1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Tue Nov 19 09:30:19 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
2 Wed Jun 10 07:17:15 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
3 |
3 |
4 - Mozilla Firefox 71.0b11 |
4 - Exclude armv6, since it is unbuildable since about 3 years |
|
5 |
|
6 ------------------------------------------------------------------- |
|
7 Wed Jun 3 21:39:11 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de> |
|
8 |
|
9 - Mozilla Firefox 77.0.1 |
|
10 * Disable automatic selection of DNS over HTTPS providers during |
|
11 a test to enable wider deployment in a more controlled way |
|
12 (bmo#1642723) |
|
13 |
|
14 ------------------------------------------------------------------- |
|
15 Fri May 29 11:49:36 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
16 |
|
17 - Mozilla Firefox 77.0 |
|
18 * view and manage web certificates more easily on the new |
|
19 about:certificate page |
|
20 * improvements in accessibility |
|
21 * significant improvements to JavaScript debugging |
|
22 MFSA 2020-20 (bsc#1172402) |
|
23 * CVE-2020-12399 (bmo#1631576) |
|
24 Timing attack on DSA signatures in NSS library |
|
25 (fixed with external NSS >= 3.52.1) |
|
26 * CVE-2020-12405 (bmo#1631618) |
|
27 Use-after-free in SharedWorkerService |
|
28 * CVE-2020-12406 (bmo#1639590) |
|
29 JavaScript type confusion with NativeTypes |
|
30 * CVE-2020-12407 (bmo#1637112) |
|
31 WebRender leaking GPU memory when using border-image CSS |
|
32 directive |
|
33 * CVE-2020-12408 (bmo#1623888) |
|
34 URL spoofing when using IP addresses |
|
35 * CVE-2020-12409 (bmo#1619305, bmo#1632717) |
|
36 Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 |
|
37 * CVE-2020-12411 (bmo#1620972, bmo#1625333) |
|
38 Memory safety bugs fixed in Firefox 77 |
|
39 - requires |
|
40 * NSS >= 3.52.1 |
|
41 * rust-cbindgen >= 1.14.1 |
|
42 * clang >= 5 |
|
43 - added mozilla-bmo1634646.patch as part of fixing PGO build |
|
44 (still not working) |
|
45 |
|
46 ------------------------------------------------------------------- |
|
47 Wed May 13 12:21:13 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com> |
|
48 |
|
49 - change again _constraints for ppc64le use <physicalmemory> |
|
50 and increase limit_build in spec file to reduce max_jobs. |
|
51 |
|
52 ------------------------------------------------------------------- |
|
53 Sat May 9 11:45:39 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
54 |
|
55 - Mozilla Firefox 76.0.1 |
|
56 * Fixed a bug causing some add-ons such as Amazon Assistant to see |
|
57 multiple onConnect events, impairing functionality (bmo#1635637) |
|
58 |
|
59 ------------------------------------------------------------------- |
|
60 Fri May 1 11:59:58 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
61 |
|
62 - Mozilla Firefox 76.0 |
|
63 * Lockwise improvements |
|
64 * Improvements in Picture-in-Picture feature |
|
65 * Support Audio Worklets |
|
66 MFSA-2020-16 (bsc#1171186) |
|
67 * CVE-2020-12387 (bmo#1545345) |
|
68 Use-after-free during worker shutdown |
|
69 * CVE-2020-12388 (bmo#1618911) |
|
70 Sandbox escape with improperly guarded Access Tokens |
|
71 * CVE-2020-12389 (bmo#1554110) |
|
72 Sandbox escape with improperly separated process types |
|
73 * CVE-2020-6831 (bmo#1632241) |
|
74 Buffer overflow in SCTP chunk input validation |
|
75 * CVE-2020-12390 (bmo#1141959) |
|
76 Incorrect serialization of nsIPrincipal.origin for IPv6 addresses |
|
77 * CVE-2020-12391 (bmo#1457100) |
|
78 Content-Security-Policy bypass using object elements |
|
79 * CVE-2020-12392 (bmo#1614468) |
|
80 Arbitrary local file access with 'Copy as cURL' |
|
81 * CVE-2020-12393 (bmo#1615471) |
|
82 Devtools' 'Copy as cURL' feature did not fully escape |
|
83 website-controlled data, potentially leading to command injection |
|
84 * CVE-2020-12394 (bmo#1628288) |
|
85 URL spoofing in location bar when unfocussed |
|
86 * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098, |
|
87 bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508) |
|
88 Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 |
|
89 * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488, |
|
90 bmo#1622291, bmo#1627644) |
|
91 Memory safety bugs fixed in Firefox 76 |
|
92 - requires |
|
93 * NSS >= 3.51.1 |
|
94 * nasm >= 2.14 |
|
95 - removed obsolete patch mozilla-bmo1622013.patch |
|
96 - fix URI creation for KDE file selector integration (boo#1160331) |
|
97 |
|
98 ------------------------------------------------------------------- |
|
99 Tue Apr 7 12:18:27 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
100 |
|
101 - Mozilla Firefox 75.0 |
|
102 * https://www.mozilla.org/en-US/firefox/75.0/releasenotes |
|
103 MFSA 2020-12 (bsc#1168874) |
|
104 * CVE-2020-6821 (bmo#1625404) |
|
105 Uninitialized memory could be read when using the WebGL |
|
106 copyTexSubImage method |
|
107 * CVE-2020-6822 (bmo#1544181) |
|
108 Out of bounds write in GMPDecodeData when processing large images |
|
109 * CVE-2020-6823 (bmo#1614919) |
|
110 Malicious Extension could obtain auth codes from OAuth login flows |
|
111 * CVE-2020-6824 (bmo#1621853) |
|
112 Generated passwords may be identical on the same site between |
|
113 separate private browsing sessions |
|
114 * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203) |
|
115 Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 |
|
116 * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488, |
|
117 bmo#1619229,bmo#1620719,bmo#1624897) |
|
118 Memory safety bugs fixed in Firefox 75 |
|
119 - removed obsolete patch |
|
120 mozilla-bmo1609538.patch |
|
121 - requires |
|
122 * rust >= 1.41 |
|
123 * rust-cbindgen >= 0.13.1 |
|
124 * mozilla-nss >= 3.51 |
|
125 * nodejs10 >= 10.19 |
|
126 - fix build issue in libvpx for i586 via mozilla-bmo1622013.patch |
|
127 |
|
128 ------------------------------------------------------------------- |
|
129 Mon Apr 6 11:19:24 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com> |
|
130 |
|
131 - increase _constraints memory for ppc64le |
|
132 |
|
133 ------------------------------------------------------------------- |
|
134 Fri Apr 3 15:23:28 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
135 |
|
136 - Mozilla Firefox 74.0.1 |
|
137 MFSA 2020-11 (boo#1168630) |
|
138 * CVE-2020-6819 (bmo#1620818) |
|
139 Use-after-free while running the nsDocShell destructor |
|
140 * CVE-2020-6820 (bmo#1626728) |
|
141 Use-after-free when handling a ReadableStream |
|
142 |
|
143 ------------------------------------------------------------------- |
|
144 Wed Mar 25 07:30:39 UTC 2020 - Marcus Meissner <meissner@suse.com> |
|
145 |
|
146 - mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled |
|
147 to be read, as openssl 1.1.1 FIPS aborts if it cannot access it |
|
148 (bsc#1167132) |
|
149 |
|
150 ------------------------------------------------------------------- |
|
151 Sat Mar 7 08:51:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
152 |
|
153 - Mozilla Firefox 74.0 |
|
154 * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/ |
|
155 MFSA 2020-08 (bsc#1166238) |
|
156 * CVE-2020-6805 (bmo#1610880) |
|
157 Use-after-free when removing data about origins |
|
158 * CVE-2020-6806 (bmo#1612308) |
|
159 BodyStream::OnInputStreamReady was missing protections against |
|
160 state confusion |
|
161 * CVE-2020-6807 (bmo#1614971) |
|
162 Use-after-free in cubeb during stream destruction |
|
163 * CVE-2020-6808 (bmo#1247968) |
|
164 URL Spoofing via javascript: URL |
|
165 * CVE-2020-6809 (bmo#1420296) |
|
166 Web Extensions with the all-urls permission could access local |
|
167 files |
|
168 * CVE-2020-6810 (bmo#1432856) |
|
169 Focusing a popup while in fullscreen could have obscured the |
|
170 fullscreen notification |
|
171 * CVE-2020-6811 (bmo#1607742) |
|
172 Devtools' 'Copy as cURL' feature did not fully escape |
|
173 website-controlled data, potentially leading to command injection |
|
174 * CVE-2019-20503 (bmo#1613765) |
|
175 Out of bounds reads in sctp_load_addresses_from_init |
|
176 * CVE-2020-6812 (bmo#1616661) |
|
177 The names of AirPods with personally identifiable information |
|
178 were exposed to websites with camera or microphone permission |
|
179 * CVE-2020-6813 (bmo#1605814) |
|
180 @import statements in CSS could bypass the Content Security |
|
181 Policy nonce feature |
|
182 * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636, |
|
183 bmo#1614339) |
|
184 Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 |
|
185 * CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457, |
|
186 bmo#1612431) |
|
187 Memory and script safety bugs fixed in Firefox 74 |
|
188 - requires |
|
189 * NSPR 4.25 |
|
190 * NSS 3.50 |
|
191 * rust-cbindgen 0.13.0 |
|
192 - removed obsolete patches |
|
193 mozilla-bmo1610814.patch |
|
194 mozilla-cubeb-noreturn.patch |
|
195 - add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36 |
|
196 (bmo#1609538, boo#1166471) |
|
197 |
|
198 ------------------------------------------------------------------- |
|
199 Wed Feb 26 08:12:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
200 |
|
201 - big endian fixes |
|
202 |
|
203 ------------------------------------------------------------------- |
|
204 Tue Feb 25 14:17:00 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
205 |
|
206 - Fix build on aarch64/armv7 with: |
|
207 * mozilla-bmo1610814.patch (boo#1164845, bmo#1610814) |
|
208 |
|
209 ------------------------------------------------------------------- |
|
210 Thu Feb 20 13:40:59 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
211 |
|
212 - Mozilla Firefox 73.0.1 |
|
213 * Resolved problems connecting to the RBC Royal Bank website |
|
214 (bmo#1613943) |
|
215 * Fixed Firefox unexpectedly exiting when leaving Print Preview mode |
|
216 (bmo#1611133) |
|
217 * Fixed crashes when playing encrypted content on some Linux systems |
|
218 (bmo#1614535, boo#1164646) |
|
219 - start in wayland mode when running under wayland session |
|
220 |
|
221 ------------------------------------------------------------------- |
|
222 Sun Feb 9 07:45:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
223 |
|
224 - Mozilla Firefox 73.0 |
|
225 * Added support for setting a default zoom level applicable for all |
|
226 web content |
|
227 * High-contrast mode has been updated to allow background images |
|
228 * Improved audio quality when playing back audio at a faster or |
|
229 slower speed |
|
230 * Added NextDNS as alternative option for DNS over HTTPS |
|
231 MFSA 2020-05 (bsc#1163368) |
|
232 * CVE-2020-6796 (bmo#1610426) |
|
233 Missing bounds check on shared memory read in the parent process |
|
234 * CVE-2020-6797 (bmo#1596668) (MacOS X only) |
|
235 Extensions granted downloads.open permission could open arbitrary |
|
236 applications on Mac OSX |
|
237 * CVE-2020-6798 (bmo#1602944) |
|
238 Incorrect parsing of template tag could result in JavaScript injection |
|
239 * CVE-2020-6799 (bmo#1606596) (Windows only) |
|
240 Arbitrary code execution when opening pdf links from other |
|
241 applications, when Firefox is configured as default pdf reader |
|
242 * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851, |
|
243 bmo#1608580,bmo#1608785,bmo#1605777) |
|
244 Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 |
|
245 * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492) |
|
246 Memory safety bugs fixed in Firefox 73 |
|
247 - updated requirements |
|
248 * rust >= 1.39 |
|
249 * NSS >= 3.49.2 |
|
250 * rust-cbindgen >= 0.12.0 |
|
251 - rebased patches |
|
252 - removed obsolete patch |
|
253 * mozilla-bmo1601707.patch |
|
254 - switched to cairo-gtk3-wayland build |
|
255 (to fully enable wayland MOZ_ENABLE_WAYLAND=1 needs to be set) |
|
256 - disabled elfhack due to failing packager |
|
257 https://github.com/openSUSE/firefox-maintenance/issues/28 |
|
258 - disabled PGO due to build failure |
|
259 https://github.com/openSUSE/firefox-maintenance/issues/29 |
|
260 |
|
261 ------------------------------------------------------------------- |
|
262 Tue Jan 28 07:30:16 UTC 2020 - Stasiek Michalski <stasiek@michalski.cc> |
|
263 |
|
264 - Use a symbolic icon from branding internals |
|
265 - Pixmaps no longer required for the desktops |
|
266 |
|
267 ------------------------------------------------------------------- |
|
268 Wed Jan 22 10:30:21 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
269 |
|
270 - Mozilla Firefox 72.0.2 |
|
271 * Various stability fixes |
|
272 * Fixed issues opening files with spaces in their path (bmo#1601905) |
|
273 * Fixed a hang opening about:logins when a master password is set |
|
274 (bmo#1606992) |
|
275 * Fixed a web compatibility issue with CSS Shadow Parts which |
|
276 shipped in Firefox 72 (bmo#1604989) |
|
277 * Fixed inconsistent playback performance for fullscreen 1080p |
|
278 videos on some systems (bmo#1608485) |
|
279 |
|
280 ------------------------------------------------------------------- |
|
281 Tue Jan 21 12:59:54 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org> |
|
282 |
|
283 - Fix build for aarch64/ppc64le (do not update config.sub file |
|
284 for libbacktrace) |
|
285 |
|
286 ------------------------------------------------------------------- |
|
287 Wed Jan 8 08:19:12 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
288 |
|
289 - Mozilla Firefox 72.0.1 |
|
290 MFSA 2020-03 (bsc#1160498) |
|
291 * CVE-2019-17026 (bmo#1607443) |
|
292 IonMonkey type confusion with StoreElementHole and FallibleStoreElement |
|
293 - Mozilla Firefox 72.0 |
|
294 * block fingerprinting scripts by default |
|
295 * new notification pop-ups |
|
296 * Picture-in-picture video |
|
297 MFSA 2020-01 (bsc#1160305) |
|
298 * CVE-2019-17016 (bmo#1599181) |
|
299 Bypass of @namespace CSS sanitization during pasting |
|
300 * CVE-2019-17017 (bmo#1603055) |
|
301 Type Confusion in XPCVariant.cpp |
|
302 * CVE-2019-17020 (bmo#1597645) |
|
303 Content Security Policy not applied to XSL stylesheets applied |
|
304 to XML documents |
|
305 * CVE-2019-17022 (bmo#1602843) |
|
306 CSS sanitization does not escape HTML tags |
|
307 * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME) |
|
308 NSS may negotiate TLS 1.2 or below after a TLS 1.3 |
|
309 HelloRetryRequest had been sent |
|
310 * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826) |
|
311 Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 |
|
312 * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965 |
|
313 bmo#1595692,bmo#1597321,bmo#1597481) |
|
314 Memory safety bugs fixed in Firefox 72 |
|
315 - update create-tar.sh to skip compare-locales |
|
316 - requires NSPR 4.24 and NSS 3.48 |
|
317 - removed usage of browser-plugins convention for NPAPI plugins |
|
318 from start wrapper and changed the RPM macro to the |
|
319 /usr/$LIB/mozilla/plugins location (boo#1160302) |
|
320 |
|
321 ------------------------------------------------------------------- |
|
322 Mon Dec 2 08:24:05 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
|
323 |
|
324 - Mozilla Firefox 71.0 |
|
325 * Improvements to Lockwise, our integrated password manager |
|
326 * More information about Enhanced Tracking Protection in action |
|
327 * Native MP3 decoding on Windows, Linux, and macOS |
|
328 * Configuration page (about:config) reimplemented in HTML |
|
329 * New kiosk mode functionality, which allows maximum screen space |
|
330 for customer-facing displays |
|
331 MFSA 2019-36 |
|
332 * CVE-2019-11756 (bmo#1508776) |
|
333 Use-after-free of SFTKSession object |
|
334 * CVE-2019-17008 (bmo#1546331) |
|
335 Use-after-free in worker destruction |
|
336 * CVE-2019-13722 (bmo#1580156) (Windows only) |
|
337 Stack corruption due to incorrect number of arguments in WebRTC code |
|
338 * CVE-2019-17014 (bmo#1322864) |
|
339 Dragging and dropping a cross-origin resource, incorrectly loaded |
|
340 as an image, could result in information disclosure |
|
341 * CVE-2019-17010 (bmo#1581084) |
|
342 Use-after-free when performing device orientation checks |
|
343 * CVE-2019-17005 (bmo#1584170) |
|
344 Buffer overflow in plain text serializer |
|
345 * CVE-2019-17011 (bmo#1591334) |
|
346 Use-after-free when retrieving a document in antitracking |
|
347 * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209 |
|
348 bmo#1580288, bmo#1585760, bmo#1592502) |
|
349 Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 |
|
350 * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937 |
|
351 bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865 |
|
352 bmo#1594181) |
|
353 Memory safety bugs fixed in Firefox 71 |
5 - requires |
354 - requires |
6 NSPR >= 4.23 |
355 NSPR >= 4.23 |
7 NSS >= 3.47.1 |
356 NSS >= 3.47.1 |
8 rust/cargo >= 1.37 |
357 rust/cargo >= 1.37 |
9 - reactivate webrtc for platforms where it was disabled |
358 - reactivate webrtc for platforms where it was disabled |
10 - updated create-tar.sh to cover buildid and origin repo information |
359 - updated create-tar.sh to cover buildid and origin repo information |
11 -> removed obsolete source-stamp.txt |
360 -> removed obsolete source-stamp.txt |
12 - removed obsolete patches |
361 - removed obsolete patches |
13 mozilla-bmo1511604.patch |
362 mozilla-bmo1511604.patch |
14 mozilla-openaes-decl.patch |
363 mozilla-openaes-decl.patch |
|
364 - changed locale building procedure |
|
365 * removed obsolete compare-locales.tar.xz |
|
366 - added mozilla-bmo1601707.patch to fix gcc/LTO builds |
|
367 (bmo#1601707, boo#1158466) |
|
368 - added mozilla-bmo849632.patch to fix big endian issues in skia |
|
369 used for WebGL |
15 |
370 |
16 ------------------------------------------------------------------- |
371 ------------------------------------------------------------------- |
17 Fri Nov 1 14:16:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
372 Fri Nov 1 14:16:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org> |
18 |
373 |
19 - Mozilla Firefox 70.0.1 |
374 - Mozilla Firefox 70.0.1 |