|
1 ------------------------------------------------------------------- |
|
2 Fri Feb 18 20:38:22 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de> |
|
3 |
|
4 - Mozilla Firefox 97.0.1 |
|
5 * Fixed: Fixed an issue where TikTok videos would fail to load |
|
6 when selected from a user's profile page (bmo#1750973) |
|
7 * Fixed: Fixed an issue which led to Picture-in-Picture mode |
|
8 being unable to be toggled on Hulu (bmo#1753401) |
|
9 * Fixed: Works around problems with WebRoot SecureAnywhere |
|
10 antivirus rendering Firefox unusable in some situations |
|
11 (bmo#1752466) |
|
12 * Fixed: Fixed an issue causing users to see the Restore |
|
13 Session screen unexpectedly when starting Firefox |
|
14 (bmo#1749996) |
|
15 |
|
16 ------------------------------------------------------------------- |
|
17 Mon Feb 14 19:31:29 UTC 2022 - Luciano Santos <luc14n0@opensuse.org> |
|
18 |
|
19 - Remove bashisms ("source" and "function" keywords) from |
|
20 mozilla.sh.in to ally with the #!/bin/sh shebang. If the end user |
|
21 has either dash-sh package or busybox-sh to handle Bourn Shell |
|
22 scripts rather than having bash-sh package, the script would |
|
23 fail. Using "." instead of "source" and "create_langpack_link()" |
|
24 function definition is enough to keep both sides sane, |
|
25 behavior-wise. |
|
26 |
|
27 ------------------------------------------------------------------- |
|
28 Tue Feb 8 08:40:45 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
29 |
|
30 - Mozilla Firefox 97.0 |
|
31 MFSA 2022-04 (bsc#1195682) |
|
32 * CVE-2022-22753 (bmo#1732435) |
|
33 Privilege Escalation to SYSTEM on Windows via Maintenance Service |
|
34 * CVE-2022-22754 (bmo#1750565) |
|
35 Extensions could have bypassed permission confirmation during update |
|
36 * CVE-2022-22755 (bmo#1309630) |
|
37 XSL could have allowed JavaScript execution after a tab was closed |
|
38 * CVE-2022-22756 (bmo#1317873) |
|
39 Drag and dropping an image could have resulted in the dropped |
|
40 object being an executable |
|
41 * CVE-2022-22757 (bmo#1720098) |
|
42 Remote Agent did not prevent local websites from connecting |
|
43 * CVE-2022-22758 (bmo#1728742) |
|
44 tel: links could have sent USSD codes to the dialer on |
|
45 Firefox for Android |
|
46 * CVE-2022-22759 (bmo#1739957) |
|
47 Sandboxed iframes could have executed script if the parent |
|
48 appended elements |
|
49 * CVE-2022-22760 (bmo#1740985, bmo#1748503) |
|
50 Cross-Origin responses could be distinguished between script |
|
51 and non-script content-types |
|
52 * CVE-2022-22761 (bmo#1745566) |
|
53 frame-ancestors Content Security Policy directive was not |
|
54 enforced for framed extension pages |
|
55 * CVE-2022-22762 (bmo#1743931) |
|
56 JavaScript Dialogs could have been displayed over other |
|
57 domains on Firefox for Android |
|
58 * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545, |
|
59 bmo#1748210, bmo#1748279) |
|
60 Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 |
|
61 * CVE-2022-0511 (bmo#1713579, bmo#1735448, bmo#1743821, bmo#1746313, |
|
62 bmo#1746314, bmo#1746316, bmo#1746321, bmo#1746322, bmo#1746323, |
|
63 bmo#1746412, bmo#1746430, bmo#1746451, bmo#1746488, bmo#1746875, |
|
64 bmo#1746898, bmo#1746905, bmo#1746907, bmo#1746917, bmo#1747128, |
|
65 bmo#1747137, bmo#1747331, bmo#1747346, bmo#1747439, bmo#1747457, |
|
66 bmo#1747870, bmo#1749051, bmo#1749274, bmo#1749831) |
|
67 Memory safety bugs fixed in Firefox 97 |
|
68 - requires NSS 3.74 |
|
69 - requires rust 1.57 |
|
70 |
|
71 ------------------------------------------------------------------- |
|
72 Mon Feb 7 22:21:29 UTC 2022 - Dirk Müller <dmueller@suse.com> |
|
73 |
|
74 - remove memoryperjob and use %limit instead. this allows to |
|
75 adapt to more worker types, and lowers the time the package |
|
76 is stuck in "scheduling". raising memory above 8 to lower |
|
77 risk for LTO jobs to run OOM |
|
78 - add hack to disable -Wl,--gc-section which avoids a binutils |
|
79 segfault on x86 |
|
80 - change mozilla-reduce-rust-debuginfo.patch: use -g1 everywhere |
|
81 |
1 ------------------------------------------------------------------- |
82 ------------------------------------------------------------------- |
2 Sun Jan 30 23:58:34 UTC 2022 - Dirk Müller <dmueller@suse.com> |
83 Sun Jan 30 23:58:34 UTC 2022 - Dirk Müller <dmueller@suse.com> |
3 |
84 |
4 - disable ccache, this adds about 1 minute of build time and |
85 - disable ccache, this adds about 1 minute of build time and |
5 over 2 GB of disk space usage without benefit on OBS builds |
86 over 2 GB of disk space usage without benefit on OBS builds |
6 - build with rust-simd like upstream does |
87 - build with rust-simd like upstream does |
7 - use -g1 for debuginfo generation as this is what upstream |
88 - use -g1 for debuginfo generation as this is what upstream |
8 does as well and it saves ~ 2GB of writes |
89 does as well and it saves ~ 2GB of writes |
9 - use %limit on x86_64 to scale down to less capable workers |
90 - use %limit on x86_64 to scale down to less capable workers |
10 - disable install stripping so that debuginfo is useful |
91 - disable install stripping so that debuginfo is useful |
11 - use autopatch |
92 - use autopatch |
12 - cleanup constraints to specify only jobs, physicalmemory |
93 - cleanup constraints to specify only jobs, physicalmemory |