diff -r 909f866430ee -r 1d5f5674df6c MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sun Jun 28 08:52:27 2020 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Wed Oct 07 13:48:57 2020 +0200 @@ -1,18 +1,270 @@ ------------------------------------------------------------------- -Wed Jun 17 07:51:25 UTC 2020 - Wolfgang Rosenauer - -- Mozilla Firefox 78.0b8 +Tue Sep 29 11:58:46 UTC 2020 - Wolfgang Rosenauer + +- try to remove python2 dependencies + +------------------------------------------------------------------- +Fri Sep 18 06:22:40 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 81.0 + * https://www.mozilla.org/en-US/firefox/81.0/releasenotes + MFSA 2020-42 (bsc#1176756) + * CVE-2020-15675 (bmo#1654211) + Use-After-Free in WebGL + * CVE-2020-15677 (bmo#1641487) + Download origin spoofing via redirect + * CVE-2020-15676 (bmo#1646140) + XSS when pasting attacker-controlled data into a + contenteditable element + * CVE-2020-15678 (bmo#1660211) + When recursing through layers while scrolling, an iterator + may have become invalid, resulting in a potential use-after- + free scenario + * CVE-2020-15673 (bmo#1648493, bmo#1660800) + Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 + * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293) + Memory safety bugs fixed in Firefox 81 +- requires + NSPR 4.28 + NSS 3.56 +- removed obsolete patches + * mozilla-system-nspr.patch + * mozilla-bmo1661715.patch + * mozilla-silence-no-return-type.patch +- skip post-build-checks for 15.0 and 15.1 +- add revert-795c8762b16b.patch to fix LTO builds with gcc + (related to bmo#1644409) +- require python3-curses as workaround to fix i586 build + +------------------------------------------------------------------- +Thu Sep 17 11:45:31 UTC 2020 - Guillaume GARDET + +- Use %limit_build macro again for aarch64 and armv7, instead of + the new memoryperjob _constraints to use more workers + +------------------------------------------------------------------- +Sat Sep 5 17:43:26 UTC 2020 - Wolfgang Rosenauer + +- add mozilla-bmo1661715.patch to fix Flash plugin + +------------------------------------------------------------------- +Wed Sep 2 17:11:19 UTC 2020 - Manfred Hollstein + +- Mozilla Firefox 80.0.1: Bug fixes: + * Fixed a performance regression when encountering new intermediate + CA certificates (bmo#1661543) + * Fixed crashes possibly related to GPU resets (bmo#1627616) + * Fixed rendering on some sites using WebGL (bmo#1659225) + * Fixed the zoom-in keyboard shortcut on Japanese language builds + (bmo#1661895) + * Fixed download issues related to extensions and cookies + (bmo#1655190) +- added mozilla-silence-no-return-type.patch + +------------------------------------------------------------------- +Tue Aug 25 19:30:15 UTC 2020 - Wolfgang Rosenauer + +- more whitelisting (/dev/random) for sandbox in relation to FIPS + (bsc#1174284) +- improve langpack builds to use dedicated objdirs and make it + parallel again + +------------------------------------------------------------------- +Sat Aug 22 06:52:01 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 80.0 + MFSA 2020-36 (bsc#1175686) + * CVE-2020-15663 (bmo#1643199) + Downgrade attack on the Mozilla Maintenance Service could + have resulted in escalation of privilege + * CVE-2020-15664 (bmo#1658214) + Attacker-induced prompt for extension installation + * CVE-2020-12401 (bmo#1631573) + Timing-attack on ECDSA signature generation + * CVE-2020-6829 (bmo#1631583) + P-384 and P-521 vulnerable to an electro-magnetic side + channel attack on signature generation + * CVE-2020-12400 (bmo#1623116) + P-384 and P-521 vulnerable to a side channel attack on + modular inversion + * CVE-2020-15665 (bmo#1651636) + Address bar not reset when choosing to stay on a page after + the beforeunload dialog is shown + * CVE-2020-15666 (bmo#1450853) + MediaError message property leaks cross-origin response + status + * CVE-2020-15667 (bmo#1653371) + Heap overflow when processing an update file + * CVE-2020-15668 (bmo#1651520) + Data Race when reading certificate information + * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, + bmo#1656957) + Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 +- requires + * NSPR 4.27 + * NSS 3.55 +- added mozilla-system-nspr.patch (bmo#1661096) +- exclude ga-IE locale as it's failing to build +- rollback parallelize locale build because it breaks bookmarks + (boo#1167976) +- preserve original default bookmark file during langpack build + (boo#1167976) +- add some ccache output during build + +------------------------------------------------------------------- +Thu Aug 20 13:07:33 UTC 2020 - Martin Liška + +- Use new memoryperjob _constraints instead of %limit_build macro. + +------------------------------------------------------------------- +Mon Aug 10 09:19:38 UTC 2020 - Wolfgang Rosenauer + +- use ccache for build +- replace versioned RPM deps with requires_ge +- parallelize locale build + +------------------------------------------------------------------- +Thu Aug 6 14:37:16 UTC 2020 - Yunhe Guo + +- Change *.appdata.xml location to latest AppStream standard + +------------------------------------------------------------------- +Thu Jul 23 21:00:34 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 79.0 + MFSA 2020-30 (bsc#1174538) + * CVE-2020-15652 (bmo#1634872) + Potential leak of redirect targets when loading scripts in a worker + * CVE-2020-6514 (bmo#1642792) + WebRTC data channel leaks internal address to peer + * CVE-2020-15655 (bmo#1645204) + Extension APIs could be used to bypass Same-Origin Policy + * CVE-2020-15653 (bmo#1521542) + Bypassing iframe sandbox when allowing popups + * CVE-2020-6463 (bmo#1635293) + Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture + * CVE-2020-15656 (bmo#1647293) + Type confusion for special arguments in IonMonkey + * CVE-2020-15658 (bmo#1637745) + Overriding file type when saving to disk + * CVE-2020-15657 (bmo#1644954) + DLL hijacking due to incorrect loading path + * CVE-2020-15654 (bmo#1648333) + Custom cursor can overlay user interface + * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856, + bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220, + bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678) + Memory safety bugs fixed in Firefox 79 +- updated dependency requirements: + * mozilla-nspr >= 4.26 + * mozilla-nss >= 3.54 + * rust >= 1.43 + * rust-cbindgen >= 0.14.3 +- removed obsolete patch + mozilla-bmo1463035.patch + +------------------------------------------------------------------- +Tue Jul 21 21:31:20 UTC 2020 - Wolfgang Rosenauer + +- fixed syntax issue in desktop file (boo#1174360) + +------------------------------------------------------------------- +Fri Jul 17 15:07:45 UTC 2020 - Wolfgang Rosenauer + +- Add mozilla-libavcodec58_91.patch to link against updated + soversion of libavcodec (58.91) with ffmpeg >= 4.3. + (patch provided by Atri Bhattacharya +- enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320) + (Plasma 5.19.3 is now in TW) + +------------------------------------------------------------------- +Sat Jul 11 11:08:06 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 78.0.2 + * Fixed an accessibility regression in reader mode (bmo#1650922) + * Made the address bar more resilient to data corruption in the + user profile (bmo#1649981) + * Fixed a regression opening certain external applications (bmo#1650162) + MFSA 2020-28 + * CVE pending (bmo#1644076) + X-Frame-Options bypass using object or embed tags +- added desktop file actions +- do not use XINPUT2 for the moment until Plasma 5.19.3 has landed + (boo#1173993) +- rework langpack integration (boo#1173991) + * ship XPIs instead of directories + * allow addon sideloading + * mark signatures for langpacks non-mandatory + * do not autodisable user profile scopes +- Google API key is not usable for geolocation service +- fix pipewire support for TW (boo#1172903) + +------------------------------------------------------------------- +Wed Jul 1 07:15:02 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 78.0.1 + * Fixed an issue which could cause installed search engines to not + be visible when upgrading from a previous release. +- enable MOZ_USE_XINPUT2 for TW (boo#1173320) + +------------------------------------------------------------------- +Sun Jun 28 07:17:13 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 78.0 * startup notifications now using Gtk instead of libnotify + * PDF downloads now show an option to open the PDF directly in Firefox + * Protections Dashboard (about:protections) + * WebRTC not interrupted by screensaver anymore + * disabled TLS 1.0 and 1.1 by default + MFSA 2020-24 (bsc#1173576) + * CVE-2020-12415 (bmo#1586630) + AppCache manifest poisoning due to url encoded character processing + * CVE-2020-12416 (bmo#1639734) + Use-after-free in WebRTC VideoBroadcaster + * CVE-2020-12417 (bmo#1640737) + Memory corruption due to missing sign-extension for ValueTags + on ARM64 + * CVE-2020-12418 (bmo#1641303) + Information disclosure due to manipulated URL object + * CVE-2020-12419 (bmo#1643874) + Use-after-free in nsGlobalWindowInner + * CVE-2020-12420 (bmo#1643437) + Use-After-Free when trying to connect to a STUN server + * CVE-2020-12402 (bmo#1631597) + RSA Key Generation vulnerable to side-channel attack + * CVE-2020-12421 (bmo#1308251) + Add-On updates did not respect the same certificate trust + rules as software updates + * CVE-2020-12422 (bmo#1450353) + Integer overflow in nsJPEGEncoder::emptyOutputBuffer + * CVE-2020-12423 (bmo#1642400) + DLL Hijacking due to searching %PATH% for a library + * CVE-2020-12424 (bmo#1562600) + WebRTC permission prompt could have been bypassed by a + compromised content process + * CVE-2020-12425 (bmo#1634738) + Out of bound read in Date.parse() + * CVE-2020-12426 (bmo#1608068, bmo#1609951, bmo#1631187, bmo#1637682) + Memory safety bugs fixed in Firefox 78 - requires - * NSS >= 3.53 + * NSS >= 3.53.1 * nodejs >= 10.21 * Gtk+3 >= 3.14 -- removed obsolete patch +- removed obsolete patches * mozilla-s390-bigendian.patch + * mozilla-bmo1634646.patch - Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build WebRTC with pipewire support to enable screen sharing under Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3) appropriately (boo#1172903). +- adding SLE12 compatibility in spec file +- add patches for s390x + * mozilla-bmo1602730.patch (bmo#1602730) + * mozilla-bmo1626236.patch (bmo#1626236) + * mozilla-bmo998749.patch (bmo#998749) + * mozilla-s390x-skia-gradient.patch +- update create-tar.sh +- Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure ------------------------------------------------------------------- Wed Jun 10 07:17:15 UTC 2020 - Guillaume GARDET