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=732
2019-05-05 20:35:52 +00:00
Wolfgang Rosenauer
4a05b1c2ea - Mozilla Firefox 66.0.3
* Fixed: Address bar on tablets running Windows 10 now behaves
    correctly (bmo#1498973)
  * Fixed: Performance issues with some HTML5 games (bmo#1537609)
  * Fixed a bug with keypress events in IBM cloud applications
    (bmo#1538970)
  * Fix for keypress events in some Microsoft cloud applications
    (bmo#1539618)
  * Changed: Updated Baidu search plugin

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=730
2019-04-13 15:12:36 +00:00
Wolfgang Rosenauer
77d74ed5ac - Mozilla Firefox 66.0.2
* Fixed Web compatibility issues with Office 365, iCloud and
    IBM WebMail caused by recent changes to the handling of
    keyboard events (bmo#1538966)
  * Crash fixes (bmo#1521370, bmo#1539118)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=728
2019-03-30 12:06:55 +00:00
Wolfgang Rosenauer
94b2d29d06 Accepting request 689279 from home:Guillaume_G:branches:mozilla:Factory
- Add patch to fix aarch64 build:
  * mozilla-fix-aarch64-libopus.patch (bmo#1539737)

OBS-URL: https://build.opensuse.org/request/show/689279
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=727
2019-03-28 10:24:32 +00:00
Wolfgang Rosenauer
ada355e421 MFSA 2019-07 (bsc#1129821)
* CVE-2019-9790 (bmo#1525145)
    Use-after-free when removing in-use DOM elements
  * CVE-2019-9791 (bmo#1530958)
    Type inference is incorrect for constructors entered through on-stack
    replacement with IonMonkey
  * CVE-2019-9792 (bmo#1532599)
    IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
  * CVE-2019-9793 (bmo#1528829)
    Improper bounds checks when Spectre mitigations are disabled
  * CVE-2019-9794 (bmo#1530103) (Windows only)
    Command line arguments not discarded during execution
  * CVE-2019-9795 (bmo#1514682)
    Type-confusion in IonMonkey JIT compiler
  * CVE-2019-9796 (bmo#1531277)
    Use-after-free with SMIL animation controller
  * CVE-2019-9797 (bmo#1528909)
    Cross-origin theft of images with createImageBitmap
  * CVE-2019-9798 (bmo#1527534) (Android only)
    Library is loaded from world writable APITRACE_LIB location
  * CVE-2019-9799 (bmo#1505678)
    Information disclosure via IPC channel messages
  * CVE-2019-9801 (bmo#1527717) (Windows only)
    Windows programs that are not 'URL Handlers' are exposed to web content
  * CVE-2019-9802 (bmo#1415508)
    Chrome process information leak
  * CVE-2019-9803 (bmo#1515863, bmo#1437009)
    Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
  * CVE-2019-9804 (bmo#1518026) (MacOS only)
    Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=726
2019-03-28 10:23:31 +00:00
Wolfgang Rosenauer
7e741ea41d - Mozilla Firefox 66.0.1
MFSA 2019-09 (bsc#1130262)
  * CVE-2019-9810 (bmo#1537924)
    IonMonkey MArraySlice has incorrect alias information
  * CVE-2019-9813 (bmo#1538006)
    Ionmonkey type confusion with __proto__ mutations

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=724
2019-03-23 07:56:11 +00:00
Wolfgang Rosenauer
c35c1573d5 - Mozilla Firefox 66.0
* Increased content processes to 8
  * Added capability to search through open tabs from the tab overflow menu
  * New backend for the storage.local WebExtensions API, providing
    I/O performance improvements when the extension updates a small
    subset of the stored data
  * WebExtension keyboard shortcuts can now be managed or overridden
    from about:addons
  * Improved scrolling behavior: Firefox will now attempt to keep content
    from jumping around while a page is loading by supporting scroll
    anchoring
  * New about:privatebrowsing with search
  * A certificate error page now notifies the user of the name of the
    certificate issuer that breaks HTTPs connections on intercepted
    connections to help troubleshooting possible anti-virus software
    issues.
  * Fixed an performance issue some Linux users experienced with the
    Downloads panel (bmo#1517101)
  * Firefox now blocks all autoplay media with sound by default. Users
    can add individual sites to an exceptions list or turn the blocking
    off.
  * System title bar is hidden by default to match Gnome guideline
  MFSA 2019-07 (bsc#1129821)
  * CVE-2019-9790 (bmo#1525145)
    Use-after-free when removing in-use DOM elements
  * CVE-2019-9791 (bmo#1530958)
    Type inference is incorrect for constructors entered through on-stack
    replacement with IonMonkey
  * CVE-2019-9792 (bmo#1532599)
    IonMonkey leaks JS_OPTIMIZED_OUT magic value to script

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=723
2019-03-19 22:01:55 +00:00
Wolfgang Rosenauer
0d243c2ff1 Accepting request 681668 from home:coolo:branches:mozilla:Factory
- Do not hardcode nodejs8 but leave the prefer to the distribution
  (Tumbleweed staging wants to switch to nodejs10)

OBS-URL: https://build.opensuse.org/request/show/681668
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=721
2019-03-07 08:01:24 +00:00
Wolfgang Rosenauer
0bb19324e6 Accepting request 676547 from home:Guillaume_G:branches:mozilla:Factory
- Update _constraints to avoid 'no space left' error seen on aarch64

OBS-URL: https://build.opensuse.org/request/show/676547
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=719
2019-02-15 14:35:36 +00:00
Wolfgang Rosenauer
6b3ac1f0fc MFSA 2019-04 (bsc#1125330)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=718
2019-02-13 16:39:28 +00:00
Wolfgang Rosenauer
9feea8555d - Mozilla Firefox 65.0.1
* Fixed accidental requests to addons.mozilla.org when an addon
    recommendation doorhanger is shown (bmo#1526387)
  * Improved playback of interactive Netflix videos (bmo#1524500)
  * Fixed incorrect sizing of the "Clear Recent History" window in
    some situations (bmo#1523696)
  * Fixed audio & video delays while making WebRTC calls
    (bmo#1521577, bmo#1523817)
  * Fixed video sizing problems during some WebRTC calls (bmo#1520200)
  * Fixed looping CONNECT requests when using WebSockets over HTTP/2
    from behind a proxy server (bmo#1523427)
  * Fixed the "Enter" key not working on password entry fields for
    certain Linux distributions (bmo#1523635)
  MFSA 2019-04
  * CVE-2018-18356 bmo#1525817
    Use-after-free in Skia
  * CVE-2019-5785 bmo#1525433
    Integer overflow in Skia
  * CVE-2018-18511 bmo#1526218
    Cross-origin theft of images with ImageBitmapRenderingContext
- Enable LTO only for latest new toolchain (boo#1125038) for x86_64
  (with increased memory constraints)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=717
2019-02-13 08:14:35 +00:00
Wolfgang Rosenauer
6164077723 Accepting request 674399 from home:marxin:branches:mozilla:Factory
- Enable LTO only for latest toolchain (boo#1125038).

OBS-URL: https://build.opensuse.org/request/show/674399
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=716
2019-02-13 07:10:01 +00:00
Wolfgang Rosenauer
d43b17a930 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=715 2019-02-11 11:42:59 +00:00
Wolfgang Rosenauer
292dbe02a3 Accepting request 673283 from home:marxin:branches:mozilla:Factory
- Enable LTO for x86_64 (with increased memory constraints).

OBS-URL: https://build.opensuse.org/request/show/673283
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=714
2019-02-11 11:41:34 +00:00
Wolfgang Rosenauer
1030f9ddf5 - rebased patches
- remove workaround for build memory consumption on i586; other
  mitigations meanwhile introduced (mainly parallelity) will be
  sufficient
  mozilla-reduce-files-per-UnifiedBindings.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=712
2019-02-03 06:39:38 +00:00
Wolfgang Rosenauer
553a4e7037 MFSA 2019-01 (bsc#1122983)
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=711
2019-01-29 21:55:11 +00:00
Wolfgang Rosenauer
815d5ba2ab * Enhanced tracking protection
* allow switching of UI locales within preferences
  * support for the WebP image format
  * "top"-like about:performance
  MFSA 2019-01
  * CVE-2018-18500 bmo#1510114
    Use-after-free parsing HTML5 stream
  * CVE-2018-18503 bmo#1509442
    Memory corruption with Audio Buffer
  * CVE-2018-18504 bmo#1496413
    Memory corruption and out-of-bounds read of texture client
  * CVE-2018-18505 bmo#1497749
    Privilege escalation through IPC channel messages
  * CVE-2018-18506 bmo#1503393
    Proxy Auto-Configuration file can define localhost access to be proxied
  * CVE-2018-18502 bmo#1499426 bmo#1480090 bmo#1472990 bmo#1514762
    bmo#1501482 bmo#1505887 bmo#1508102 bmo#1508618 bmo#1511580
    bmo#1493497 bmo#1510145 bmo#1516289 bmo#1506798 bmo#1512758
    Memory safety bugs fixed in Firefox 65
  * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
    bmo#1502871 bmo#1516738 bmo#1516514
    Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=710
2019-01-29 21:40:24 +00:00
Wolfgang Rosenauer
4962fbcbc3 missing proper changelog before Factory submission
- Mozilla Firefox 65.0
- requires
  NSS 3.41
  rust/carge 1.30
  rust-cbindgen 0.6.7
-rebased patches

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=709
2019-01-29 18:07:12 +00:00
Wolfgang Rosenauer
59c27b8c6c Accepting request 666261 from home:marxin:branches:mozilla:Factory
- Increase disk constraint.
- Remove -v from mach build in order to work-around bmo#1500436.

OBS-URL: https://build.opensuse.org/request/show/666261
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=708
2019-01-16 09:31:29 +00:00
Wolfgang Rosenauer
d6db4cc918 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=707 2019-01-12 22:56:13 +00:00
Wolfgang Rosenauer
d30950bfb9 it should not be needed anymore
- Mozilla Firefox 64.0.2:
- Remove obolete '--enable-pie' as -pie is always enabled for

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=706
2019-01-12 22:49:25 +00:00
Wolfgang Rosenauer
68e8e12c27 Accepting request 664693 from home:marxin:branches:mozilla:Factory-new2
- Set %clang_build to false on all architectures
- Do not use -fno-delete-null-pointer-checks and -fno-strict-aliasing:
  it should not be needed.
- Do not overwrite enable-optimize and when possible
  enable --enable-debug-symbols.
- Add -v to mach in order to make build verbose.

OBS-URL: https://build.opensuse.org/request/show/664693
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=705
2019-01-12 22:48:04 +00:00
Wolfgang Rosenauer
c828807e6d Accepting request 664321 from home:AndreasStieger:branches:mozilla:Factory
64.0.2

OBS-URL: https://build.opensuse.org/request/show/664321
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=704
2019-01-10 10:25:49 +00:00
Wolfgang Rosenauer
96abfaec58 Accepting request 659329 from home:Guillaume_G:branches:mozilla:Factory
- Enable build_hardened for all architectures
- Switch back aarch64 to clang as '-fPIC' fixes bmo#1513605
- Remove obolete '--enable-pie' as -pie is always enabled for gcc and clang

OBS-URL: https://build.opensuse.org/request/show/659329
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=703
2019-01-07 19:59:56 +00:00
Wolfgang Rosenauer
232479943d try less memory now that we are using memory constraints
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=701
2018-12-13 12:20:53 +00:00
Wolfgang Rosenauer
f2a1d1c9f4 Accepting request 657818 from home:Guillaume_G:branches:mozilla:Factory
- Switch aarch64 builds back to gcc, not clang (bmo#1513605)
- Switch %arm builds back to gcc, not clang to avoid OOM
- Fix build flags when clang is not used
- Fix flags for clang ppc64 builds

OBS-URL: https://build.opensuse.org/request/show/657818
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=700
2018-12-13 12:15:35 +00:00
Wolfgang Rosenauer
7d565ee4aa - update to Firefox 64.0
* Better recommendations: You may see suggestions in regular browsing
    mode for new and relevant Firefox features, services, and extensions
    based on how you use the web (for US users only)
  * Enhanced tab management: You can now select multiple tabs from the
    tab bar and close, move, bookmark, or pin them quickly and easily
  * Easier performance management: The new Task Manager page found at
    about:performance lets you see how much energy each open tab consumes
    and provides access to close tabs to conserve power
  * Improved performance for Mac and Linux users, by enabling link time
    optimization (Clang LTO).
  * Added option to remove add-ons using the context menu on their
    toolbar buttons
  * RSS feed preview and live bookmarks are available only via add-ons
  * TLS certificates issued by Symantec are no longer trusted by Firefox.
    Website operators are strongly encouraged to replace any remaining
    Symantec TLS certificates as soon as possible
  MFSA 2018-29 (bsc#1119105)
  * CVE-2018-12407 bmo#1505973
    Buffer overflow with ANGLE library when using VertexBuffer11 module
  * CVE-2018-17466 bmo#1488295
    Buffer overflow and out-of-bounds read in ANGLE library with
    TextureStorage11
  * CVE-2018-18492 bmo#1499861
    Use-after-free with select element
  * CVE-2018-18493 bmo#1504452
    Buffer overflow in accelerated 2D canvas with Skia
  * CVE-2018-18494 bmo#1487964
    Same-origin policy violation using location attribute and
    performance.getEntries to steal cross-origin URLs

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=699
2018-12-12 11:35:28 +00:00
Wolfgang Rosenauer
d8b75f888e Accepting request 652365 from home:Guillaume_G:branches:mozilla:Factory
- Remove --disable-elf-hack when not available: on aarch64 and ppc64*

OBS-URL: https://build.opensuse.org/request/show/652365
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=698
2018-12-11 07:45:25 +00:00
Wolfgang Rosenauer
48b8c9df88 - removed obsolete patches
* mozilla-no-return.patch
  * mozilla-no-stdcxx-check.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=696
2018-11-26 10:58:16 +00:00
Wolfgang Rosenauer
f6f6df084e Accepting request 651976 from home:Guillaume_G:branches:mozilla:Factory2
- Clean-up %arm build

OBS-URL: https://build.opensuse.org/request/show/651976
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=695
2018-11-26 10:42:10 +00:00
Wolfgang Rosenauer
3ce0fd3bc7 - update to Firefox 63.0.3
* Games using WebGL (created in Unity) get stuck after very short
    time of gameplay (bmo#1502748)
  * Slow page loading for some users with specific proxy configurations
    (bmo#1495024)
  * Disable HTTP response throttling by default for causing bugs with
    videos in background tabs (bmo#1503354)
  * Opening magnet links no longer works (bmo#1498934)
  * Crash fixes (bmo#1498510, bmo#1503424)
- removed mozilla-newer-cbindgen.patch; no longer needed
- requires rust-cbindgen >= 0.6.2 to build
- requires nodejs >= 8.11 to build
- added mozilla-newer-cbindgen.patch to fix build with cbindgen 0.6.7

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=694
2018-11-18 21:46:59 +00:00
Wolfgang Rosenauer
b19ebee19e - disable elfhack for TW and newer due to build errors
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=693
2018-11-12 11:49:28 +00:00
Wolfgang Rosenauer
2f1f7dea2a - update to Firefox 63.0.1
* Snippets are not loaded due to missing element (bmo#1503047)
  * Print preview always shows 30& scale when it is actually
    Shrink To Fit (bmo#1501952)
  * Dialog displayed when closing multiple windows shows unreplaced
    %1$S placeholder in Japanese and potentially other locales
    (bmo#1500823)
  MFSA 2018-26 (bsc#1112852)
  * CVE-2018-12391 (bmo#1478843) (Android-only)
    HTTP Live Stream audio data is accessible cross-origin
  * CVE-2018-12392 (bmo#1492823)
    Crash with nested event loops
  * CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs)
    Integer overflow during Unicode conversion while loading JavaScript
  * CVE-2018-12395 (bmo#1467523)
    WebExtension bypass of domain restrictions through header rewriting
  * CVE-2018-12396 (bmo#1483602)
    WebExtension content scripts can execute in disallowed contexts
  * CVE-2018-12397 (bmo#1487478)
    Missing warning prompt when WebExtension requests local file access
  * CVE-2018-12398 (bmo#1460538, bmo#1488061)
    CSP bypass through stylesheet injection in resource URIs
  * CVE-2018-12399 (bmo#1490276)
    Spoofing of protocol registration notification bar
  * CVE-2018-12400 (bmo#1448305) (Android only)
    Favicons are cached in private browsing mode on Firefox for Android
  * CVE-2018-12401 (bmo#1422456)
    DOS attack through special resource URI parsing
  * CVE-2018-12402 (bmo#1469916)
    SameSite cookies leak when pages are explicitly saved

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=692
2018-11-10 21:07:09 +00:00
Wolfgang Rosenauer
6bbb36ffe9 - update to Firefox 63.0
* WebExtensions now run in their own process on Linux
  * The Ctrl+Tab shortcut now displays thumbnail previews of your
    tabs and cycles through tabs in recently used order. This new
    default behavior is activated only in new profiles and can be
    changed in preferences.
  * Added support for Web Components custom elements and shadow DOM
- requires NSPR 4.20, NSS 3.39 and Rust 1.28

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=691
2018-10-29 15:21:53 +00:00
Wolfgang Rosenauer
5048a922bb Accepting request 644806 from home:Guillaume_G:branches:mozilla:Factory
- Update _constraints for armv6/7
- Add patch to fix build on armv7:
  * mozilla-bmo1463035.patch

OBS-URL: https://build.opensuse.org/request/show/644806
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=690
2018-10-29 14:09:04 +00:00
Wolfgang Rosenauer
7f0ad4c413 Accepting request 639735 from home:AndreasStieger:branches:mozilla:Factory
- Mozilla Firefox 62.0.3:
  MFSA 2018-24
  * CVE-2018-12386 (bsc#1110506, bmo#1493900)
    Type confusion in JavaScript allowed remote code execution
  * CVE-2018-12387 (bsc#1110507, bmo#1493903)
    Array.prototype.push stack pointer vulnerability may enable
    exploits in the sandboxed content process

OBS-URL: https://build.opensuse.org/request/show/639735
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=688
2018-10-03 12:24:02 +00:00
Wolfgang Rosenauer
42ab585fa7 - disable rust debug symbols to fix build on %ix86
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=686
2018-09-24 20:59:09 +00:00
Wolfgang Rosenauer
e039c5177b Accepting request 637176 from home:AndreasStieger:branches:mozilla:Factory
fix factory submission

OBS-URL: https://build.opensuse.org/request/show/637176
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=685
2018-09-22 10:58:05 +00:00
Wolfgang Rosenauer
ec4afab305 Accepting request 637170 from home:AndreasStieger:branches:mozilla:Factory
Mozilla Firefox 62.0.2
  * CVE-2018-12385 (boo#1109363, bmo#1490585)

OBS-URL: https://build.opensuse.org/request/show/637170
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=684
2018-09-22 09:37:16 +00:00
Wolfgang Rosenauer
906587ef9c - update to Firefox 62.0
* Firefox Home (the default New Tab) now allows users to display
    up to 4 rows of top sites, Pocket stories, and highlights
  * "Reopen in Container" tab menu option appears for users with
    Containers that lets them choose to reopen a tab in a different
    container
  * In advance of removing all trust for Symantec-issued certificates
    in Firefox 63, a preference was added that allows users to distrust
    certificates issued by Symantec. To use this preference, go to
    about:config in the address bar and set the preference
    "security.pki.distrust_ca_policy" to 2.
  * Support for CSS Shapes, allowing for richer web page layouts.
    This goes hand in hand with a brand new Shape Path Editor in the
    CSS inspector.
  * CSS Variable Fonts (OpenType Font Variations) support, which makes
    it possible to create beautiful typography with a single font file
  * Added Canadian English (en-CA) locale
  MFSA 2018-20 (bsc#1107343)
  * CVE-2018-12377 (bmo#1470260)
    Use-after-free in refresh driver timers
  * CVE-2018-12378 (bmo#1459383)
    Use-after-free in IndexedDB
  * CVE-2018-12379 (bmo#1473113) (updater is disabled for us)
    Out-of-bounds write with malicious MAR file
  * CVE-2017-16541 (bmo#1412081)
    Proxy bypass using automount and autofs
  * CVE-2018-12381 (bmo#1435319)
    Dragging and dropping Outlook email message results in page navigation
  * CVE-2018-12382 (bmo#1479311) (Android only)
    Addressbar spoofing with javascript URI on Firefox for Android

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=683
2018-09-07 12:27:57 +00:00
Wolfgang Rosenauer
551d63d536 - update to Firefox 62.0 (build2)
- requires NSS >= 3.38
- removed obsolete patches
  mozilla-bmo1464766.patch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=682
2018-09-05 07:16:27 +00:00
Wolfgang Rosenauer
a3dfca5f05 - update to Firefox 61.0.2
* Improved website rendering with the Retained Display List feature
    enabled (bmo#1474402)
  * Fixed broken DevTools panels with certain extensions installed
    (bmo#1474379)
  * Fixed a crash for users with some accessibility tools enabled
    (bmo#1474007)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=680
2018-08-09 18:13:29 +00:00