--- a/MozillaFirefox/MozillaFirefox.changes Mon Nov 25 08:41:45 2019 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes Thu Jun 11 22:04:26 2020 +0200
@@ -1,7 +1,356 @@
-------------------------------------------------------------------
-Tue Nov 19 09:30:19 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
-
-- Mozilla Firefox 71.0b11
+Wed Jun 10 07:17:15 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Exclude armv6, since it is unbuildable since about 3 years
+
+-------------------------------------------------------------------
+Wed Jun 3 21:39:11 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 77.0.1
+ * Disable automatic selection of DNS over HTTPS providers during
+ a test to enable wider deployment in a more controlled way
+ (bmo#1642723)
+
+-------------------------------------------------------------------
+Fri May 29 11:49:36 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 77.0
+ * view and manage web certificates more easily on the new
+ about:certificate page
+ * improvements in accessibility
+ * significant improvements to JavaScript debugging
+ MFSA 2020-20 (bsc#1172402)
+ * CVE-2020-12399 (bmo#1631576)
+ Timing attack on DSA signatures in NSS library
+ (fixed with external NSS >= 3.52.1)
+ * CVE-2020-12405 (bmo#1631618)
+ Use-after-free in SharedWorkerService
+ * CVE-2020-12406 (bmo#1639590)
+ JavaScript type confusion with NativeTypes
+ * CVE-2020-12407 (bmo#1637112)
+ WebRender leaking GPU memory when using border-image CSS
+ directive
+ * CVE-2020-12408 (bmo#1623888)
+ URL spoofing when using IP addresses
+ * CVE-2020-12409 (bmo#1619305, bmo#1632717)
+ Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
+ * CVE-2020-12411 (bmo#1620972, bmo#1625333)
+ Memory safety bugs fixed in Firefox 77
+- requires
+ * NSS >= 3.52.1
+ * rust-cbindgen >= 1.14.1
+ * clang >= 5
+- added mozilla-bmo1634646.patch as part of fixing PGO build
+ (still not working)
+
+-------------------------------------------------------------------
+Wed May 13 12:21:13 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com>
+
+- change again _constraints for ppc64le use <physicalmemory>
+ and increase limit_build in spec file to reduce max_jobs.
+
+-------------------------------------------------------------------
+Sat May 9 11:45:39 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 76.0.1
+ * Fixed a bug causing some add-ons such as Amazon Assistant to see
+ multiple onConnect events, impairing functionality (bmo#1635637)
+
+-------------------------------------------------------------------
+Fri May 1 11:59:58 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 76.0
+ * Lockwise improvements
+ * Improvements in Picture-in-Picture feature
+ * Support Audio Worklets
+ MFSA-2020-16 (bsc#1171186)
+ * CVE-2020-12387 (bmo#1545345)
+ Use-after-free during worker shutdown
+ * CVE-2020-12388 (bmo#1618911)
+ Sandbox escape with improperly guarded Access Tokens
+ * CVE-2020-12389 (bmo#1554110)
+ Sandbox escape with improperly separated process types
+ * CVE-2020-6831 (bmo#1632241)
+ Buffer overflow in SCTP chunk input validation
+ * CVE-2020-12390 (bmo#1141959)
+ Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
+ * CVE-2020-12391 (bmo#1457100)
+ Content-Security-Policy bypass using object elements
+ * CVE-2020-12392 (bmo#1614468)
+ Arbitrary local file access with 'Copy as cURL'
+ * CVE-2020-12393 (bmo#1615471)
+ Devtools' 'Copy as cURL' feature did not fully escape
+ website-controlled data, potentially leading to command injection
+ * CVE-2020-12394 (bmo#1628288)
+ URL spoofing in location bar when unfocussed
+ * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
+ bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
+ Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
+ * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
+ bmo#1622291, bmo#1627644)
+ Memory safety bugs fixed in Firefox 76
+- requires
+ * NSS >= 3.51.1
+ * nasm >= 2.14
+- removed obsolete patch mozilla-bmo1622013.patch
+- fix URI creation for KDE file selector integration (boo#1160331)
+
+-------------------------------------------------------------------
+Tue Apr 7 12:18:27 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 75.0
+ * https://www.mozilla.org/en-US/firefox/75.0/releasenotes
+ MFSA 2020-12 (bsc#1168874)
+ * CVE-2020-6821 (bmo#1625404)
+ Uninitialized memory could be read when using the WebGL
+ copyTexSubImage method
+ * CVE-2020-6822 (bmo#1544181)
+ Out of bounds write in GMPDecodeData when processing large images
+ * CVE-2020-6823 (bmo#1614919)
+ Malicious Extension could obtain auth codes from OAuth login flows
+ * CVE-2020-6824 (bmo#1621853)
+ Generated passwords may be identical on the same site between
+ separate private browsing sessions
+ * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203)
+ Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
+ * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488,
+ bmo#1619229,bmo#1620719,bmo#1624897)
+ Memory safety bugs fixed in Firefox 75
+- removed obsolete patch
+ mozilla-bmo1609538.patch
+- requires
+ * rust >= 1.41
+ * rust-cbindgen >= 0.13.1
+ * mozilla-nss >= 3.51
+ * nodejs10 >= 10.19
+- fix build issue in libvpx for i586 via mozilla-bmo1622013.patch
+
+-------------------------------------------------------------------
+Mon Apr 6 11:19:24 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com>
+
+- increase _constraints memory for ppc64le
+
+-------------------------------------------------------------------
+Fri Apr 3 15:23:28 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 74.0.1
+ MFSA 2020-11 (boo#1168630)
+ * CVE-2020-6819 (bmo#1620818)
+ Use-after-free while running the nsDocShell destructor
+ * CVE-2020-6820 (bmo#1626728)
+ Use-after-free when handling a ReadableStream
+
+-------------------------------------------------------------------
+Wed Mar 25 07:30:39 UTC 2020 - Marcus Meissner <meissner@suse.com>
+
+- mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled
+ to be read, as openssl 1.1.1 FIPS aborts if it cannot access it
+ (bsc#1167132)
+
+-------------------------------------------------------------------
+Sat Mar 7 08:51:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 74.0
+ * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
+ MFSA 2020-08 (bsc#1166238)
+ * CVE-2020-6805 (bmo#1610880)
+ Use-after-free when removing data about origins
+ * CVE-2020-6806 (bmo#1612308)
+ BodyStream::OnInputStreamReady was missing protections against
+ state confusion
+ * CVE-2020-6807 (bmo#1614971)
+ Use-after-free in cubeb during stream destruction
+ * CVE-2020-6808 (bmo#1247968)
+ URL Spoofing via javascript: URL
+ * CVE-2020-6809 (bmo#1420296)
+ Web Extensions with the all-urls permission could access local
+ files
+ * CVE-2020-6810 (bmo#1432856)
+ Focusing a popup while in fullscreen could have obscured the
+ fullscreen notification
+ * CVE-2020-6811 (bmo#1607742)
+ Devtools' 'Copy as cURL' feature did not fully escape
+ website-controlled data, potentially leading to command injection
+ * CVE-2019-20503 (bmo#1613765)
+ Out of bounds reads in sctp_load_addresses_from_init
+ * CVE-2020-6812 (bmo#1616661)
+ The names of AirPods with personally identifiable information
+ were exposed to websites with camera or microphone permission
+ * CVE-2020-6813 (bmo#1605814)
+ @import statements in CSS could bypass the Content Security
+ Policy nonce feature
+ * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,
+ bmo#1614339)
+ Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
+ * CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457,
+ bmo#1612431)
+ Memory and script safety bugs fixed in Firefox 74
+- requires
+ * NSPR 4.25
+ * NSS 3.50
+ * rust-cbindgen 0.13.0
+- removed obsolete patches
+ mozilla-bmo1610814.patch
+ mozilla-cubeb-noreturn.patch
+- add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36
+ (bmo#1609538, boo#1166471)
+
+-------------------------------------------------------------------
+Wed Feb 26 08:12:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- big endian fixes
+
+-------------------------------------------------------------------
+Tue Feb 25 14:17:00 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Fix build on aarch64/armv7 with:
+ * mozilla-bmo1610814.patch (boo#1164845, bmo#1610814)
+
+-------------------------------------------------------------------
+Thu Feb 20 13:40:59 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 73.0.1
+ * Resolved problems connecting to the RBC Royal Bank website
+ (bmo#1613943)
+ * Fixed Firefox unexpectedly exiting when leaving Print Preview mode
+ (bmo#1611133)
+ * Fixed crashes when playing encrypted content on some Linux systems
+ (bmo#1614535, boo#1164646)
+- start in wayland mode when running under wayland session
+
+-------------------------------------------------------------------
+Sun Feb 9 07:45:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 73.0
+ * Added support for setting a default zoom level applicable for all
+ web content
+ * High-contrast mode has been updated to allow background images
+ * Improved audio quality when playing back audio at a faster or
+ slower speed
+ * Added NextDNS as alternative option for DNS over HTTPS
+ MFSA 2020-05 (bsc#1163368)
+ * CVE-2020-6796 (bmo#1610426)
+ Missing bounds check on shared memory read in the parent process
+ * CVE-2020-6797 (bmo#1596668) (MacOS X only)
+ Extensions granted downloads.open permission could open arbitrary
+ applications on Mac OSX
+ * CVE-2020-6798 (bmo#1602944)
+ Incorrect parsing of template tag could result in JavaScript injection
+ * CVE-2020-6799 (bmo#1606596) (Windows only)
+ Arbitrary code execution when opening pdf links from other
+ applications, when Firefox is configured as default pdf reader
+ * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
+ bmo#1608580,bmo#1608785,bmo#1605777)
+ Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
+ * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492)
+ Memory safety bugs fixed in Firefox 73
+- updated requirements
+ * rust >= 1.39
+ * NSS >= 3.49.2
+ * rust-cbindgen >= 0.12.0
+- rebased patches
+- removed obsolete patch
+ * mozilla-bmo1601707.patch
+- switched to cairo-gtk3-wayland build
+ (to fully enable wayland MOZ_ENABLE_WAYLAND=1 needs to be set)
+- disabled elfhack due to failing packager
+ https://github.com/openSUSE/firefox-maintenance/issues/28
+- disabled PGO due to build failure
+ https://github.com/openSUSE/firefox-maintenance/issues/29
+
+-------------------------------------------------------------------
+Tue Jan 28 07:30:16 UTC 2020 - Stasiek Michalski <stasiek@michalski.cc>
+
+- Use a symbolic icon from branding internals
+- Pixmaps no longer required for the desktops
+
+-------------------------------------------------------------------
+Wed Jan 22 10:30:21 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 72.0.2
+ * Various stability fixes
+ * Fixed issues opening files with spaces in their path (bmo#1601905)
+ * Fixed a hang opening about:logins when a master password is set
+ (bmo#1606992)
+ * Fixed a web compatibility issue with CSS Shadow Parts which
+ shipped in Firefox 72 (bmo#1604989)
+ * Fixed inconsistent playback performance for fullscreen 1080p
+ videos on some systems (bmo#1608485)
+
+-------------------------------------------------------------------
+Tue Jan 21 12:59:54 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Fix build for aarch64/ppc64le (do not update config.sub file
+ for libbacktrace)
+
+-------------------------------------------------------------------
+Wed Jan 8 08:19:12 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 72.0.1
+ MFSA 2020-03 (bsc#1160498)
+ * CVE-2019-17026 (bmo#1607443)
+ IonMonkey type confusion with StoreElementHole and FallibleStoreElement
+- Mozilla Firefox 72.0
+ * block fingerprinting scripts by default
+ * new notification pop-ups
+ * Picture-in-picture video
+ MFSA 2020-01 (bsc#1160305)
+ * CVE-2019-17016 (bmo#1599181)
+ Bypass of @namespace CSS sanitization during pasting
+ * CVE-2019-17017 (bmo#1603055)
+ Type Confusion in XPCVariant.cpp
+ * CVE-2019-17020 (bmo#1597645)
+ Content Security Policy not applied to XSL stylesheets applied
+ to XML documents
+ * CVE-2019-17022 (bmo#1602843)
+ CSS sanitization does not escape HTML tags
+ * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME)
+ NSS may negotiate TLS 1.2 or below after a TLS 1.3
+ HelloRetryRequest had been sent
+ * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826)
+ Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
+ * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965
+ bmo#1595692,bmo#1597321,bmo#1597481)
+ Memory safety bugs fixed in Firefox 72
+- update create-tar.sh to skip compare-locales
+- requires NSPR 4.24 and NSS 3.48
+- removed usage of browser-plugins convention for NPAPI plugins
+ from start wrapper and changed the RPM macro to the
+ /usr/$LIB/mozilla/plugins location (boo#1160302)
+
+-------------------------------------------------------------------
+Mon Dec 2 08:24:05 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 71.0
+ * Improvements to Lockwise, our integrated password manager
+ * More information about Enhanced Tracking Protection in action
+ * Native MP3 decoding on Windows, Linux, and macOS
+ * Configuration page (about:config) reimplemented in HTML
+ * New kiosk mode functionality, which allows maximum screen space
+ for customer-facing displays
+ MFSA 2019-36
+ * CVE-2019-11756 (bmo#1508776)
+ Use-after-free of SFTKSession object
+ * CVE-2019-17008 (bmo#1546331)
+ Use-after-free in worker destruction
+ * CVE-2019-13722 (bmo#1580156) (Windows only)
+ Stack corruption due to incorrect number of arguments in WebRTC code
+ * CVE-2019-17014 (bmo#1322864)
+ Dragging and dropping a cross-origin resource, incorrectly loaded
+ as an image, could result in information disclosure
+ * CVE-2019-17010 (bmo#1581084)
+ Use-after-free when performing device orientation checks
+ * CVE-2019-17005 (bmo#1584170)
+ Buffer overflow in plain text serializer
+ * CVE-2019-17011 (bmo#1591334)
+ Use-after-free when retrieving a document in antitracking
+ * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209
+ bmo#1580288, bmo#1585760, bmo#1592502)
+ Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
+ * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937
+ bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865
+ bmo#1594181)
+ Memory safety bugs fixed in Firefox 71
- requires
NSPR >= 4.23
NSS >= 3.47.1
@@ -12,6 +361,12 @@
- removed obsolete patches
mozilla-bmo1511604.patch
mozilla-openaes-decl.patch
+- changed locale building procedure
+ * removed obsolete compare-locales.tar.xz
+- added mozilla-bmo1601707.patch to fix gcc/LTO builds
+ (bmo#1601707, boo#1158466)
+- added mozilla-bmo849632.patch to fix big endian issues in skia
+ used for WebGL
-------------------------------------------------------------------
Fri Nov 1 14:16:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>