1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Wed Jun 17 07:51:25 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
2 Tue Sep 29 11:58:46 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
3 |
3 |
4 - Mozilla Firefox 78.0b8 |
4 - try to remove python2 dependencies |
|
5 |
|
6 ------------------------------------------------------------------- |
|
7 Fri Sep 18 06:22:40 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
8 |
|
9 - Mozilla Firefox 81.0 |
|
10 * https://www.mozilla.org/en-US/firefox/81.0/releasenotes |
|
11 MFSA 2020-42 (bsc#1176756) |
|
12 * CVE-2020-15675 (bmo#1654211) |
|
13 Use-After-Free in WebGL |
|
14 * CVE-2020-15677 (bmo#1641487) |
|
15 Download origin spoofing via redirect |
|
16 * CVE-2020-15676 (bmo#1646140) |
|
17 XSS when pasting attacker-controlled data into a |
|
18 contenteditable element |
|
19 * CVE-2020-15678 (bmo#1660211) |
|
20 When recursing through layers while scrolling, an iterator |
|
21 may have become invalid, resulting in a potential use-after- |
|
22 free scenario |
|
23 * CVE-2020-15673 (bmo#1648493, bmo#1660800) |
|
24 Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 |
|
25 * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293) |
|
26 Memory safety bugs fixed in Firefox 81 |
|
27 - requires |
|
28 NSPR 4.28 |
|
29 NSS 3.56 |
|
30 - removed obsolete patches |
|
31 * mozilla-system-nspr.patch |
|
32 * mozilla-bmo1661715.patch |
|
33 * mozilla-silence-no-return-type.patch |
|
34 - skip post-build-checks for 15.0 and 15.1 |
|
35 - add revert-795c8762b16b.patch to fix LTO builds with gcc |
|
36 (related to bmo#1644409) |
|
37 - require python3-curses as workaround to fix i586 build |
|
38 |
|
39 ------------------------------------------------------------------- |
|
40 Thu Sep 17 11:45:31 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
41 |
|
42 - Use %limit_build macro again for aarch64 and armv7, instead of |
|
43 the new memoryperjob _constraints to use more workers |
|
44 |
|
45 ------------------------------------------------------------------- |
|
46 Sat Sep 5 17:43:26 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
47 |
|
48 - add mozilla-bmo1661715.patch to fix Flash plugin |
|
49 |
|
50 ------------------------------------------------------------------- |
|
51 Wed Sep 2 17:11:19 UTC 2020 - Manfred Hollstein <manfred.h@gmx.net> |
|
52 |
|
53 - Mozilla Firefox 80.0.1: Bug fixes: |
|
54 * Fixed a performance regression when encountering new intermediate |
|
55 CA certificates (bmo#1661543) |
|
56 * Fixed crashes possibly related to GPU resets (bmo#1627616) |
|
57 * Fixed rendering on some sites using WebGL (bmo#1659225) |
|
58 * Fixed the zoom-in keyboard shortcut on Japanese language builds |
|
59 (bmo#1661895) |
|
60 * Fixed download issues related to extensions and cookies |
|
61 (bmo#1655190) |
|
62 - added mozilla-silence-no-return-type.patch |
|
63 |
|
64 ------------------------------------------------------------------- |
|
65 Tue Aug 25 19:30:15 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
66 |
|
67 - more whitelisting (/dev/random) for sandbox in relation to FIPS |
|
68 (bsc#1174284) |
|
69 - improve langpack builds to use dedicated objdirs and make it |
|
70 parallel again |
|
71 |
|
72 ------------------------------------------------------------------- |
|
73 Sat Aug 22 06:52:01 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
74 |
|
75 - Mozilla Firefox 80.0 |
|
76 MFSA 2020-36 (bsc#1175686) |
|
77 * CVE-2020-15663 (bmo#1643199) |
|
78 Downgrade attack on the Mozilla Maintenance Service could |
|
79 have resulted in escalation of privilege |
|
80 * CVE-2020-15664 (bmo#1658214) |
|
81 Attacker-induced prompt for extension installation |
|
82 * CVE-2020-12401 (bmo#1631573) |
|
83 Timing-attack on ECDSA signature generation |
|
84 * CVE-2020-6829 (bmo#1631583) |
|
85 P-384 and P-521 vulnerable to an electro-magnetic side |
|
86 channel attack on signature generation |
|
87 * CVE-2020-12400 (bmo#1623116) |
|
88 P-384 and P-521 vulnerable to a side channel attack on |
|
89 modular inversion |
|
90 * CVE-2020-15665 (bmo#1651636) |
|
91 Address bar not reset when choosing to stay on a page after |
|
92 the beforeunload dialog is shown |
|
93 * CVE-2020-15666 (bmo#1450853) |
|
94 MediaError message property leaks cross-origin response |
|
95 status |
|
96 * CVE-2020-15667 (bmo#1653371) |
|
97 Heap overflow when processing an update file |
|
98 * CVE-2020-15668 (bmo#1651520) |
|
99 Data Race when reading certificate information |
|
100 * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, |
|
101 bmo#1656957) |
|
102 Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 |
|
103 - requires |
|
104 * NSPR 4.27 |
|
105 * NSS 3.55 |
|
106 - added mozilla-system-nspr.patch (bmo#1661096) |
|
107 - exclude ga-IE locale as it's failing to build |
|
108 - rollback parallelize locale build because it breaks bookmarks |
|
109 (boo#1167976) |
|
110 - preserve original default bookmark file during langpack build |
|
111 (boo#1167976) |
|
112 - add some ccache output during build |
|
113 |
|
114 ------------------------------------------------------------------- |
|
115 Thu Aug 20 13:07:33 UTC 2020 - Martin Liška <mliska@suse.cz> |
|
116 |
|
117 - Use new memoryperjob _constraints instead of %limit_build macro. |
|
118 |
|
119 ------------------------------------------------------------------- |
|
120 Mon Aug 10 09:19:38 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
121 |
|
122 - use ccache for build |
|
123 - replace versioned RPM deps with requires_ge |
|
124 - parallelize locale build |
|
125 |
|
126 ------------------------------------------------------------------- |
|
127 Thu Aug 6 14:37:16 UTC 2020 - Yunhe Guo <i@guoyunhe.me> |
|
128 |
|
129 - Change *.appdata.xml location to latest AppStream standard |
|
130 |
|
131 ------------------------------------------------------------------- |
|
132 Thu Jul 23 21:00:34 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
133 |
|
134 - Mozilla Firefox 79.0 |
|
135 MFSA 2020-30 (bsc#1174538) |
|
136 * CVE-2020-15652 (bmo#1634872) |
|
137 Potential leak of redirect targets when loading scripts in a worker |
|
138 * CVE-2020-6514 (bmo#1642792) |
|
139 WebRTC data channel leaks internal address to peer |
|
140 * CVE-2020-15655 (bmo#1645204) |
|
141 Extension APIs could be used to bypass Same-Origin Policy |
|
142 * CVE-2020-15653 (bmo#1521542) |
|
143 Bypassing iframe sandbox when allowing popups |
|
144 * CVE-2020-6463 (bmo#1635293) |
|
145 Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture |
|
146 * CVE-2020-15656 (bmo#1647293) |
|
147 Type confusion for special arguments in IonMonkey |
|
148 * CVE-2020-15658 (bmo#1637745) |
|
149 Overriding file type when saving to disk |
|
150 * CVE-2020-15657 (bmo#1644954) |
|
151 DLL hijacking due to incorrect loading path |
|
152 * CVE-2020-15654 (bmo#1648333) |
|
153 Custom cursor can overlay user interface |
|
154 * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856, |
|
155 bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220, |
|
156 bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678) |
|
157 Memory safety bugs fixed in Firefox 79 |
|
158 - updated dependency requirements: |
|
159 * mozilla-nspr >= 4.26 |
|
160 * mozilla-nss >= 3.54 |
|
161 * rust >= 1.43 |
|
162 * rust-cbindgen >= 0.14.3 |
|
163 - removed obsolete patch |
|
164 mozilla-bmo1463035.patch |
|
165 |
|
166 ------------------------------------------------------------------- |
|
167 Tue Jul 21 21:31:20 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
168 |
|
169 - fixed syntax issue in desktop file (boo#1174360) |
|
170 |
|
171 ------------------------------------------------------------------- |
|
172 Fri Jul 17 15:07:45 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
173 |
|
174 - Add mozilla-libavcodec58_91.patch to link against updated |
|
175 soversion of libavcodec (58.91) with ffmpeg >= 4.3. |
|
176 (patch provided by Atri Bhattacharya <badshah400@gmail.com> |
|
177 - enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320) |
|
178 (Plasma 5.19.3 is now in TW) |
|
179 |
|
180 ------------------------------------------------------------------- |
|
181 Sat Jul 11 11:08:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
182 |
|
183 - Mozilla Firefox 78.0.2 |
|
184 * Fixed an accessibility regression in reader mode (bmo#1650922) |
|
185 * Made the address bar more resilient to data corruption in the |
|
186 user profile (bmo#1649981) |
|
187 * Fixed a regression opening certain external applications (bmo#1650162) |
|
188 MFSA 2020-28 |
|
189 * CVE pending (bmo#1644076) |
|
190 X-Frame-Options bypass using object or embed tags |
|
191 - added desktop file actions |
|
192 - do not use XINPUT2 for the moment until Plasma 5.19.3 has landed |
|
193 (boo#1173993) |
|
194 - rework langpack integration (boo#1173991) |
|
195 * ship XPIs instead of directories |
|
196 * allow addon sideloading |
|
197 * mark signatures for langpacks non-mandatory |
|
198 * do not autodisable user profile scopes |
|
199 - Google API key is not usable for geolocation service |
|
200 - fix pipewire support for TW (boo#1172903) |
|
201 |
|
202 ------------------------------------------------------------------- |
|
203 Wed Jul 1 07:15:02 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
204 |
|
205 - Mozilla Firefox 78.0.1 |
|
206 * Fixed an issue which could cause installed search engines to not |
|
207 be visible when upgrading from a previous release. |
|
208 - enable MOZ_USE_XINPUT2 for TW (boo#1173320) |
|
209 |
|
210 ------------------------------------------------------------------- |
|
211 Sun Jun 28 07:17:13 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
212 |
|
213 - Mozilla Firefox 78.0 |
5 * startup notifications now using Gtk instead of libnotify |
214 * startup notifications now using Gtk instead of libnotify |
|
215 * PDF downloads now show an option to open the PDF directly in Firefox |
|
216 * Protections Dashboard (about:protections) |
|
217 * WebRTC not interrupted by screensaver anymore |
|
218 * disabled TLS 1.0 and 1.1 by default |
|
219 MFSA 2020-24 (bsc#1173576) |
|
220 * CVE-2020-12415 (bmo#1586630) |
|
221 AppCache manifest poisoning due to url encoded character processing |
|
222 * CVE-2020-12416 (bmo#1639734) |
|
223 Use-after-free in WebRTC VideoBroadcaster |
|
224 * CVE-2020-12417 (bmo#1640737) |
|
225 Memory corruption due to missing sign-extension for ValueTags |
|
226 on ARM64 |
|
227 * CVE-2020-12418 (bmo#1641303) |
|
228 Information disclosure due to manipulated URL object |
|
229 * CVE-2020-12419 (bmo#1643874) |
|
230 Use-after-free in nsGlobalWindowInner |
|
231 * CVE-2020-12420 (bmo#1643437) |
|
232 Use-After-Free when trying to connect to a STUN server |
|
233 * CVE-2020-12402 (bmo#1631597) |
|
234 RSA Key Generation vulnerable to side-channel attack |
|
235 * CVE-2020-12421 (bmo#1308251) |
|
236 Add-On updates did not respect the same certificate trust |
|
237 rules as software updates |
|
238 * CVE-2020-12422 (bmo#1450353) |
|
239 Integer overflow in nsJPEGEncoder::emptyOutputBuffer |
|
240 * CVE-2020-12423 (bmo#1642400) |
|
241 DLL Hijacking due to searching %PATH% for a library |
|
242 * CVE-2020-12424 (bmo#1562600) |
|
243 WebRTC permission prompt could have been bypassed by a |
|
244 compromised content process |
|
245 * CVE-2020-12425 (bmo#1634738) |
|
246 Out of bound read in Date.parse() |
|
247 * CVE-2020-12426 (bmo#1608068, bmo#1609951, bmo#1631187, bmo#1637682) |
|
248 Memory safety bugs fixed in Firefox 78 |
6 - requires |
249 - requires |
7 * NSS >= 3.53 |
250 * NSS >= 3.53.1 |
8 * nodejs >= 10.21 |
251 * nodejs >= 10.21 |
9 * Gtk+3 >= 3.14 |
252 * Gtk+3 >= 3.14 |
10 - removed obsolete patch |
253 - removed obsolete patches |
11 * mozilla-s390-bigendian.patch |
254 * mozilla-s390-bigendian.patch |
|
255 * mozilla-bmo1634646.patch |
12 - Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build |
256 - Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build |
13 WebRTC with pipewire support to enable screen sharing under |
257 WebRTC with pipewire support to enable screen sharing under |
14 Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3) |
258 Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3) |
15 appropriately (boo#1172903). |
259 appropriately (boo#1172903). |
|
260 - adding SLE12 compatibility in spec file |
|
261 - add patches for s390x |
|
262 * mozilla-bmo1602730.patch (bmo#1602730) |
|
263 * mozilla-bmo1626236.patch (bmo#1626236) |
|
264 * mozilla-bmo998749.patch (bmo#998749) |
|
265 * mozilla-s390x-skia-gradient.patch |
|
266 - update create-tar.sh |
|
267 - Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure |
16 |
268 |
17 ------------------------------------------------------------------- |
269 ------------------------------------------------------------------- |
18 Wed Jun 10 07:17:15 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
270 Wed Jun 10 07:17:15 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
19 |
271 |
20 - Exclude armv6, since it is unbuildable since about 3 years |
272 - Exclude armv6, since it is unbuildable since about 3 years |