Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
changeset 1146 1d5f5674df6c
parent 1145 fbfd8f7cbd53
child 1147 e81381ea5f3d 
--- a/MozillaFirefox/MozillaFirefox.changes	Sun Jun 28 08:52:27 2020 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Wed Oct 07 13:48:57 2020 +0200
@@ -1,18 +1,270 @@
 -------------------------------------------------------------------
-Wed Jun 17 07:51:25 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
-
-- Mozilla Firefox 78.0b8
+Tue Sep 29 11:58:46 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- try to remove python2 dependencies
+
+-------------------------------------------------------------------
+Fri Sep 18 06:22:40 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 81.0
+  * https://www.mozilla.org/en-US/firefox/81.0/releasenotes
+  MFSA 2020-42 (bsc#1176756)
+  * CVE-2020-15675 (bmo#1654211)
+    Use-After-Free in WebGL
+  * CVE-2020-15677 (bmo#1641487)
+    Download origin spoofing via redirect
+  * CVE-2020-15676 (bmo#1646140)
+    XSS when pasting attacker-controlled data into a
+    contenteditable element
+  * CVE-2020-15678 (bmo#1660211)
+    When recursing through layers while scrolling, an iterator
+    may have become invalid, resulting in a potential use-after-
+    free scenario
+  * CVE-2020-15673 (bmo#1648493, bmo#1660800)
+    Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
+  * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293)
+    Memory safety bugs fixed in Firefox 81
+- requires
+  NSPR 4.28
+  NSS 3.56
+- removed obsolete patches
+  * mozilla-system-nspr.patch
+  * mozilla-bmo1661715.patch
+  * mozilla-silence-no-return-type.patch
+- skip post-build-checks for 15.0 and 15.1
+- add revert-795c8762b16b.patch to fix LTO builds with gcc
+  (related to bmo#1644409)
+- require python3-curses as workaround to fix i586 build
+
+-------------------------------------------------------------------
+Thu Sep 17 11:45:31 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Use %limit_build macro again for aarch64 and armv7, instead of
+  the new memoryperjob _constraints to use more workers
+
+-------------------------------------------------------------------
+Sat Sep  5 17:43:26 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- add mozilla-bmo1661715.patch to fix Flash plugin
+
+-------------------------------------------------------------------
+Wed Sep  2 17:11:19 UTC 2020 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 80.0.1: Bug fixes:
+  * Fixed a performance regression when encountering new intermediate
+    CA certificates (bmo#1661543)
+  * Fixed crashes possibly related to GPU resets (bmo#1627616)
+  * Fixed rendering on some sites using WebGL (bmo#1659225)
+  * Fixed the zoom-in keyboard shortcut on Japanese language builds
+    (bmo#1661895)
+  * Fixed download issues related to extensions and cookies
+    (bmo#1655190)
+- added mozilla-silence-no-return-type.patch
+
+-------------------------------------------------------------------
+Tue Aug 25 19:30:15 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- more whitelisting (/dev/random) for sandbox in relation to FIPS
+  (bsc#1174284)
+- improve langpack builds to use dedicated objdirs and make it
+  parallel again
+
+-------------------------------------------------------------------
+Sat Aug 22 06:52:01 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 80.0
+  MFSA 2020-36 (bsc#1175686)
+  * CVE-2020-15663 (bmo#1643199)
+    Downgrade attack on the Mozilla Maintenance Service could
+    have resulted in escalation of privilege
+  * CVE-2020-15664 (bmo#1658214)
+    Attacker-induced prompt for extension installation
+  * CVE-2020-12401 (bmo#1631573)
+    Timing-attack on ECDSA signature generation
+  * CVE-2020-6829 (bmo#1631583)
+    P-384 and P-521 vulnerable to an electro-magnetic side
+    channel attack on signature generation
+  * CVE-2020-12400 (bmo#1623116)
+    P-384 and P-521 vulnerable to a side channel attack on
+    modular inversion
+  * CVE-2020-15665 (bmo#1651636)
+    Address bar not reset when choosing to stay on a page after
+    the beforeunload dialog is shown
+  * CVE-2020-15666 (bmo#1450853)
+    MediaError message property leaks cross-origin response
+    status
+  * CVE-2020-15667 (bmo#1653371)
+    Heap overflow when processing an update file
+  * CVE-2020-15668 (bmo#1651520)
+    Data Race when reading certificate information
+  * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
+    bmo#1656957)
+    Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
+- requires
+  * NSPR 4.27
+  * NSS 3.55
+- added mozilla-system-nspr.patch (bmo#1661096)
+- exclude ga-IE locale as it's failing to build
+- rollback parallelize locale build because it breaks bookmarks
+  (boo#1167976)
+- preserve original default bookmark file during langpack build
+  (boo#1167976)
+- add some ccache output during build
+
+-------------------------------------------------------------------
+Thu Aug 20 13:07:33 UTC 2020 - Martin Liška <mliska@suse.cz>
+
+- Use new memoryperjob _constraints instead of %limit_build macro.
+
+-------------------------------------------------------------------
+Mon Aug 10 09:19:38 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- use ccache for build
+- replace versioned RPM deps with requires_ge
+- parallelize locale build
+
+-------------------------------------------------------------------
+Thu Aug  6 14:37:16 UTC 2020 - Yunhe Guo <i@guoyunhe.me>
+
+- Change *.appdata.xml location to latest AppStream standard
+
+-------------------------------------------------------------------
+Thu Jul 23 21:00:34 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 79.0
+  MFSA 2020-30 (bsc#1174538)
+  * CVE-2020-15652 (bmo#1634872)
+    Potential leak of redirect targets when loading scripts in a worker
+  * CVE-2020-6514 (bmo#1642792)
+    WebRTC data channel leaks internal address to peer
+  * CVE-2020-15655 (bmo#1645204)
+    Extension APIs could be used to bypass Same-Origin Policy
+  * CVE-2020-15653 (bmo#1521542)
+    Bypassing iframe sandbox when allowing popups
+  * CVE-2020-6463 (bmo#1635293)
+    Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
+  * CVE-2020-15656 (bmo#1647293)
+    Type confusion for special arguments in IonMonkey
+  * CVE-2020-15658 (bmo#1637745)
+    Overriding file type when saving to disk
+  * CVE-2020-15657 (bmo#1644954)
+    DLL hijacking due to incorrect loading path
+  * CVE-2020-15654 (bmo#1648333)
+    Custom cursor can overlay user interface
+  * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
+    bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
+    bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
+    Memory safety bugs fixed in Firefox 79
+- updated dependency requirements:
+  * mozilla-nspr >= 4.26
+  * mozilla-nss >= 3.54
+  * rust >= 1.43
+  * rust-cbindgen >= 0.14.3
+- removed obsolete patch
+  mozilla-bmo1463035.patch
+
+-------------------------------------------------------------------
+Tue Jul 21 21:31:20 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- fixed syntax issue in desktop file (boo#1174360)
+
+-------------------------------------------------------------------
+Fri Jul 17 15:07:45 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Add mozilla-libavcodec58_91.patch to link against updated
+  soversion of libavcodec (58.91) with ffmpeg >= 4.3.
+  (patch provided by Atri Bhattacharya <badshah400@gmail.com>
+- enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320)
+  (Plasma 5.19.3 is now in TW)
+
+-------------------------------------------------------------------
+Sat Jul 11 11:08:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 78.0.2
+  * Fixed an accessibility regression in reader mode (bmo#1650922)
+  * Made the address bar more resilient to data corruption in the
+    user profile (bmo#1649981)
+  * Fixed a regression opening certain external applications (bmo#1650162)
+  MFSA 2020-28
+  * CVE pending (bmo#1644076)
+    X-Frame-Options bypass using object or embed tags
+- added desktop file actions
+- do not use XINPUT2 for the moment until Plasma 5.19.3 has landed
+  (boo#1173993)
+- rework langpack integration (boo#1173991)
+  * ship XPIs instead of directories
+  * allow addon sideloading
+  * mark signatures for langpacks non-mandatory
+  * do not autodisable user profile scopes
+- Google API key is not usable for geolocation service
+- fix pipewire support for TW (boo#1172903)
+
+-------------------------------------------------------------------
+Wed Jul  1 07:15:02 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 78.0.1
+  * Fixed an issue which could cause installed search engines to not
+    be visible when upgrading from a previous release.
+- enable MOZ_USE_XINPUT2 for TW (boo#1173320)
+
+-------------------------------------------------------------------
+Sun Jun 28 07:17:13 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 78.0
   * startup notifications now using Gtk instead of libnotify
+  * PDF downloads now show an option to open the PDF directly in Firefox
+  * Protections Dashboard (about:protections)
+  * WebRTC not interrupted by screensaver anymore
+  * disabled TLS 1.0 and 1.1 by default
+  MFSA 2020-24 (bsc#1173576)
+  * CVE-2020-12415 (bmo#1586630)
+    AppCache manifest poisoning due to url encoded character processing
+  * CVE-2020-12416 (bmo#1639734)
+    Use-after-free in WebRTC VideoBroadcaster
+  * CVE-2020-12417 (bmo#1640737)
+    Memory corruption due to missing sign-extension for ValueTags
+    on ARM64
+  * CVE-2020-12418 (bmo#1641303)
+    Information disclosure due to manipulated URL object
+  * CVE-2020-12419 (bmo#1643874)
+    Use-after-free in nsGlobalWindowInner
+  * CVE-2020-12420 (bmo#1643437)
+    Use-After-Free when trying to connect to a STUN server
+  * CVE-2020-12402 (bmo#1631597)
+    RSA Key Generation vulnerable to side-channel attack
+  * CVE-2020-12421 (bmo#1308251)
+    Add-On updates did not respect the same certificate trust
+    rules as software updates
+  * CVE-2020-12422 (bmo#1450353)
+    Integer overflow in nsJPEGEncoder::emptyOutputBuffer
+  * CVE-2020-12423 (bmo#1642400)
+    DLL Hijacking due to searching %PATH% for a library
+  * CVE-2020-12424 (bmo#1562600)
+    WebRTC permission prompt could have been bypassed by a
+    compromised content process
+  * CVE-2020-12425 (bmo#1634738)
+    Out of bound read in Date.parse()
+  * CVE-2020-12426 (bmo#1608068, bmo#1609951, bmo#1631187, bmo#1637682)
+    Memory safety bugs fixed in Firefox 78
 - requires
-  * NSS >= 3.53
+  * NSS >= 3.53.1
   * nodejs >= 10.21
   * Gtk+3 >= 3.14
-- removed obsolete patch
+- removed obsolete patches
   * mozilla-s390-bigendian.patch
+  * mozilla-bmo1634646.patch
 - Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build
   WebRTC with pipewire support to enable screen sharing under
   Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3)
   appropriately (boo#1172903).
+- adding SLE12 compatibility in spec file
+- add patches for s390x
+  * mozilla-bmo1602730.patch (bmo#1602730)
+  * mozilla-bmo1626236.patch (bmo#1626236)
+  * mozilla-bmo998749.patch (bmo#998749)
+  * mozilla-s390x-skia-gradient.patch
+- update create-tar.sh
+- Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure
 
 -------------------------------------------------------------------
 Wed Jun 10 07:17:15 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
mozilla