1 -------------------------------------------------------------------

     2 Tue Mar  7 09:40:11 UTC 2023 - Martin Liška <mliska@suse.cz>

     3 

     4 - Cherry-pick upstream changes for GCC 13 in gcc13-fix.patch.

     5 

     6 -------------------------------------------------------------------

     7 Mon Mar  6 20:09:41 UTC 2023 - Andreas Schwab <schwab@suse.de>

     8 

     9 - Limit memory use on riscv64

    10 

    11 -------------------------------------------------------------------

    12 Sat Mar  4 16:03:22 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>

    13 

    14 - Fix 32 bit build bmo#1810584 (add mozilla-bmo1810584.patch)

    15 

    16 -------------------------------------------------------------------

    17 Fri Mar  3 17:29:27 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>

    18 

    19 - Mozilla Firefox 110.0.1 (boo#1208886)

    20   * Fixed clearing recent cookies clears all cookies

    21     (bmo#1816279)

    22   * Fixed WebGL crashes on Linux when ran inside a VMWare virtual

    23     machine (bmo#1807942)

    24   * Fixed a bug with CSP serialization causing bugs with the MitID

    25     Digital ID in Denmark (bmo#1819096)

    26 

    27 -------------------------------------------------------------------

    28 Wed Feb 15 09:56:46 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>

    29 

    30 - Mozilla Firefox 110.0

    31   * https://www.mozilla.org/en-US/firefox/110.0/releasenotes

    32   MFSA 2023-05 (bsc#1208144)

    33   * CVE-2023-25728 (bmo#1790345)

    34     Content security policy leak in violation reports using iframes

    35   * CVE-2023-25730 (bmo#1794622)

    36     Screen hijack via browser fullscreen mode

    37   * CVE-2023-25743 (bmo#1800203)

    38     Fullscreen notification not shown in Firefox Focus

    39   * CVE-2023-0767 (bmo#1804640)

    40     Arbitrary memory write via PKCS 12 in NSS

    41   * CVE-2023-25735 (bmo#1810711)

    42     Potential use-after-free from compartment mismatch in SpiderMonkey

    43   * CVE-2023-25737 (bmo#1811464)

    44     Invalid downcast in SVGUtils::SetupStrokeGeometry

    45   * CVE-2023-25738 (bmo#1811852)

    46     Printing on Windows could potentially crash Firefox with some

    47     device drivers

    48   * CVE-2023-25739 (bmo#1811939)

    49     Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext

    50   * CVE-2023-25729 (bmo#1792138)

    51     Extensions could have opened external schemes without user knowledge

    52   * CVE-2023-25732 (bmo#1804564)

    53     Out of bounds memory write from EncodeInputStream

    54   * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338)

    55     Opening local .url files could cause unexpected network loads

    56   * CVE-2023-25740 (bmo#1812354)

    57     Opening local .scf files could cause unexpected network loads

    58   * CVE-2023-25731 (bmo#1801542)

    59     Prototype pollution when rendering URLPreview

    60   * CVE-2023-25733 (bmo#1808632)

    61     Possible null pointer dereference in TaskbarPreviewCallback

    62   * CVE-2023-25736 (bmo#1811331)

    63     Invalid downcast in GetTableSelectionMode

    64   * CVE-2023-25741 (bmo#1437126, bmo#1812611, bmo#1813376)

    65     Same-origin policy leak via image drag and drop

    66   * CVE-2023-25742 (bmo#1813424)

    67     Web Crypto ImportKey crashes tab

    68   * CVE-2023-25744 (bmo#1789449, bmo#1803628, bmo#1810536)

    69     Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8

    70   * CVE-2023-25745 (bmo#1688592, bmo#1797186, bmo#1804998,

    71     bmo#1806521, bmo#1813284)

    72     Memory safety bugs fixed in Firefox 110

    73 - requires

    74   NSS = 3.87

    75   rust/cargo = 1.66

    76 - update create-tar.sh

    77