Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox97
changeset 1171 130d464159be
parent 1170 f9b2d408b7ef
child 1172 7bdeb580be51 
--- a/MozillaFirefox/MozillaFirefox.changes	Sat Feb 05 15:04:53 2022 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Wed Mar 02 15:34:50 2022 +0100
@@ -1,10 +1,91 @@
 -------------------------------------------------------------------
+Fri Feb 18 20:38:22 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 97.0.1
+  * Fixed: Fixed an issue where TikTok videos would fail to load
+    when selected from a user's profile page (bmo#1750973)
+  * Fixed: Fixed an issue which led to Picture-in-Picture mode
+    being unable to be toggled on Hulu (bmo#1753401)
+  * Fixed: Works around problems with WebRoot SecureAnywhere
+    antivirus rendering Firefox unusable in some situations
+    (bmo#1752466)
+  * Fixed: Fixed an issue causing users to see the Restore
+    Session screen unexpectedly when starting Firefox
+    (bmo#1749996)
+
+-------------------------------------------------------------------
+Mon Feb 14 19:31:29 UTC 2022 - Luciano Santos <luc14n0@opensuse.org>
+
+- Remove bashisms ("source" and "function" keywords) from
+  mozilla.sh.in to ally with the #!/bin/sh shebang. If the end user
+  has either dash-sh package or busybox-sh to handle Bourn Shell
+  scripts rather than having bash-sh package, the script would
+  fail. Using "." instead of "source" and "create_langpack_link()"
+  function definition is enough to keep both sides sane,
+  behavior-wise.
+
+-------------------------------------------------------------------
+Tue Feb  8 08:40:45 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 97.0
+  MFSA 2022-04 (bsc#1195682)
+  * CVE-2022-22753 (bmo#1732435)
+    Privilege Escalation to SYSTEM on Windows via Maintenance Service
+  * CVE-2022-22754 (bmo#1750565)
+    Extensions could have bypassed permission confirmation during update
+  * CVE-2022-22755 (bmo#1309630)
+    XSL could have allowed JavaScript execution after a tab was closed
+  * CVE-2022-22756 (bmo#1317873)
+    Drag and dropping an image could have resulted in the dropped
+    object being an executable
+  * CVE-2022-22757 (bmo#1720098)
+    Remote Agent did not prevent local websites from connecting
+  * CVE-2022-22758 (bmo#1728742)
+    tel: links could have sent USSD codes to the dialer on
+    Firefox for Android
+  * CVE-2022-22759 (bmo#1739957)
+    Sandboxed iframes could have executed script if the parent
+    appended elements
+  * CVE-2022-22760 (bmo#1740985, bmo#1748503)
+    Cross-Origin responses could be distinguished between script
+    and non-script content-types
+  * CVE-2022-22761 (bmo#1745566)
+    frame-ancestors Content Security Policy directive was not
+    enforced for framed extension pages
+  * CVE-2022-22762 (bmo#1743931)
+    JavaScript Dialogs could have been displayed over other
+    domains on Firefox for Android
+  * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
+    bmo#1748210, bmo#1748279)
+    Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
+  * CVE-2022-0511 (bmo#1713579, bmo#1735448, bmo#1743821, bmo#1746313,
+    bmo#1746314, bmo#1746316, bmo#1746321, bmo#1746322, bmo#1746323,
+    bmo#1746412, bmo#1746430, bmo#1746451, bmo#1746488, bmo#1746875,
+    bmo#1746898, bmo#1746905, bmo#1746907, bmo#1746917, bmo#1747128,
+    bmo#1747137, bmo#1747331, bmo#1747346, bmo#1747439, bmo#1747457,
+    bmo#1747870, bmo#1749051, bmo#1749274, bmo#1749831)
+    Memory safety bugs fixed in Firefox 97
+- requires NSS 3.74
+- requires rust 1.57
+
+-------------------------------------------------------------------
+Mon Feb  7 22:21:29 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- remove memoryperjob and use %limit instead. this allows to
+  adapt to more worker types, and lowers the time the package
+  is stuck in "scheduling". raising memory above 8 to lower
+  risk for LTO jobs to run OOM
+- add hack to disable -Wl,--gc-section which avoids a binutils
+  segfault on x86
+- change mozilla-reduce-rust-debuginfo.patch: use -g1 everywhere
+
+-------------------------------------------------------------------
 Sun Jan 30 23:58:34 UTC 2022 - Dirk Müller <dmueller@suse.com>
 
-- disable ccache, this adds about 1 minute of build time and 
+- disable ccache, this adds about 1 minute of build time and
   over 2 GB of disk space usage without benefit on OBS builds
 - build with rust-simd like upstream does
-- use -g1 for debuginfo generation as this is what upstream 
+- use -g1 for debuginfo generation as this is what upstream
   does as well and it saves ~ 2GB of writes
 - use %limit on x86_64 to scale down to less capable workers
 - disable install stripping so that debuginfo is useful
mozilla