--- a/MozillaFirefox/MozillaFirefox.changes Sat Jan 08 10:41:19 2022 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Sat Feb 05 15:04:53 2022 +0100
@@ -1,4 +1,107 @@
-------------------------------------------------------------------
+Sun Jan 30 23:58:34 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- disable ccache, this adds about 1 minute of build time and
+ over 2 GB of disk space usage without benefit on OBS builds
+- build with rust-simd like upstream does
+- use -g1 for debuginfo generation as this is what upstream
+ does as well and it saves ~ 2GB of writes
+- use %limit on x86_64 to scale down to less capable workers
+- disable install stripping so that debuginfo is useful
+- use autopatch
+- cleanup constraints to specify only jobs, physicalmemory
+ and memoryperjob to be more flexible on which host to build
+ on
+
+-------------------------------------------------------------------
+Fri Jan 28 15:26:45 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 96.0.3 (bsc#1195230)
+ * Fixed an issue that allowed unexpected data to be submitted in
+ some of our search telemetry (bmo#1752317)
+
+-------------------------------------------------------------------
+Mon Jan 24 07:42:03 UTC 2022 - Martin Liška <mliska@suse.cz>
+
+- Enable -fimplicit-constexpr for GCC 12+.
+
+-------------------------------------------------------------------
+Thu Jan 20 23:21:44 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 96.0.2
+ * Fix an issue that caused tab height to display inconsistently
+ on Linux when audio was played (bmo#1714276)
+ * Fix an issue that caused Lastpass dropdowns to appear blank in
+ Private Browsing mode (bmo#1748158)
+ * Fix a crash encountered when resizing a Facebook app
+ (bmo#1746084)
+
+-------------------------------------------------------------------
+Fri Jan 14 16:56:42 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 96.0.1
+ * Fixed: Improvements to make the parsing of content-length
+ headers more robust (bmo#1749957, boo#1194677)
+
+-------------------------------------------------------------------
+Sat Jan 8 10:32:46 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 96.0
+ * https://www.mozilla.org/en-US/firefox/96.0/releasenotes
+ MFSA 2022-01 (bsc#1194547)
+ * CVE-2022-22746 (bmo#1735071)
+ Calling into reportValidity could have lead to fullscreen
+ window spoof
+ * CVE-2022-22743 (bmo#1739220)
+ Browser window spoof using fullscreen mode
+ * CVE-2022-22742 (bmo#1739923)
+ Out-of-bounds memory access when inserting text in edit mode
+ * CVE-2022-22741 (bmo#1740389)
+ Browser window spoof using fullscreen mode
+ * CVE-2022-22740 (bmo#1742334)
+ Use-after-free of ChannelEventQueue::mOwner
+ * CVE-2022-22738 (bmo#1742382)
+ Heap-buffer-overflow in blendGaussianBlur
+ * CVE-2022-22737 (bmo#1745874)
+ Race condition when playing audio files
+ * CVE-2021-4140 (bmo#1746720)
+ Iframe sandbox bypass with XSLT
+ * CVE-2022-22750 (bmo#1566608)
+ IPC passing of resource handles could have lead to sandbox
+ bypass
+ * CVE-2022-22749 (bmo#1705094)
+ Lack of URL restrictions when scanning QR codes
+ * CVE-2022-22748 (bmo#1705211)
+ Spoofed origin on external protocol launch dialog
+ * CVE-2022-22745 (bmo#1735856)
+ Leaking cross-origin URLs through securitypolicyviolation
+ event
+ * CVE-2022-22744 (bmo#1737252)
+ The 'Copy as curl' feature in DevTools did not fully escape
+ website-controlled data, potentially leading to command
+ injection
+ * CVE-2022-22747 (bmo#1735028)
+ Crash when handling empty pkcs7 sequence
+ * CVE-2022-22736 (bmo#1742692)
+ Potential local privilege escalation when loading modules
+ from the install directory.
+ * CVE-2022-22739 (bmo#1744158)
+ Missing throttling on external protocol launch dialog
+ * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366,
+ bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869,
+ bmo#1743221, bmo#1743515, bmo#1745373, bmo#1746011)
+ Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
+ * CVE-2022-22752 (bmo#1740534, bmo#1741210, bmo#1742770)
+ Memory safety bugs fixed in Firefox 96
+- removed obsolete patches
+ * mozilla-bmo1745560.patch
+ * mozilla-bmo1744896.patch
+ * mozilla-sandbox-fips.patch
+- requires
+ NSPR >= 4.33
+ NSS >= 3.73.1
+
+-------------------------------------------------------------------
Tue Dec 28 17:45:28 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
- Add upstream patches: