MozillaFirefox/MozillaFirefox.changes
author Wolfgang Rosenauer <wr@rosenauer.org>
Wed, 30 Sep 2020 09:49:14 +0200
branchfirefox81
changeset 1145 fbfd8f7cbd53
parent 1144 8a43aff7e982
child 1147 e81381ea5f3d
permissions -rw-r--r--
FF 81 final + remove python2 deps
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1108
33b03cfb3747 bugfixes, improvements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1107
diff changeset
     1
-------------------------------------------------------------------
1145
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
     2
Tue Sep 29 11:58:46 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
     3
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
     4
- try to remove python2 dependencies
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
     5
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
     6
-------------------------------------------------------------------
1144
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1143
diff changeset
     7
Fri Sep 18 06:22:40 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1143
diff changeset
     8
1145
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
     9
- Mozilla Firefox 81.0
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    10
  * https://www.mozilla.org/en-US/firefox/81.0/releasenotes
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    11
  MFSA 2020-42 (bsc#1176756)
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    12
  * CVE-2020-15675 (bmo#1654211)
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    13
    Use-After-Free in WebGL
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    14
  * CVE-2020-15677 (bmo#1641487)
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    15
    Download origin spoofing via redirect
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    16
  * CVE-2020-15676 (bmo#1646140)
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    17
    XSS when pasting attacker-controlled data into a
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    18
    contenteditable element
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    19
  * CVE-2020-15678 (bmo#1660211)
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    20
    When recursing through layers while scrolling, an iterator
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    21
    may have become invalid, resulting in a potential use-after-
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    22
    free scenario
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    23
  * CVE-2020-15673 (bmo#1648493, bmo#1660800)
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    24
    Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    25
  * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293)
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    26
    Memory safety bugs fixed in Firefox 81
1144
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1143
diff changeset
    27
- requires
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1143
diff changeset
    28
  NSPR 4.28
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1143
diff changeset
    29
  NSS 3.56
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1143
diff changeset
    30
- removed obsolete patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1143
diff changeset
    31
  * mozilla-system-nspr.patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1143
diff changeset
    32
  * mozilla-bmo1661715.patch
1145
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    33
  * mozilla-silence-no-return-type.patch
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    34
- skip post-build-checks for 15.0 and 15.1
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    35
- add revert-795c8762b16b.patch to fix LTO builds with gcc
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    36
  (related to bmo#1644409)
fbfd8f7cbd53 FF 81 final
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1144
diff changeset
    37
- require python3-curses as workaround to fix i586 build
1144
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1143
diff changeset
    38
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1143
diff changeset
    39
-------------------------------------------------------------------
1143
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    40
Thu Sep 17 11:45:31 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    41
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    42
- Use %limit_build macro again for aarch64 and armv7, instead of
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    43
  the new memoryperjob _constraints to use more workers
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    44
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    45
-------------------------------------------------------------------
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    46
Sat Sep  5 17:43:26 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    47
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    48
- add mozilla-bmo1661715.patch to fix Flash plugin
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    49
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    50
-------------------------------------------------------------------
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    51
Wed Sep  2 17:11:19 UTC 2020 - Manfred Hollstein <manfred.h@gmx.net>
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    52
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    53
- Mozilla Firefox 80.0.1: Bug fixes:
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    54
  * Fixed a performance regression when encountering new intermediate
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    55
    CA certificates (bmo#1661543)
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    56
  * Fixed crashes possibly related to GPU resets (bmo#1627616)
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    57
  * Fixed rendering on some sites using WebGL (bmo#1659225)
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    58
  * Fixed the zoom-in keyboard shortcut on Japanese language builds
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    59
    (bmo#1661895)
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    60
  * Fixed download issues related to extensions and cookies
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    61
    (bmo#1655190)
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    62
- added mozilla-silence-no-return-type.patch
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    63
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    64
-------------------------------------------------------------------
1142
c5e32127317c further FIPS patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1141
diff changeset
    65
Tue Aug 25 19:30:15 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
c5e32127317c further FIPS patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1141
diff changeset
    66
1143
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    67
- more whitelisting (/dev/random) for sandbox in relation to FIPS
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    68
  (bsc#1174284)
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    69
- improve langpack builds to use dedicated objdirs and make it
ff28137410eb FF8 80.0.1 including some required patches (see changes)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1142
diff changeset
    70
  parallel again
1142
c5e32127317c further FIPS patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1141
diff changeset
    71
c5e32127317c further FIPS patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1141
diff changeset
    72
-------------------------------------------------------------------
1141
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    73
Sat Aug 22 06:52:01 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    74
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    75
- Mozilla Firefox 80.0
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    76
  MFSA 2020-36 (bsc#1175686)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    77
  * CVE-2020-15663 (bmo#1643199)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    78
    Downgrade attack on the Mozilla Maintenance Service could
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    79
    have resulted in escalation of privilege
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    80
  * CVE-2020-15664 (bmo#1658214)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    81
    Attacker-induced prompt for extension installation
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    82
  * CVE-2020-12401 (bmo#1631573)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    83
    Timing-attack on ECDSA signature generation
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    84
  * CVE-2020-6829 (bmo#1631583)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    85
    P-384 and P-521 vulnerable to an electro-magnetic side
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    86
    channel attack on signature generation
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    87
  * CVE-2020-12400 (bmo#1623116)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    88
    P-384 and P-521 vulnerable to a side channel attack on
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    89
    modular inversion
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    90
  * CVE-2020-15665 (bmo#1651636)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    91
    Address bar not reset when choosing to stay on a page after
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    92
    the beforeunload dialog is shown
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    93
  * CVE-2020-15666 (bmo#1450853)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    94
    MediaError message property leaks cross-origin response
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    95
    status
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    96
  * CVE-2020-15667 (bmo#1653371)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    97
    Heap overflow when processing an update file
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    98
  * CVE-2020-15668 (bmo#1651520)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
    99
    Data Race when reading certificate information
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   100
  * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   101
    bmo#1656957)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   102
    Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   103
- requires
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   104
  * NSPR 4.27
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   105
  * NSS 3.55
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   106
- added mozilla-system-nspr.patch (bmo#1661096)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   107
- exclude ga-IE locale as it's failing to build
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   108
- rollback parallelize locale build because it breaks bookmarks
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   109
  (boo#1167976)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   110
- preserve original default bookmark file during langpack build
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   111
  (boo#1167976)
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   112
- add some ccache output during build
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   113
edb0ebe8cccc Firefox 80.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1140
diff changeset
   114
-------------------------------------------------------------------
1140
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   115
Thu Aug 20 13:07:33 UTC 2020 - Martin Liška <mliska@suse.cz>
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   116
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   117
- Use new memoryperjob _constraints instead of %limit_build macro.
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   118
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   119
-------------------------------------------------------------------
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   120
Mon Aug 10 09:19:38 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   121
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   122
- use ccache for build
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   123
- replace versioned RPM deps with requires_ge
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   124
- parallelize locale build
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   125
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   126
-------------------------------------------------------------------
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   127
Thu Aug  6 14:37:16 UTC 2020 - Yunhe Guo <i@guoyunhe.me>
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   128
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   129
- Change *.appdata.xml location to latest AppStream standard
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   130
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   131
-------------------------------------------------------------------
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   132
Thu Jul 23 21:00:34 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   133
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   134
- Mozilla Firefox 79.0
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   135
  MFSA 2020-30 (bsc#1174538)
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   136
  * CVE-2020-15652 (bmo#1634872)
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   137
    Potential leak of redirect targets when loading scripts in a worker
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   138
  * CVE-2020-6514 (bmo#1642792)
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   139
    WebRTC data channel leaks internal address to peer
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   140
  * CVE-2020-15655 (bmo#1645204)
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   141
    Extension APIs could be used to bypass Same-Origin Policy
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   142
  * CVE-2020-15653 (bmo#1521542)
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   143
    Bypassing iframe sandbox when allowing popups
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   144
  * CVE-2020-6463 (bmo#1635293)
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   145
    Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   146
  * CVE-2020-15656 (bmo#1647293)
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   147
    Type confusion for special arguments in IonMonkey
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   148
  * CVE-2020-15658 (bmo#1637745)
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   149
    Overriding file type when saving to disk
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   150
  * CVE-2020-15657 (bmo#1644954)
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   151
    DLL hijacking due to incorrect loading path
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   152
  * CVE-2020-15654 (bmo#1648333)
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   153
    Custom cursor can overlay user interface
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   154
  * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   155
    bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   156
    bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   157
    Memory safety bugs fixed in Firefox 79
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   158
- updated dependency requirements:
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   159
  * mozilla-nspr >= 4.26
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   160
  * mozilla-nss >= 3.54
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   161
  * rust >= 1.43
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   162
  * rust-cbindgen >= 0.14.3
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   163
- removed obsolete patch
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   164
  mozilla-bmo1463035.patch
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   165
a9aa543a508a FF79 latest
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1138
diff changeset
   166
-------------------------------------------------------------------
1138
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   167
Tue Jul 21 21:31:20 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   168
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   169
- fixed syntax issue in desktop file (boo#1174360)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   170
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   171
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   172
Fri Jul 17 15:07:45 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   173
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   174
- Add mozilla-libavcodec58_91.patch to link against updated
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   175
  soversion of libavcodec (58.91) with ffmpeg >= 4.3.
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   176
  (patch provided by Atri Bhattacharya <badshah400@gmail.com>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   177
- enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   178
  (Plasma 5.19.3 is now in TW)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   179
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   180
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   181
Sat Jul 11 11:08:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   182
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   183
- Mozilla Firefox 78.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   184
  * Fixed an accessibility regression in reader mode (bmo#1650922)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   185
  * Made the address bar more resilient to data corruption in the
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   186
    user profile (bmo#1649981)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   187
  * Fixed a regression opening certain external applications (bmo#1650162)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   188
  MFSA 2020-28
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   189
  * CVE pending (bmo#1644076)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   190
    X-Frame-Options bypass using object or embed tags
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   191
- added desktop file actions
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   192
- do not use XINPUT2 for the moment until Plasma 5.19.3 has landed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   193
  (boo#1173993)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   194
- rework langpack integration (boo#1173991)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   195
  * ship XPIs instead of directories
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   196
  * allow addon sideloading
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   197
  * mark signatures for langpacks non-mandatory
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   198
  * do not autodisable user profile scopes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   199
- Google API key is not usable for geolocation service
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   200
- fix pipewire support for TW (boo#1172903)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   201
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   202
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   203
Wed Jul  1 07:15:02 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   204
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   205
- Mozilla Firefox 78.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   206
  * Fixed an issue which could cause installed search engines to not
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   207
    be visible when upgrading from a previous release.
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   208
- enable MOZ_USE_XINPUT2 for TW (boo#1173320)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   209
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   210
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   211
Sun Jun 28 07:17:13 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   212
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   213
- Mozilla Firefox 78.0
1131
4a5aa8293178 78.0b5 building
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1128
diff changeset
   214
  * startup notifications now using Gtk instead of libnotify
1138
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   215
  * PDF downloads now show an option to open the PDF directly in Firefox
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   216
  * Protections Dashboard (about:protections)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   217
  * WebRTC not interrupted by screensaver anymore
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   218
  * disabled TLS 1.0 and 1.1 by default
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   219
  MFSA 2020-24 (bsc#1173576)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   220
  * CVE-2020-12415 (bmo#1586630)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   221
    AppCache manifest poisoning due to url encoded character processing
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   222
  * CVE-2020-12416 (bmo#1639734)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   223
    Use-after-free in WebRTC VideoBroadcaster
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   224
  * CVE-2020-12417 (bmo#1640737)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   225
    Memory corruption due to missing sign-extension for ValueTags
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   226
    on ARM64
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   227
  * CVE-2020-12418 (bmo#1641303)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   228
    Information disclosure due to manipulated URL object
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   229
  * CVE-2020-12419 (bmo#1643874)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   230
    Use-after-free in nsGlobalWindowInner
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   231
  * CVE-2020-12420 (bmo#1643437)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   232
    Use-After-Free when trying to connect to a STUN server
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   233
  * CVE-2020-12402 (bmo#1631597)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   234
    RSA Key Generation vulnerable to side-channel attack
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   235
  * CVE-2020-12421 (bmo#1308251)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   236
    Add-On updates did not respect the same certificate trust
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   237
    rules as software updates
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   238
  * CVE-2020-12422 (bmo#1450353)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   239
    Integer overflow in nsJPEGEncoder::emptyOutputBuffer
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   240
  * CVE-2020-12423 (bmo#1642400)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   241
    DLL Hijacking due to searching %PATH% for a library
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   242
  * CVE-2020-12424 (bmo#1562600)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   243
    WebRTC permission prompt could have been bypassed by a
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   244
    compromised content process
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   245
  * CVE-2020-12425 (bmo#1634738)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   246
    Out of bound read in Date.parse()
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   247
  * CVE-2020-12426 (bmo#1608068, bmo#1609951, bmo#1631187, bmo#1637682)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   248
    Memory safety bugs fixed in Firefox 78
1131
4a5aa8293178 78.0b5 building
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1128
diff changeset
   249
- requires
1138
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   250
  * NSS >= 3.53.1
1131
4a5aa8293178 78.0b5 building
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1128
diff changeset
   251
  * nodejs >= 10.21
1133
0a44f639e5ee removed obsolete patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1132
diff changeset
   252
  * Gtk+3 >= 3.14
1138
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   253
- removed obsolete patches
1133
0a44f639e5ee removed obsolete patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1132
diff changeset
   254
  * mozilla-s390-bigendian.patch
1138
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   255
  * mozilla-bmo1634646.patch
1134
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1133
diff changeset
   256
- Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1133
diff changeset
   257
  WebRTC with pipewire support to enable screen sharing under
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1133
diff changeset
   258
  Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1133
diff changeset
   259
  appropriately (boo#1172903).
1138
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   260
- adding SLE12 compatibility in spec file
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   261
- add patches for s390x
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   262
  * mozilla-bmo1602730.patch (bmo#1602730)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   263
  * mozilla-bmo1626236.patch (bmo#1626236)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   264
  * mozilla-bmo998749.patch (bmo#998749)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   265
  * mozilla-s390x-skia-gradient.patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   266
- update create-tar.sh
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1137
diff changeset
   267
- Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure
1131
4a5aa8293178 78.0b5 building
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1128
diff changeset
   268
4a5aa8293178 78.0b5 building
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1128
diff changeset
   269
-------------------------------------------------------------------
1128
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   270
Wed Jun 10 07:17:15 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   271
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   272
- Exclude armv6, since it is unbuildable since about 3 years
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   273
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   274
-------------------------------------------------------------------
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   275
Wed Jun  3 21:39:11 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   276
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   277
- Mozilla Firefox 77.0.1
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   278
  * Disable automatic selection of DNS over HTTPS providers during
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   279
    a test to enable wider deployment in a more controlled way
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   280
    (bmo#1642723)
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   281
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   282
-------------------------------------------------------------------
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   283
Fri May 29 11:49:36 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   284
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   285
- Mozilla Firefox 77.0
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   286
  * view and manage web certificates more easily on the new
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   287
    about:certificate page
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   288
  * improvements in accessibility
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   289
  * significant improvements to JavaScript debugging
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   290
  MFSA 2020-20 (bsc#1172402)
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   291
  * CVE-2020-12399 (bmo#1631576)
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   292
    Timing attack on DSA signatures in NSS library
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   293
    (fixed with external NSS >= 3.52.1)
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   294
  * CVE-2020-12405 (bmo#1631618)
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   295
    Use-after-free in SharedWorkerService
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   296
  * CVE-2020-12406 (bmo#1639590)
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   297
    JavaScript type confusion with NativeTypes
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   298
  * CVE-2020-12407 (bmo#1637112)
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   299
    WebRender leaking GPU memory when using border-image CSS
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   300
    directive
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   301
  * CVE-2020-12408 (bmo#1623888)
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   302
    URL spoofing when using IP addresses
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   303
  * CVE-2020-12409 (bmo#1619305, bmo#1632717)
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   304
    Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   305
  * CVE-2020-12411 (bmo#1620972, bmo#1625333)
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   306
    Memory safety bugs fixed in Firefox 77
1127
d5b284f833d5 Firefox 77.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1126
diff changeset
   307
- requires
d5b284f833d5 Firefox 77.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1126
diff changeset
   308
  * NSS >= 3.52.1
d5b284f833d5 Firefox 77.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1126
diff changeset
   309
  * rust-cbindgen >= 1.14.1
1128
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   310
  * clang >= 5
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   311
- added mozilla-bmo1634646.patch as part of fixing PGO build
0d95fa645411 Firefox 77.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1127
diff changeset
   312
  (still not working)
1127
d5b284f833d5 Firefox 77.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1126
diff changeset
   313
d5b284f833d5 Firefox 77.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1126
diff changeset
   314
-------------------------------------------------------------------
1126
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   315
Wed May 13 12:21:13 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   316
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   317
- change again _constraints for ppc64le use <physicalmemory>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   318
  and increase limit_build in spec file to reduce max_jobs.
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   319
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   320
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   321
Sat May  9 11:45:39 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   322
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   323
- Mozilla Firefox 76.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   324
  * Fixed a bug causing some add-ons such as Amazon Assistant to see
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   325
    multiple onConnect events, impairing functionality (bmo#1635637)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   326
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   327
-------------------------------------------------------------------
1125
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
   328
Fri May  1 11:59:58 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
   329
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
   330
- Mozilla Firefox 76.0
1126
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   331
  * Lockwise improvements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   332
  * Improvements in Picture-in-Picture feature
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   333
  * Support Audio Worklets
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   334
  MFSA-2020-16 (bsc#1171186)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   335
  * CVE-2020-12387 (bmo#1545345)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   336
    Use-after-free during worker shutdown
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   337
  * CVE-2020-12388 (bmo#1618911)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   338
    Sandbox escape with improperly guarded Access Tokens
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   339
  * CVE-2020-12389 (bmo#1554110)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   340
    Sandbox escape with improperly separated process types
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   341
  * CVE-2020-6831 (bmo#1632241)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   342
    Buffer overflow in SCTP chunk input validation
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   343
  * CVE-2020-12390 (bmo#1141959)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   344
    Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   345
  * CVE-2020-12391 (bmo#1457100)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   346
    Content-Security-Policy bypass using object elements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   347
  * CVE-2020-12392 (bmo#1614468)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   348
    Arbitrary local file access with 'Copy as cURL'
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   349
  * CVE-2020-12393 (bmo#1615471)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   350
    Devtools' 'Copy as cURL' feature did not fully escape
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   351
    website-controlled data, potentially leading to command injection
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   352
  * CVE-2020-12394 (bmo#1628288)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   353
    URL spoofing in location bar when unfocussed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   354
  * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   355
    bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   356
    Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   357
  * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   358
    bmo#1622291, bmo#1627644)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1125
diff changeset
   359
    Memory safety bugs fixed in Firefox 76
1125
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
   360
- requires
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
   361
  * NSS >= 3.51.1
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
   362
  * nasm >= 2.14
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
   363
- removed obsolete patch mozilla-bmo1622013.patch
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
   364
- fix URI creation for KDE file selector integration (boo#1160331)
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
   365
3fd9346c90a6 Firefox 76.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1124
diff changeset
   366
-------------------------------------------------------------------
1124
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   367
Tue Apr  7 12:18:27 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   368
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   369
- Mozilla Firefox 75.0
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   370
  * https://www.mozilla.org/en-US/firefox/75.0/releasenotes
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   371
  MFSA 2020-12 (bsc#1168874)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   372
  * CVE-2020-6821 (bmo#1625404)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   373
    Uninitialized memory could be read when using the WebGL
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   374
    copyTexSubImage method
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   375
  * CVE-2020-6822 (bmo#1544181)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   376
    Out of bounds write in GMPDecodeData when processing large images
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   377
  * CVE-2020-6823 (bmo#1614919)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   378
    Malicious Extension could obtain auth codes from OAuth login flows
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   379
  * CVE-2020-6824 (bmo#1621853)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   380
    Generated passwords may be identical on the same site between
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   381
    separate private browsing sessions
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   382
  * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   383
    Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   384
  * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488,
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   385
    bmo#1619229,bmo#1620719,bmo#1624897)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   386
    Memory safety bugs fixed in Firefox 75
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   387
- removed obsolete patch
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   388
  mozilla-bmo1609538.patch
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   389
- requires
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   390
  * rust >= 1.41
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   391
  * rust-cbindgen >= 0.13.1
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   392
  * mozilla-nss >= 3.51
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   393
  * nodejs10 >= 10.19
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   394
- fix build issue in libvpx for i586 via mozilla-bmo1622013.patch
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   395
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   396
-------------------------------------------------------------------
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   397
Mon Apr  6 11:19:24 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com>
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   398
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   399
- increase _constraints memory for ppc64le
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   400
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   401
-------------------------------------------------------------------
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   402
Fri Apr  3 15:23:28 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   403
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   404
- Mozilla Firefox 74.0.1
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   405
  MFSA 2020-11 (boo#1168630)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   406
  * CVE-2020-6819 (bmo#1620818)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   407
    Use-after-free while running the nsDocShell destructor
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   408
  * CVE-2020-6820 (bmo#1626728)
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   409
    Use-after-free when handling a ReadableStream
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   410
f890ebd6b627 Firefox 75.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1123
diff changeset
   411
-------------------------------------------------------------------
1123
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   412
Wed Mar 25 07:30:39 UTC 2020 - Marcus Meissner <meissner@suse.com>
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   413
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   414
- mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   415
  to be read, as openssl 1.1.1 FIPS aborts if it cannot access it
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   416
  (bsc#1167132)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   417
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   418
-------------------------------------------------------------------
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   419
Sat Mar  7 08:51:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   420
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   421
- Mozilla Firefox 74.0
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   422
  * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   423
  MFSA 2020-08 (bsc#1166238)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   424
  * CVE-2020-6805 (bmo#1610880)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   425
    Use-after-free when removing data about origins
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   426
  * CVE-2020-6806 (bmo#1612308)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   427
    BodyStream::OnInputStreamReady was missing protections against
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   428
    state confusion
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   429
  * CVE-2020-6807 (bmo#1614971)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   430
    Use-after-free in cubeb during stream destruction
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   431
  * CVE-2020-6808 (bmo#1247968)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   432
    URL Spoofing via javascript: URL
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   433
  * CVE-2020-6809 (bmo#1420296)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   434
    Web Extensions with the all-urls permission could access local
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   435
    files
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   436
  * CVE-2020-6810 (bmo#1432856)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   437
    Focusing a popup while in fullscreen could have obscured the
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   438
    fullscreen notification
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   439
  * CVE-2020-6811 (bmo#1607742)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   440
    Devtools' 'Copy as cURL' feature did not fully escape
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   441
    website-controlled data, potentially leading to command injection
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   442
  * CVE-2019-20503 (bmo#1613765)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   443
    Out of bounds reads in sctp_load_addresses_from_init
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   444
  * CVE-2020-6812 (bmo#1616661)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   445
    The names of AirPods with personally identifiable information
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   446
    were exposed to websites with camera or microphone permission
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   447
  * CVE-2020-6813 (bmo#1605814)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   448
    @import statements in CSS could bypass the Content Security
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   449
    Policy nonce feature
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   450
  * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   451
    bmo#1614339)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   452
    Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   453
  * CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457,
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   454
    bmo#1612431)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   455
    Memory and script safety bugs fixed in Firefox 74
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   456
- requires
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   457
  * NSPR 4.25
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   458
  * NSS 3.50
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   459
  * rust-cbindgen 0.13.0
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   460
- removed obsolete patches
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   461
  mozilla-bmo1610814.patch
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   462
  mozilla-cubeb-noreturn.patch
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   463
- add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   464
  (bmo#1609538, boo#1166471)
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   465
7fa561e5d7c7 Firefox 74.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1122
diff changeset
   466
-------------------------------------------------------------------
1122
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   467
Wed Feb 26 08:12:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   468
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   469
- big endian fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   470
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   471
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   472
Tue Feb 25 14:17:00 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   473
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   474
- Fix build on aarch64/armv7 with:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   475
  * mozilla-bmo1610814.patch (boo#1164845, bmo#1610814)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   476
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   477
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   478
Thu Feb 20 13:40:59 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   479
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   480
- Mozilla Firefox 73.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   481
  * Resolved problems connecting to the RBC Royal Bank website
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   482
    (bmo#1613943)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   483
  * Fixed Firefox unexpectedly exiting when leaving Print Preview mode
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   484
    (bmo#1611133)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   485
  * Fixed crashes when playing encrypted content on some Linux systems
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   486
    (bmo#1614535, boo#1164646)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   487
- start in wayland mode when running under wayland session
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   488
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1121
diff changeset
   489
-------------------------------------------------------------------
1121
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   490
Sun Feb  9 07:45:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   491
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   492
- Mozilla Firefox 73.0
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   493
  * Added support for setting a default zoom level applicable for all
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   494
    web content
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   495
  * High-contrast mode has been updated to allow background images
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   496
  * Improved audio quality when playing back audio at a faster or
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   497
    slower speed
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   498
  * Added NextDNS as alternative option for DNS over HTTPS
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   499
  MFSA 2020-05 (bsc#1163368)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   500
  * CVE-2020-6796 (bmo#1610426)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   501
    Missing bounds check on shared memory read in the parent process
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   502
  * CVE-2020-6797 (bmo#1596668) (MacOS X only)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   503
    Extensions granted downloads.open permission could open arbitrary
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   504
    applications on Mac OSX
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   505
  * CVE-2020-6798 (bmo#1602944)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   506
    Incorrect parsing of template tag could result in JavaScript injection
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   507
  * CVE-2020-6799 (bmo#1606596) (Windows only)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   508
    Arbitrary code execution when opening pdf links from other
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   509
    applications, when Firefox is configured as default pdf reader
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   510
  * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   511
    bmo#1608580,bmo#1608785,bmo#1605777)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   512
    Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   513
  * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   514
    Memory safety bugs fixed in Firefox 73
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   515
- updated requirements
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   516
  * rust >= 1.39
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   517
  * NSS >= 3.49.2
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   518
  * rust-cbindgen >= 0.12.0
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   519
- rebased patches
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   520
- removed obsolete patch
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   521
  * mozilla-bmo1601707.patch
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   522
- switched to cairo-gtk3-wayland build
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   523
  (to fully enable wayland MOZ_ENABLE_WAYLAND=1 needs to be set)
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   524
- disabled elfhack due to failing packager
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   525
  https://github.com/openSUSE/firefox-maintenance/issues/28
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   526
- disabled PGO due to build failure
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   527
  https://github.com/openSUSE/firefox-maintenance/issues/29
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   528
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   529
-------------------------------------------------------------------
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   530
Tue Jan 28 07:30:16 UTC 2020 - Stasiek Michalski <stasiek@michalski.cc>
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   531
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   532
- Use a symbolic icon from branding internals
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   533
- Pixmaps no longer required for the desktops
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   534
004e4b1efb26 Firefox 73.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1120
diff changeset
   535
-------------------------------------------------------------------
1120
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   536
Wed Jan 22 10:30:21 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   537
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   538
- Mozilla Firefox 72.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   539
  * Various stability fixes
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   540
  * Fixed issues opening files with spaces in their path (bmo#1601905)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   541
  * Fixed a hang opening about:logins when a master password is set
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   542
    (bmo#1606992)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   543
  * Fixed a web compatibility issue with CSS Shadow Parts which
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   544
    shipped in Firefox 72 (bmo#1604989)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   545
  * Fixed inconsistent playback performance for fullscreen 1080p
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   546
    videos on some systems (bmo#1608485)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   547
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   548
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   549
Tue Jan 21 12:59:54 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   550
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   551
- Fix build for aarch64/ppc64le (do not update config.sub file
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   552
  for libbacktrace)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   553
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   554
-------------------------------------------------------------------
1119
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   555
Wed Jan  8 08:19:12 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   556
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   557
- Mozilla Firefox 72.0.1
1120
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   558
  MFSA 2020-03 (bsc#1160498)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   559
  * CVE-2019-17026 (bmo#1607443)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   560
    IonMonkey type confusion with StoreElementHole and FallibleStoreElement
1119
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   561
- Mozilla Firefox 72.0
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   562
  * block fingerprinting scripts by default
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   563
  * new notification pop-ups
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   564
  * Picture-in-picture video
1120
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1119
diff changeset
   565
  MFSA 2020-01 (bsc#1160305)
1119
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   566
  * CVE-2019-17016 (bmo#1599181)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   567
    Bypass of @namespace CSS sanitization during pasting
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   568
  * CVE-2019-17017 (bmo#1603055)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   569
    Type Confusion in XPCVariant.cpp
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   570
  * CVE-2019-17020 (bmo#1597645)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   571
    Content Security Policy not applied to XSL stylesheets applied
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   572
    to XML documents
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   573
  * CVE-2019-17022 (bmo#1602843)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   574
    CSS sanitization does not escape HTML tags
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   575
  * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   576
    NSS may negotiate TLS 1.2 or below after a TLS 1.3
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   577
    HelloRetryRequest had been sent
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   578
  * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   579
    Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   580
  * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   581
    bmo#1595692,bmo#1597321,bmo#1597481)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   582
    Memory safety bugs fixed in Firefox 72
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   583
- update create-tar.sh to skip compare-locales
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   584
- requires NSPR 4.24 and NSS 3.48
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   585
- removed usage of browser-plugins convention for NPAPI plugins
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   586
  from start wrapper and changed the RPM macro to the
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   587
  /usr/$LIB/mozilla/plugins location (boo#1160302)
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   588
4c5d44d40a03 Firefox 72.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1118
diff changeset
   589
-------------------------------------------------------------------
1117
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   590
Mon Dec  2 08:24:05 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   591
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   592
- Mozilla Firefox 71.0
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   593
  * Improvements to Lockwise, our integrated password manager
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   594
  * More information about Enhanced Tracking Protection in action
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   595
  * Native MP3 decoding on Windows, Linux, and macOS
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   596
  * Configuration page (about:config) reimplemented in HTML
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   597
  * New kiosk mode functionality, which allows maximum screen space
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   598
    for customer-facing displays
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   599
  MFSA 2019-36
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   600
  * CVE-2019-11756 (bmo#1508776)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   601
    Use-after-free of SFTKSession object
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   602
  * CVE-2019-17008 (bmo#1546331)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   603
    Use-after-free in worker destruction
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   604
  * CVE-2019-13722 (bmo#1580156) (Windows only)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   605
    Stack corruption due to incorrect number of arguments in WebRTC code
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   606
  * CVE-2019-17014 (bmo#1322864)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   607
    Dragging and dropping a cross-origin resource, incorrectly loaded
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   608
    as an image, could result in information disclosure
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   609
  * CVE-2019-17010 (bmo#1581084)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   610
    Use-after-free when performing device orientation checks
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   611
  * CVE-2019-17005 (bmo#1584170)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   612
    Buffer overflow in plain text serializer
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   613
  * CVE-2019-17011 (bmo#1591334)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   614
    Use-after-free when retrieving a document in antitracking
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   615
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   616
    bmo#1580288, bmo#1585760, bmo#1592502)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   617
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   618
  * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   619
    bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   620
    bmo#1594181)
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   621
    Memory safety bugs fixed in Firefox 71
1114
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   622
- requires
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   623
  NSPR >= 4.23
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   624
  NSS >= 3.47.1
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   625
  rust/cargo >= 1.37
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   626
- reactivate webrtc for platforms where it was disabled
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   627
- updated create-tar.sh to cover buildid and origin repo information
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   628
  -> removed obsolete source-stamp.txt
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   629
- removed obsolete patches
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   630
  mozilla-bmo1511604.patch
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   631
  mozilla-openaes-decl.patch
1117
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   632
- changed locale building procedure
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   633
  * removed obsolete compare-locales.tar.xz
1118
27c3f029180a latest 71.0 revision
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1117
diff changeset
   634
- added mozilla-bmo1601707.patch to fix gcc/LTO builds
27c3f029180a latest 71.0 revision
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1117
diff changeset
   635
  (bmo#1601707, boo#1158466)
1117
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   636
- added mozilla-bmo849632.patch to fix big endian issues in skia
d6a688186de0 beta -> release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1114
diff changeset
   637
  used for WebGL
1114
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   638
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   639
-------------------------------------------------------------------
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   640
Fri Nov  1 14:16:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   641
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   642
- Mozilla Firefox 70.0.1
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   643
  * Fix for an issue that caused some websites or page elements using
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   644
    dynamic JavaScript to fail to load. (bmo#1592136)
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   645
  * Title bar no longer shows in full screen view (bmo#1588747)
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   646
- added mozilla-bmo1504834-part4.patch to fix some visual issues on
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   647
  big endian platforms
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   648
572ec48f3fe8 Firefox 71.0b11
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1112
diff changeset
   649
-------------------------------------------------------------------
1112
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   650
Sun Oct 20 20:19:31 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   651
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   652
- Mozilla Firefox 70.0
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   653
  * more privacy protections from Enhanced Tracking Protection
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   654
  * Firefox Lockwise passwordmanager
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   655
  * Improvements to core engine components, for better browsing on more sites
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   656
  * Improved privacy and security indicators
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   657
  MFSA 2019-34
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   658
  * CVE-2018-6156 (bmo#1480088)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   659
    Heap buffer overflow in FEC processing in WebRTC
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   660
  * CVE-2019-15903 (bmo#1584907)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   661
    Heap overflow in expat library in XML_GetCurrentLineNumber
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   662
  * CVE-2019-11757 (bmo#1577107)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   663
    Use-after-free when creating index updates in IndexedDB
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   664
  * CVE-2019-11759 (bmo#1577953)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   665
    Stack buffer overflow in HKDF output
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   666
  * CVE-2019-11760 (bmo#1577719)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   667
    Stack buffer overflow in WebRTC networking
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   668
  * CVE-2019-11761 (bmo#1561502)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   669
    Unintended access to a privileged JSONView object
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   670
  * CVE-2019-11762 (bmo#1582857)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   671
    document.domain-based origin isolation has same-origin-property violation
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   672
  * CVE-2019-11763 (bmo#1584216)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   673
    Incorrect HTML parsing results in XSS bypass technique
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   674
  * CVE-2019-11765 (bmo#1562582)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   675
    Incorrect permissions could be granted to a website
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   676
  * CVE-2019-17000 (bmo#1441468)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   677
    CSP bypass using object tag with data: URI
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   678
  * CVE-2019-17001 (bmo#1587976)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   679
    CSP bypass using object tag when script-src 'none' is specified
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   680
  * CVE-2019-17002 (bmo#1561056)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   681
    upgrade-insecure-requests was not being honored for links dragged and dropped
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   682
  * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   683
    bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845, bmo#1581950,
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   684
    bmo#1583463, bmo#1586599)
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   685
    Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   686
- requires
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   687
    rust/cargo >= 1.36
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   688
    NSPR >= 4.22
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   689
    NSS >= 3.46.1
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   690
    rust-cbindgen >= 0.9.1
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   691
- removed obsolete patches
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   692
    mozilla-bmo1573381.patch
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   693
    mozilla-nestegg-big-endian.patch
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   694
8a4f5aea2475 Firefox 70.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1111
diff changeset
   695
-------------------------------------------------------------------
1111
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   696
Sun Oct 13 08:58:12 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   697
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   698
- Mozilla Firefox 69.0.3
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   699
  * Fixed Yahoo mail users being prompted to download files when
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   700
    clicking on emails (bmo#1582848)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   701
- devel package build can easily be disabled now
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   702
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   703
-------------------------------------------------------------------
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   704
Thu Oct  3 08:40:05 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   705
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   706
- Mozilla Firefox 69.0.2
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   707
  * Fixed a crash when editing files on Office 365 websites (bmo#1579858)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   708
  * Fixed a Linux-only crash when changing the playback speed while
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   709
    watching YouTube videos (bmo#1582222)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   710
- updated supported locale list
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   711
- Allow to build without profile guided optimizations (boo#1040589)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   712
  (contributed by Bernhard Wiedemann)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   713
- Make build verbose (contributed by Martin Liška)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   714
- remove obsolete kde.js setting (boo#1151186) and related patch
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   715
  firefox-add-kde.js-in-order-to-survive-PGO-build.patch
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   716
- update create-tar.sh to latest revision and adjusted tar_stamps
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   717
- add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   718
- extension preferences moved from branding package to core package
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   719
  (packaging but not branding specific)
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   720
97a6da6d7e29 Firefox 69.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1110
diff changeset
   721
-------------------------------------------------------------------
1110
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   722
Thu Sep 19 13:31:16 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   723
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   724
- Mozilla Firefox 69.0.1
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   725
  * Fixed external programs launching in the background when clicking
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   726
    a link from inside Firefox to launch them (bmo#1570845)
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   727
  * Usability improvements to the Add-ons Manager for users with
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   728
    screen readers (bmo#1567600)
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   729
  * Fixed the Captive Portal notification bar not being dismissable
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   730
    in some situations after login is complete (bmo#1578633)
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   731
  * Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454)
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   732
  * Fixed missing stacks in the Developer Tools Performance section
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   733
    (bmo#1578354)
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   734
  MFSA 2019-31
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   735
  * CVE-2019-11754 (bmo#1580506)
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   736
    Pointer Lock is enabled with no user notification
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   737
- disable DOH by default
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   738
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   739
-------------------------------------------------------------------
1106
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   740
Thu Sep  5 13:02:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   741
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   742
- Mozilla Firefox 69.0
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   743
  * Enhanced Tracking Protection (ETP) for stronger privacy protections
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   744
  * Block Autoplay feature is enhanced to give users the option to block
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   745
    any video
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   746
  * Users in the US or using the en-US browser, can get a new “New Tab”
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   747
    page experience connecting to the best of Pocket's content.
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   748
  * Support for the Web Authentication HmacSecret extension via
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   749
    Windows Hello introduced.
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   750
  * Support for receiving multiple video codecs with this release makes
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   751
    it easier for WebRTC conferencing services to mix video from
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   752
    different clients.
1107
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   753
  MFSA 2019-25 (boo#1149324)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   754
  * CVE-2019-11741 (bmo#1539595)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   755
    Isolate addons.mozilla.org and accounts.firefox.com
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   756
  * CVE-2019-5849 (bmo#1555838)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   757
    Out-of-bounds read in Skia
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   758
  * CVE-2019-11737 (bmo#1388015)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   759
    Content security policy directives ignore port and path if host is a wildcard
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   760
  * CVE-2019-11734 (bmo#1352875,bmo#1536227,bmo#1557208,bmo#1560641)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   761
    Memory safety bugs fixed in Firefox 69
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   762
  * CVE-2019-11735 (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   763
    bmo#1565744,bmo#1568858,bmo#1570358)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   764
    Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   765
  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
a2aa55e10564 Firefox 69 as submitted to TW
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1106
diff changeset
   766
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
1106
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   767
- requires
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   768
  * rust/cargo >= 1.35
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   769
  * rust-cbindgen >= 0.9.0
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   770
  * mozilla-nss >= 3.45
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   771
- rebased patches
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   772
6c6375987b6c rebased
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1101
diff changeset
   773
-------------------------------------------------------------------
1101
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   774
Wed Sep  4 15:38:40 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   775
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   776
- added a bunch of patches mainly for big endian platforms
1109
972f68ac6b1a Firefox 69.0 as released to Factory/Tumbleweed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1108
diff changeset
   777
  * mozilla-bmo1504834-part1.patch
972f68ac6b1a Firefox 69.0 as released to Factory/Tumbleweed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1108
diff changeset
   778
  * mozilla-bmo1504834-part2.patch
972f68ac6b1a Firefox 69.0 as released to Factory/Tumbleweed
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1108
diff changeset
   779
  * mozilla-bmo1504834-part3.patch
1101
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   780
  * mozilla-bmo1511604.patch
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   781
  * mozilla-bmo1554971.patch
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   782
  * mozilla-bmo1573381.patch
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   783
  * mozilla-nestegg-big-endian.patch
1110
9e4b30f05706 Firefox 69.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1109
diff changeset
   784
  * mozilla-bmo1512162.patch
1101
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   785
a4709640638e added several arch specific (mainly BE) patches
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1100
diff changeset
   786
-------------------------------------------------------------------
1099
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   787
Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   788
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   789
- Mozilla Firefox 68.1.0
1100
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   790
  MFSA 2019-26
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   791
  * CVE-2019-11751 (bmo#1572838; Windows only)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   792
    Malicious code execution through command line parameters
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   793
  * CVE-2019-11746 (bmo#1564449)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   794
    Use-after-free while manipulating video
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   795
  * CVE-2019-11744 (bmo#1562033)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   796
    XSS by breaking out of title and textarea elements using innerHTML
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   797
  * CVE-2019-11742 (bmo#1559715)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   798
    Same-origin policy violation with SVG filters and canvas to steal
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   799
    cross-origin images
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   800
  * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   801
    File manipulation and privilege escalation in Mozilla Maintenance Service
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   802
  * CVE-2019-11753 (bmo#1574980; Windows only)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   803
    Privilege escalation with Mozilla Maintenance Service in custom
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   804
    Firefox installation location
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   805
  * CVE-2019-11752 (bmo#1501152)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   806
    Use-after-free while extracting a key value in IndexedDB
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   807
  * CVE-2019-9812 (bmo#1538008, bmo#1538015)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   808
    Sandbox escape through Firefox Sync
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   809
  * CVE-2019-11743 (bmo#1560495)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   810
    Cross-origin access to unload event attributes
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   811
  * CVE-2019-11748 (bmo#1564588)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   812
    Persistence of WebRTC permissions in a third party context
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   813
  * CVE-2019-11749 (bmo#1565374)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   814
    Camera information available without prompting using getUserMedia
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   815
  * CVE-2019-11750 (bmo#1568397)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   816
    Type confusion in Spidermonkey
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   817
  * CVE-2019-11738 (bmo#1452037)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   818
    Content security policy bypass through hash-based sources in directives
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   819
  * CVE-2019-11747 (bmo#1564481)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   820
    'Forget about this site' removes sites from pre-loaded HSTS list
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   821
  * CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   822
    bmo#1565744,bmo#1568858,bmo#1570358)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   823
    Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   824
  * CVE-2019-11740 (bmo#1563133,bmo#1573160)
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   825
    Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
e1c5065a014f changelog
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1099
diff changeset
   826
- switched package to ESR branch
1099
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   827
- added mozilla-bmo1568145.patch to make builds reproducible
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   828
- removed upstreamed patch mozilla-gcc-internal-compiler-error.patch
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   829
8a3c73e74e65 68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate68.1.0 candidate
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1098
diff changeset
   830
-------------------------------------------------------------------
1098
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   831
Sun Aug 18 17:29:25 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   832
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   833
- Mozilla Firefox 68.0.2:
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   834
  * Fixed a bug causing some special characters to be cut off from
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   835
    the end of the search terms when searching from the URL bar
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   836
    (bmo#1560228)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   837
  * Allow fonts to be loaded via file:// URLs when opening a page
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   838
    locally (bmo#1565942)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   839
  * Printing emails from the Outlook web app no longer prints only
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   840
    the header and footer (bmo#1567105)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   841
  * Fixed a bug causing some images not to be displayed on reload,
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   842
    including on Google Maps (bmo# 1565542)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   843
  * Fixed an error when starting external applications configured
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   844
    as URI handlers (bmo#1567614)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   845
  MFSA 2019-24 (boo#1145665)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   846
  * CVE-2019-11733: Stored passwords in 'Saved Logins' can be
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   847
    copied without master password entry (bmo#1565780)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   848
- drop fix-build-after-y2038-changes-in-glibc.patch, upstream
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   849
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   850
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   851
Fri Aug 16 16:49:24 UTC 2019 - Jonathan Brielmaier <jbrielmaier@suse.de>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   852
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   853
- Fix crash when typing in the URL bar on ppc64le (bmo#1512162).
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   854
  The upstream patch doesn't resolve the issue on TW, but compiling
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   855
  with -O1 does. Do this until we have a proper fix.
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   856
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   857
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   858
Thu Aug  1 14:25:02 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   859
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   860
- Update build constraints to fix arm builds
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   861
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   862
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   863
Fri Jul 19 08:11:27 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   864
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   865
- Mozilla Firefox 68.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   866
  * Fixed missing Full Screen button when watching videos in full
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   867
    screen mode on HBO GO (bmo#1562837)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   868
  * Fixed a bug causing incorrect messages to appear for some
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   869
    locales when sites try to request the use of the Storage
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   870
    Access API (bmo#1558503)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   871
  * Users in Russian regions may have their default search engine
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   872
    changed (bmo#1565315)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   873
  * Built-in search engines in some locales do not function
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   874
    correctly (bmo#1565779)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   875
  * SupportMenu policy doesn't always work (bmo#1553290)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   876
  * Allow the privacy.file_unique_origin pref to be controlled by
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   877
    policy (bmo#1563759)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   878
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   879
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   880
Thu Jul 11 10:51:39 UTC 2019 - Jiri Slaby <jslaby@suse.com>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   881
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   882
- add fix-build-after-y2038-changes-in-glibc.patch
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   883
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   884
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   885
Wed Jul 10 13:47:41 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   886
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   887
- Generate langpacks sequentially to avoid file corruption
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   888
  from racy file writes (boo#1137970)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   889
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   890
-------------------------------------------------------------------
1097
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   891
Mon Jul  8 13:30:35 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   892
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   893
- Mozilla Firefox 68.0
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   894
  * Dark mode in reader view
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   895
  * Improved extension security and discovery
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   896
  * Cryptomining and fingerprinting protections are added to strict
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   897
    content blocking settings in Privacy & Security preferences
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   898
  * Camera and microphone access now require an HTTPS connection
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   899
  MFSA 2019-21 (bsc#1140868)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   900
  * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   901
    Sandbox escape via installation of malicious languagepack
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   902
  * CVE-2019-11711 (bmo#1552541)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   903
    Script injection within domain through inner window reuse
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   904
  * CVE-2019-11712 (bmo#1543804)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   905
    Cross-origin POST requests can be made with NPAPI plugins by
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   906
    following 308 redirects
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   907
  * CVE-2019-11713 (bmo#1528481)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   908
    Use-after-free with HTTP/2 cached stream
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   909
  * CVE-2019-11714 (bmo#1542593)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   910
    NeckoChild can trigger crash when accessed off of main thread
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   911
  * CVE-2019-11729 (bmo#1515342)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   912
    Empty or malformed p256-ECDH public keys may trigger a segmentation fault
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   913
  * CVE-2019-11715 (bmo#1555523)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   914
    HTML parsing error can contribute to content XSS
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   915
  * CVE-2019-11716 (bmo#1552632)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   916
    globalThis not enumerable until accessed
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   917
  * CVE-2019-11717 (bmo#1548306)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   918
    Caret character improperly escaped in origins
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   919
  * CVE-2019-11718 (bmo#1408349)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   920
    Activity Stream writes unsanitized content to innerHTML
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   921
  * CVE-2019-11719 (bmo#1540541)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   922
    Out-of-bounds read when importing curve25519 private key
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   923
  * CVE-2019-11720 (bmo#1556230)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   924
    Character encoding XSS vulnerability
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   925
  * CVE-2019-11721 (bmo#1256009)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   926
    Domain spoofing through unicode latin 'kra' character
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   927
  * CVE-2019-11730 (bmo#1558299)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   928
    Same-origin policy treats all files in a directory as having the
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   929
    same-origin
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   930
  * CVE-2019-11723 (bmo#1528335)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   931
    Cookie leakage during add-on fetching across private browsing boundaries
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   932
  * CVE-2019-11724 (bmo#1512511)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   933
    Retired site input.mozilla.org has remote troubleshooting permissions
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   934
  * CVE-2019-11725 (bmo#1483510)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   935
    Websocket resources bypass safebrowsing protections
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   936
  * CVE-2019-11727 (bmo#1552208)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   937
    PKCS#1 v1.5 signatures can be used for TLS 1.3
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   938
  * CVE-2019-11728 (bmo#1552993)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   939
    Port scanning through Alt-Svc header
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   940
  * CVE-2019-11710 (bmo#1549768, bmo#1548611, bmo#1533842, bmo#1537692,
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   941
    bmo#1540590, bmo#1551907, bmo#1510345, bmo#1535482, bmo#1535848,
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   942
    bmo#1547472, bmo#1547760, bmo#1507696, bmo#1544180)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   943
    Memory safety bugs fixed in Firefox 68
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   944
  * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   945
    bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   946
    Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   947
- requires
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   948
  * NSS 3.44.1
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   949
  * rust/cargo 1.34
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   950
  * rust-cbindgen 0.8.7
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   951
- rebased patches
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   952
  * mozilla-aarch64-startup-crash.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   953
  * mozilla-kde.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   954
  * mozilla-nongnome-proxies.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   955
  * firefox-kde.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   956
- use new create-tar.sh and add tar_stamps for package definitions
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   957
- added patches imported from SLE flavour
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   958
  * mozilla-gcc-internal-compiler-error.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   959
  * mozilla-bmo1005535.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   960
  * mozilla-ppc-altivec_static_inline.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   961
  * mozilla-reduce-rust-debuginfo.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   962
  * mozilla-s390-bigendian.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   963
  * mozilla-s390-context.patch
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   964
840132a4a9b3 Firefox 68.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1096
diff changeset
   965
-------------------------------------------------------------------
1096
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   966
Mon Jul  2 14:15:17 UTC 2019 - Martin Liška <mliska@suse.cz>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   967
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   968
- Enable PGO for x86_64.
1098
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1097
diff changeset
   969
  * added firefox-add-kde.js-in-order-to-survive-PGO-build.patch
1096
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   970
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   971
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   972
Thu Jun 20 06:20:59 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   973
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   974
- Mozilla Firefox 67.0.4
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   975
  MFSA 2019-19 (boo#1138872)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   976
  * CVE-2019-11708 (bmo#1559858)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   977
    sandbox escape using Prompt:Open
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   978
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   979
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   980
Tue Jun 18 18:36:15 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   981
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   982
- Mozilla Firefox 67.0.3
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   983
  MFSA 2019-18 (boo#1138614)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   984
  * CVE-2019-11707 (bmo#1544386)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   985
    Type confusion in Array.pop
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   986
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   987
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   988
Thu Jun 12 14:56:32 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   989
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   990
- Mozilla Firefox 67.0.2
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   991
  * Fixed: Fix JavaScript error ("TypeError: data is null in
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   992
    PrivacyFilter.jsm") in console which may significantly degrade
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   993
    sessionstore reliability and performance (bmo#1553413)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   994
  * Fixed: Proxy authentication dialog box repeatedly pops up
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   995
    asking to authenticate after upgrading to Firefox 67 (bmo#1548804)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   996
  * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   997
    implementation (bmo#1551282)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   998
  * Fixed: Starting in safe mode on Linux or macOS causes Firefox
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
   999
    to think on the subsequent launch that the profile is too
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1000
    recent to be used with this version of Firefox (bmo#1556612)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1001
  * Fixed: Linux distribution users can't easily install/use
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1002
    additional/different languages using the built-in preferences
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1003
    UI (bmo#1554744)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1004
  * Fixed: Developer tools users can't copy the href/src content
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1005
    from various HTML tags via the context menu in the Inspector
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1006
    markup view (bmo#1552275)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1007
  * Fixed: Custom home page is broken with clearing data on shutdown
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1008
    settings applied (bmo#1554167)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1009
  * Fixed: Performance-regression for eclipse RAP based applications
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1010
    (bmo#1555962)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1011
  * Fixed: macOS 10.15 crash fix (bmo#1556076)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1012
  * Fixed: Can't start two downloads in parallel via <a download>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1013
    anymore (bmo#1542912)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1014
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1015
-------------------------------------------------------------------
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1016
Thu Jun  6 06:49:51 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1017
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1018
- Mozilla Firefox 67.0.1
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1019
  * enable enhanced tracking protection by default for new users
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1020
  * upgrade of Facebook container to version 2.0
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1021
  * new version of Firefox Lockwise (password management)
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1022
  * new version of Firefox Monitor
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1023
  * Firefox Send improvements
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1024
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1025
-------------------------------------------------------------------
1094
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1026
Sun May 19 20:40:30 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
1093
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1027
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1028
- Mozilla Firefox 67.0
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1029
  * Firefox 67 will be able to run different Firefox installs side by side
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1030
    https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1031
  * Tabs can now be pinned from the Page Actions menu in the address bar
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1032
  * Users can block known cryptominers and fingerprinters in the
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1033
    Custom settings or their Content Blocking preferences
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1034
  * The Import Data from Another Browser feature is now also available
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1035
    from the File menu
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1036
  * Firefox will now protect you against running older versions which
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1037
    can lead to data corruption and stability issues
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1038
  * Easier access to your list of saved logins from the main menu and
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1039
    login autocomplete
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1040
  * We’ve added a toolbar menu for your Firefox Account to provide more
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1041
    transparency for when you are synced, sharing data across devices
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1042
    and with Firefox. Personalize the appearance of the menu with your
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1043
    own avatar
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1044
  * Enable FIDO U2F API, and permit registrations for Google Accounts
3942c205588b 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1092
diff changeset
  1045
  * Enabled AV1 support on Linux
1096
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1094
diff changeset
  1046
  MFSA 2019-13 (boo#1135824)
1094
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1047
  * CVE-2019-9815 (bmo#1546544)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1048
    Disable hyperthreading on content JavaScript threads on macOS
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1049
  * CVE-2019-9816 (bmo#1536768)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1050
    Type confusion with object groups and UnboxedObjects
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1051
  * CVE-2019-9817 (bmo#1540221)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1052
    Stealing of cross-domain images using canvas
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1053
  * CVE-2019-9818 (bmo#1542581) (Windows only)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1054
    Use-after-free in crash generation server
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1055
  * CVE-2019-9819 (bmo#1532553)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1056
    Compartment mismatch with fetch API
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1057
  * CVE-2019-9820 (bmo#1536405)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1058
    Use-after-free of ChromeEventHandler by DocShell
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1059
  * CVE-2019-9821 (bmo#1539125)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1060
    Use-after-free in AssertWorkerThread
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1061
  * CVE-2019-11691 (bmo#1542465)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1062
    Use-after-free in XMLHttpRequest
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1063
  * CVE-2019-11692 (bmo#1544670)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1064
    Use-after-free removing listeners in the event listener manager
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1065
  * CVE-2019-11693 (bmo#1532525)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1066
    Buffer overflow in WebGL bufferdata on Linux
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1067
  * CVE-2019-7317 (bmo#1542829)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1068
    Use-after-free in png_image_free of libpng library
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1069
  * CVE-2019-11694 (bmo#1534196) (Windows only)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1070
    Uninitialized memory memory leakage in Windows sandbox
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1071
  * CVE-2019-11695 (bmo#1445844)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1072
    Custom cursor can render over user interface outside of web content
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1073
  * CVE-2019-11696 (bmo#1392955)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1074
    Java web start .JNLP files are not recognized as executable files
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1075
    for download prompts
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1076
  * CVE-2019-11697 (bmo#1440079)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1077
    Pressing key combinations can bypass installation prompt delays and
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1078
    install extensions
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1079
  * CVE-2019-11698 (bmo#1543191)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1080
    Theft of user history data through drag and drop of hyperlinks
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1081
    to and from bookmarks
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1082
  * CVE-2019-11700 (bmo#1549833) (Windows only)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1083
    res: protocol can be used to open known local files
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1084
  * CVE-2019-11699 (bmo#1528939)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1085
    Incorrect domain name highlighting during page navigation
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1086
  * CVE-2019-11701 (bmo#1518627)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1087
    webcal: protocol default handler loads vulnerable web page
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1088
  * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1089
    bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425)
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093
diff changeset
  1090
    Memory safety bugs fixed in Firefox 67
a25638dad81d final 67.0 release
Wolfgang Rosenauer <wr@rosenauer.org>
parents: 1093<