diff -r ba0c97b018a6 -r 2a24a948b5cf MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Jun 05 21:17:55 2023 +0200 +++ b/MozillaFirefox/MozillaFirefox.changes Sat Jul 29 14:34:45 2023 +0200 @@ -1,4 +1,239 @@ ------------------------------------------------------------------- +Fri Jul 28 20:56:00 UTC 2023 - Andreas Stieger + +- Mozilla Firefox 115.0.3 + * fixes for other platforms +- remove bashisms from firefox startup script (boo#1213657) + +------------------------------------------------------------------- +Thu Jul 13 13:30:20 UTC 2023 - Wolfgang Rosenauer + +- Mozilla Firefox 115.0.2 + * Fixed a bug with displaying a caret in the text editor on some websites + (bmo#1840804) + * Fixed a bug with broken audio rendering on some websites (bmo#1841982) + * Fixed a bug with patternTransform translate using the wrong units + (bmo#1840746) + MFSA 2023-26 (bsc#1213230) + * CVE-2023-3600 (bmo#1839703) + Use-after-free in workers + +------------------------------------------------------------------- +Fri Jul 7 19:39:30 UTC 2023 - Andreas Stieger + +- Mozilla Firefox 115.0.1 + * fixes for other platforms + +------------------------------------------------------------------- +Sun Jul 2 16:00:53 UTC 2023 - Wolfgang Rosenauer + +- Mozilla Firefox 115.0 + * Support for importing payment methods saved in Chrome-based browser + * Hardware video decoding is now enabled for Intel GPUs on Linux + * The Tab Manager dropdown now features close buttons, so tabs + can be closed more quickly + * Streamlined the user interface for importing data in from other browsers + * Users without platform support for H264 video decoding can now + fallback to Cisco's OpenH264 plugin for playback. + * Undo and redo are now available in Password fields + * Changed: On Linux, middle clicks on the new tab button will + now open the xclipboard contents in the new tab. If the + xclipboard content is a URL then that URL is opened, any + other text is opened with your default search provider. + * Changed: For users with a Firefox Colorways built-in theme, + the theme will be automatically migrated to the same theme + hosted on addons.mozilla.org for Firefox profiles that have + disabled add-ons auto-updates. This will allow users to keep + their Colorways theme when they are later removed from + Firefox installer files. + * Changed: Certain Firefox users may come across a message in + the extensions panel indicating that their add-ons are not + allowed on the site currently open. We have introduced a new + back-end feature to only allow some extensions monitored by + Mozilla to run on specific websites for various reasons, + including security concerns. + * HTML5: The builtin editor now behaves similarly to other + browsers with `contenteditable` and `designMode` when + splitting a node, e.g. typing Enter to split a paragraph, and + also when joining two nodes, e.g. typing Backspace at the + start of a paragraph to join the paragraph and the previous + one. + When a node is split, the builtin editor creates a new node + after the original one instead of before, i.e. creates the + right node instead of the left node. + Similarly, when two nodes are joined, the builtin editor + deletes the latter node and moves its children to the end of + the preceding node instead of deleting the former node and + moving its child to the start of the following node. + * HTML5: WebRTC application developers can now specify a target + in milliseconds of media for the jitter buffer to hold. + Altering the target value allows applications to control the + tradeoff between playout delay and the risk of running out of + audio or video frames due to network jitter. + * HTML5: Change array by copy provides additional methods on + `Array.prototype` and `TypedArray.prototype` to enable + changes on the array by returning a new copy of it with the + change. + * HTML5: The animation-composition property is now supported, + allowing a declarative way to define the composite operation + used when multiple animations affect the same property + simultaneously. + * HTML5: Added the URL.canParse() function to allow easy and + fast checking if URLs are valid and parseable. + * HTML5: IndexedDB is now also supported in private browsing + without memory limits thanks to encrypted storage on disk. + The temporary keys to decrypt the information are hold in RAM + only and all stored information is purged at the normal end + of a private browsing session from disk. + * HTML5: Supports conditions are now supported in CSS import + rules @import supports(...) + * Developer: In web development, we rely on third-party + libraries which you may not be interested in while debugging. + These can be ignored. Ignoring them means that breakpoints + will not get hit and they are skipped during stepping. + You can now choose to **Hide ignore-listed sources** in the + Developer Tools source tree + * Developer: We have introduced a new option, + `devtools.f12_enabled`, that can be utilized to prevent the + accidental use of the F12 key, which opens the DevTools + toolbox (bug). + * Enterprise: You can find information about policy updates and + enterprise specific bug fixes in the Firefox for Enterprise + 115 Release Notes. + MFSA 2023-22 (bsc#1212438) + * CVE-2023-3482 (bmo#1839464) + Block all cookies bypass for localstorage + * CVE-2023-37201 (bmo#1826002) + Use-after-free in WebRTC certificate generation + * CVE-2023-37202 (bmo#1834711) + Potential use-after-free from compartment mismatch in SpiderMonkey + * CVE-2023-37203 (bmo#291640) + Drag and Drop API may provide access to local system files + * CVE-2023-37204 (bmo#1832195) + Fullscreen notification obscured via option element + * CVE-2023-37205 (bmo#1704420) + URL spoofing in address bar using RTL characters + * CVE-2023-37206 (bmo#1813299) + Insufficient validation of symlinks in the FileSystem API + * CVE-2023-37207 (bmo#1816287) + Fullscreen notification obscured + * CVE-2023-37208 (bmo#1837675) + Lack of warning when opening Diagcab files + * CVE-2023-37209 (bmo#1837993) + Use-after-free in `NotifyOnHistoryReload` + * CVE-2023-37210 (bmo#1821886) + Full-screen mode exit prevention + * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886, + bmo#1836550, bmo#1837450) + Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, + and Thunderbird 102.13 + * CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206, bmo#1827076, + bmo#1828690, bmo#1833503, bmo#1835710, bmo#1838587) + Memory safety bugs fixed in Firefox 115 +- Requires NSS 3.90 +- Add patches: + mozilla-rust-disable-future-incompat.patch + mozilla-bmo1775202.patch + mozilla-partial-revert-1768632.patch +- removed obsolete mozilla-buildfixes.patch + +------------------------------------------------------------------- +Tue Jun 20 19:49:51 UTC 2023 - Andreas Stieger + +- Mozilla Firefox 114.0.2: + * Several crash fixes + * Web Extensions: Fixes for 114 regressions in Native Messaging + support + +------------------------------------------------------------------- +Tue Jun 20 06:30:02 UTC 2023 - Wolfgang Rosenauer + +- do not enable LTO as it caused crashes now (boo#1212101) + +------------------------------------------------------------------- +Sat Jun 10 14:48:07 UTC 2023 - Andreas Stieger + +- Mozilla Firefox 114.0.1 + * Fix a startup crash (bmo#1837201, boo#1212101) + +------------------------------------------------------------------- +Fri Jun 9 11:05:47 UTC 2023 - Martin Sirringhaus + +- Only install vaapitest for wayland-enabled builds, where it gets built +- Rebase mozilla-silence-no-return-type.patch +- Rebase s390x-patches, and remove obsolete patches: + mozilla-bmo1005535.patch mozilla-s390x-skia-gradient.patch + +------------------------------------------------------------------- +Mon Jun 5 21:22:19 UTC 2023 - Wolfgang Rosenauer + +- Mozilla Firefox 114.0 + MFSA 2023-20 (bsc#1211922) + * CVE-2023-34414 (bmo#1695986) + Click-jacking certificate exceptions through rendering lag + * CVE-2023-34415 (bmo#1811999) + Site-isolation bypass on sites that allow open redirects to + data: urls + * CVE-2023-34416 (bmo#1752703, bmo#1818394, bmo#1826875, + bmo#1827340, bmo#1827655, bmo#1828065, bmo#1830190, + bmo#1830206, bmo#1830795, bmo#1833339) + Memory safety bugs fixed in Firefox 114 and Firefox ESR + 102.12 + * CVE-2023-34417 (bmo#1746447, bmo#1820903, bmo#1832832) + Memory safety bugs fixed in Firefox 114 + * New: Added UI to manage the DNS over HTTPS exception list. + (bmo#1596847) + * New: Bookmarks can now be searched from the Bookmarks menu. + The Bookmarks menu is accessible by adding the *Bookmarks + menu* button to the toolbar. (bmo#1736937) + * New: Restrict searches to your local browsing history by + selecting *Search history* from the History, Library or + Application menu buttons. (bmo#1736939) + * New: Mac users can now capture video from their cameras in + all supported native resolutions. This enables resolutions + higher than 1280x720. (bmo#1806604) + * New: It is now possible to reorder the extensions listed in + the extensions panel. (bmo#1805924) + * New: Users on macOS, Linux, and Windows 7 can now use FIDO2 / + WebAuthn authenticators over USB. Some advanced features, + such as fully passwordless logins, require a PIN to be set on + the authenticator. (bmo#1814487) + * New: Pocket Recommended content can now be seen in France, + Italy, and Spain. (bmo#None) + * Changed: DNS over HTTPS settings are now part of the + *Privacy & Security* section of the *Settings* page and allow + the user to choose from all the supported modes. + (bmo#1610741) + * HTML5: DOM: Added support for ES Modules on DedicatedWorker + and SharedWorker + * HTML5: WebTransport is now enabled by default and will be + going to release with 114. As the original Explainer notes, + it enables multiple use-cases that are hard or impossible to + handle without it, especially for Gaming and live streaming. + It covers cases that are problematic for alternative + mechanisms, such as WebSockets. + Built on top of HTTP3 (HTTP2 support will be coming later). + The current implementation in Firefox is passing 505 out of + 565 Web-Platform Tests. + * HTML5: CSS: The `infinity` and `NaN` constants are now + supported inside the `calc()` function. (bmo#1830759) + * Developer: The *Copy as cURL* feature, available in the + Network panel, has been enhanced. It now supports the + -`-compressed` argument. (bmo#1776120) + * Developer: The Accessibility Inspector has been improved to + accurately recognize all the ARIA roles like `banner`, + `main`, `navigation`, and `contentinfo`, etc. This + enhancement is particularly beneficial for web developers + working with ARIA roles to improve web accessibility. + (bmo#1572512) + * Developer: Firefox now provides support for the CSS Cascading + Level 4 `supports()` syntax for `@import` rules. This allows + for the importation of other stylesheets based on support- + dependency. In addition, the Inspector panel now accurately + displays the conditions at the top of the imported rule. +- requires NSS 3.89.1 + +------------------------------------------------------------------- Wed May 24 19:26:35 UTC 2023 - Andreas Stieger - Mozilla Firefox 113.0.2 (boo#1211696)