diff -r 71a92b4d0527 -r b8c834aafde2 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Thu Jan 28 23:39:24 2021 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Wed Mar 17 12:24:14 2021 +0100 @@ -1,4 +1,108 @@ ------------------------------------------------------------------- +Wed Mar 17 09:18:35 UTC 2021 - Wolfgang Rosenauer + +- Mozilla Firefox 87.0 +- requires NSS 3.62 +- removed obsolete BigEndian ICU build workaround + +------------------------------------------------------------------- +Tue Mar 16 14:26:35 UTC 2021 - Martin Liška + +- Set memory limits for DWZ to 4x. + +------------------------------------------------------------------- +Sat Mar 13 08:23:06 UTC 2021 - Andreas Stieger + +- Mozilla Firefox 86.0.1 + * Fixed: Fixed an issue on Apple Silicon machines that caused + Firefox to be unresponsive after system sleep (bmo#1682713) + * Fixed: Fixed an issue causing windows to gain or lose focus + unexpectedly (bmo#1694927) + * Fixed: Fixed truncation of date and time widgets due to + incorrect width calculation (bmo#1695578) + * Fixed: Fixed an issue causing unexpected behavior with + extensions managing tab groups (bmo#1694699) + * Fixed: Fixed a frequent Linux crash on browser launch + (bmo#1694670) + +------------------------------------------------------------------- +Sun Feb 21 18:14:12 UTC 2021 - Wolfgang Rosenauer + +- Mozilla Firefox 86.0 + * requires NSS >= 3.61 + * requires rust-cbindgen >= 0.16.0 + * Firefox now supports simultaneously watching multiple videos in + Picture-in-Picture. + * Total Cookie Protection to Strict Mode + * https://www.mozilla.org/en-US/firefox/86.0/releasenotes + MSFA 2021-07 (bsc#1182614) + * CVE-2021-23969 (bmo#1542194) + Content Security Policy violation report could have contained + the destination of a redirect + * CVE-2021-23970 (bmo#1681724) + Multithreaded WASM triggered assertions validating separation + of script domains + * CVE-2021-23968 (bmo#1687342) + Content Security Policy violation report could have contained + the destination of a redirect + * CVE-2021-23974 (bmo#1528997, bmo#1683627) + noscript elements could have led to an HTML Sanitizer bypass + * CVE-2021-23971 (bmo#1678545) + A website's Referrer-Policy could have been be overridden, + potentially resulting in the full URL being sent as a Referrer + * CVE-2021-23976 (bmo#1684627) + Local spoofing of web manifests for arbitrary pages in + Firefox for Android + * CVE-2021-23977 (bmo#1684761) + Malicious application could read sensitive data from Firefox + for Android's application directories + * CVE-2021-23972 (bmo#1683536) + HTTP Auth phishing warning was omitted when a redirect is + cached + * CVE-2021-23975 (bmo#1685145) + about:memory Measure function caused an incorrect pointer + operation + * CVE-2021-23973 (bmo#1690976) + MediaError message property could have leaked information + about cross-origin resources + * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797) + Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 + * CVE-2021-23979 (bmo#1663222, bmo#1666607, bmo#1672120, bmo#1678463, + bmo#1678927, bmo#1679560, bmo#1681297, bmo#1681684, bmo#1683490, + bmo#1684377, bmo#1684902) + Memory safety bugs fixed in Firefox 86 +- updated create-tar.sh (bsc#1182357) +- removed obsolete mozilla-bmo1554971.patch +- remove buildsymbols subpackage + * we haven't done anything with it for years + * mozilla is collecting those from our debuginfo packages + * would require a local dump_syms tool + +------------------------------------------------------------------- +Wed Feb 17 18:40:41 UTC 2021 - Andreas Stieger + +- Mozilla Firefox 85.0.2 + * Fixed: Fixed a deadlock during startup (bmo#1679933) + +------------------------------------------------------------------- +Wed Feb 17 11:19:01 UTC 2021 - Michel Normand + +- Use %limit_build macros for PowerPC to avoid oom build failure + +------------------------------------------------------------------- +Tue Feb 9 09:05:26 UTC 2021 - Andreas Stieger + +- Mozilla Firefox 85.0.1 + MFSA 2021-06 (bsc#1181848) + * MOZ-2021-0001 (bmo#1676636) + Buffer overflow in depth pitch calculations for compressed + textures + * Fixed: Avoid printing an extra blank page at the end of some + documents (bmo#1689789). + * Fixed: Fixed a browser crash in case of unexpected Cache API + state (bmo#1684838). + +------------------------------------------------------------------- Sun Jan 24 11:53:58 UTC 2021 - Wolfgang Rosenauer - Mozilla Firefox 85.0