--- a/MozillaFirefox/MozillaFirefox.changes Sun Jun 28 08:52:27 2020 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes Wed Oct 07 13:48:57 2020 +0200
@@ -1,18 +1,270 @@
-------------------------------------------------------------------
-Wed Jun 17 07:51:25 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
-
-- Mozilla Firefox 78.0b8
+Tue Sep 29 11:58:46 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- try to remove python2 dependencies
+
+-------------------------------------------------------------------
+Fri Sep 18 06:22:40 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 81.0
+ * https://www.mozilla.org/en-US/firefox/81.0/releasenotes
+ MFSA 2020-42 (bsc#1176756)
+ * CVE-2020-15675 (bmo#1654211)
+ Use-After-Free in WebGL
+ * CVE-2020-15677 (bmo#1641487)
+ Download origin spoofing via redirect
+ * CVE-2020-15676 (bmo#1646140)
+ XSS when pasting attacker-controlled data into a
+ contenteditable element
+ * CVE-2020-15678 (bmo#1660211)
+ When recursing through layers while scrolling, an iterator
+ may have become invalid, resulting in a potential use-after-
+ free scenario
+ * CVE-2020-15673 (bmo#1648493, bmo#1660800)
+ Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
+ * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293)
+ Memory safety bugs fixed in Firefox 81
+- requires
+ NSPR 4.28
+ NSS 3.56
+- removed obsolete patches
+ * mozilla-system-nspr.patch
+ * mozilla-bmo1661715.patch
+ * mozilla-silence-no-return-type.patch
+- skip post-build-checks for 15.0 and 15.1
+- add revert-795c8762b16b.patch to fix LTO builds with gcc
+ (related to bmo#1644409)
+- require python3-curses as workaround to fix i586 build
+
+-------------------------------------------------------------------
+Thu Sep 17 11:45:31 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Use %limit_build macro again for aarch64 and armv7, instead of
+ the new memoryperjob _constraints to use more workers
+
+-------------------------------------------------------------------
+Sat Sep 5 17:43:26 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- add mozilla-bmo1661715.patch to fix Flash plugin
+
+-------------------------------------------------------------------
+Wed Sep 2 17:11:19 UTC 2020 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 80.0.1: Bug fixes:
+ * Fixed a performance regression when encountering new intermediate
+ CA certificates (bmo#1661543)
+ * Fixed crashes possibly related to GPU resets (bmo#1627616)
+ * Fixed rendering on some sites using WebGL (bmo#1659225)
+ * Fixed the zoom-in keyboard shortcut on Japanese language builds
+ (bmo#1661895)
+ * Fixed download issues related to extensions and cookies
+ (bmo#1655190)
+- added mozilla-silence-no-return-type.patch
+
+-------------------------------------------------------------------
+Tue Aug 25 19:30:15 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- more whitelisting (/dev/random) for sandbox in relation to FIPS
+ (bsc#1174284)
+- improve langpack builds to use dedicated objdirs and make it
+ parallel again
+
+-------------------------------------------------------------------
+Sat Aug 22 06:52:01 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 80.0
+ MFSA 2020-36 (bsc#1175686)
+ * CVE-2020-15663 (bmo#1643199)
+ Downgrade attack on the Mozilla Maintenance Service could
+ have resulted in escalation of privilege
+ * CVE-2020-15664 (bmo#1658214)
+ Attacker-induced prompt for extension installation
+ * CVE-2020-12401 (bmo#1631573)
+ Timing-attack on ECDSA signature generation
+ * CVE-2020-6829 (bmo#1631583)
+ P-384 and P-521 vulnerable to an electro-magnetic side
+ channel attack on signature generation
+ * CVE-2020-12400 (bmo#1623116)
+ P-384 and P-521 vulnerable to a side channel attack on
+ modular inversion
+ * CVE-2020-15665 (bmo#1651636)
+ Address bar not reset when choosing to stay on a page after
+ the beforeunload dialog is shown
+ * CVE-2020-15666 (bmo#1450853)
+ MediaError message property leaks cross-origin response
+ status
+ * CVE-2020-15667 (bmo#1653371)
+ Heap overflow when processing an update file
+ * CVE-2020-15668 (bmo#1651520)
+ Data Race when reading certificate information
+ * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
+ bmo#1656957)
+ Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
+- requires
+ * NSPR 4.27
+ * NSS 3.55
+- added mozilla-system-nspr.patch (bmo#1661096)
+- exclude ga-IE locale as it's failing to build
+- rollback parallelize locale build because it breaks bookmarks
+ (boo#1167976)
+- preserve original default bookmark file during langpack build
+ (boo#1167976)
+- add some ccache output during build
+
+-------------------------------------------------------------------
+Thu Aug 20 13:07:33 UTC 2020 - Martin Liška <mliska@suse.cz>
+
+- Use new memoryperjob _constraints instead of %limit_build macro.
+
+-------------------------------------------------------------------
+Mon Aug 10 09:19:38 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- use ccache for build
+- replace versioned RPM deps with requires_ge
+- parallelize locale build
+
+-------------------------------------------------------------------
+Thu Aug 6 14:37:16 UTC 2020 - Yunhe Guo <i@guoyunhe.me>
+
+- Change *.appdata.xml location to latest AppStream standard
+
+-------------------------------------------------------------------
+Thu Jul 23 21:00:34 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 79.0
+ MFSA 2020-30 (bsc#1174538)
+ * CVE-2020-15652 (bmo#1634872)
+ Potential leak of redirect targets when loading scripts in a worker
+ * CVE-2020-6514 (bmo#1642792)
+ WebRTC data channel leaks internal address to peer
+ * CVE-2020-15655 (bmo#1645204)
+ Extension APIs could be used to bypass Same-Origin Policy
+ * CVE-2020-15653 (bmo#1521542)
+ Bypassing iframe sandbox when allowing popups
+ * CVE-2020-6463 (bmo#1635293)
+ Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
+ * CVE-2020-15656 (bmo#1647293)
+ Type confusion for special arguments in IonMonkey
+ * CVE-2020-15658 (bmo#1637745)
+ Overriding file type when saving to disk
+ * CVE-2020-15657 (bmo#1644954)
+ DLL hijacking due to incorrect loading path
+ * CVE-2020-15654 (bmo#1648333)
+ Custom cursor can overlay user interface
+ * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
+ bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
+ bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
+ Memory safety bugs fixed in Firefox 79
+- updated dependency requirements:
+ * mozilla-nspr >= 4.26
+ * mozilla-nss >= 3.54
+ * rust >= 1.43
+ * rust-cbindgen >= 0.14.3
+- removed obsolete patch
+ mozilla-bmo1463035.patch
+
+-------------------------------------------------------------------
+Tue Jul 21 21:31:20 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- fixed syntax issue in desktop file (boo#1174360)
+
+-------------------------------------------------------------------
+Fri Jul 17 15:07:45 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Add mozilla-libavcodec58_91.patch to link against updated
+ soversion of libavcodec (58.91) with ffmpeg >= 4.3.
+ (patch provided by Atri Bhattacharya <badshah400@gmail.com>
+- enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320)
+ (Plasma 5.19.3 is now in TW)
+
+-------------------------------------------------------------------
+Sat Jul 11 11:08:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 78.0.2
+ * Fixed an accessibility regression in reader mode (bmo#1650922)
+ * Made the address bar more resilient to data corruption in the
+ user profile (bmo#1649981)
+ * Fixed a regression opening certain external applications (bmo#1650162)
+ MFSA 2020-28
+ * CVE pending (bmo#1644076)
+ X-Frame-Options bypass using object or embed tags
+- added desktop file actions
+- do not use XINPUT2 for the moment until Plasma 5.19.3 has landed
+ (boo#1173993)
+- rework langpack integration (boo#1173991)
+ * ship XPIs instead of directories
+ * allow addon sideloading
+ * mark signatures for langpacks non-mandatory
+ * do not autodisable user profile scopes
+- Google API key is not usable for geolocation service
+- fix pipewire support for TW (boo#1172903)
+
+-------------------------------------------------------------------
+Wed Jul 1 07:15:02 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 78.0.1
+ * Fixed an issue which could cause installed search engines to not
+ be visible when upgrading from a previous release.
+- enable MOZ_USE_XINPUT2 for TW (boo#1173320)
+
+-------------------------------------------------------------------
+Sun Jun 28 07:17:13 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 78.0
* startup notifications now using Gtk instead of libnotify
+ * PDF downloads now show an option to open the PDF directly in Firefox
+ * Protections Dashboard (about:protections)
+ * WebRTC not interrupted by screensaver anymore
+ * disabled TLS 1.0 and 1.1 by default
+ MFSA 2020-24 (bsc#1173576)
+ * CVE-2020-12415 (bmo#1586630)
+ AppCache manifest poisoning due to url encoded character processing
+ * CVE-2020-12416 (bmo#1639734)
+ Use-after-free in WebRTC VideoBroadcaster
+ * CVE-2020-12417 (bmo#1640737)
+ Memory corruption due to missing sign-extension for ValueTags
+ on ARM64
+ * CVE-2020-12418 (bmo#1641303)
+ Information disclosure due to manipulated URL object
+ * CVE-2020-12419 (bmo#1643874)
+ Use-after-free in nsGlobalWindowInner
+ * CVE-2020-12420 (bmo#1643437)
+ Use-After-Free when trying to connect to a STUN server
+ * CVE-2020-12402 (bmo#1631597)
+ RSA Key Generation vulnerable to side-channel attack
+ * CVE-2020-12421 (bmo#1308251)
+ Add-On updates did not respect the same certificate trust
+ rules as software updates
+ * CVE-2020-12422 (bmo#1450353)
+ Integer overflow in nsJPEGEncoder::emptyOutputBuffer
+ * CVE-2020-12423 (bmo#1642400)
+ DLL Hijacking due to searching %PATH% for a library
+ * CVE-2020-12424 (bmo#1562600)
+ WebRTC permission prompt could have been bypassed by a
+ compromised content process
+ * CVE-2020-12425 (bmo#1634738)
+ Out of bound read in Date.parse()
+ * CVE-2020-12426 (bmo#1608068, bmo#1609951, bmo#1631187, bmo#1637682)
+ Memory safety bugs fixed in Firefox 78
- requires
- * NSS >= 3.53
+ * NSS >= 3.53.1
* nodejs >= 10.21
* Gtk+3 >= 3.14
-- removed obsolete patch
+- removed obsolete patches
* mozilla-s390-bigendian.patch
+ * mozilla-bmo1634646.patch
- Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build
WebRTC with pipewire support to enable screen sharing under
Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3)
appropriately (boo#1172903).
+- adding SLE12 compatibility in spec file
+- add patches for s390x
+ * mozilla-bmo1602730.patch (bmo#1602730)
+ * mozilla-bmo1626236.patch (bmo#1626236)
+ * mozilla-bmo998749.patch (bmo#998749)
+ * mozilla-s390x-skia-gradient.patch
+- update create-tar.sh
+- Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure
-------------------------------------------------------------------
Wed Jun 10 07:17:15 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>