Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox96
changeset 1170 f9b2d408b7ef
parent 1169 7481543bab31
child 1171 130d464159be 
--- a/MozillaFirefox/MozillaFirefox.changes	Sat Jan 08 10:41:19 2022 +0100
+++ b/MozillaFirefox/MozillaFirefox.changes	Sat Feb 05 15:04:53 2022 +0100
@@ -1,4 +1,107 @@
 -------------------------------------------------------------------
+Sun Jan 30 23:58:34 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- disable ccache, this adds about 1 minute of build time and 
+  over 2 GB of disk space usage without benefit on OBS builds
+- build with rust-simd like upstream does
+- use -g1 for debuginfo generation as this is what upstream 
+  does as well and it saves ~ 2GB of writes
+- use %limit on x86_64 to scale down to less capable workers
+- disable install stripping so that debuginfo is useful
+- use autopatch
+- cleanup constraints to specify only jobs, physicalmemory
+  and memoryperjob to be more flexible on which host to build
+  on
+
+-------------------------------------------------------------------
+Fri Jan 28 15:26:45 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 96.0.3 (bsc#1195230)
+  * Fixed an issue that allowed unexpected data to be submitted in
+    some of our search telemetry (bmo#1752317)
+
+-------------------------------------------------------------------
+Mon Jan 24 07:42:03 UTC 2022 - Martin Liška <mliska@suse.cz>
+
+- Enable -fimplicit-constexpr for GCC 12+.
+
+-------------------------------------------------------------------
+Thu Jan 20 23:21:44 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 96.0.2
+  * Fix an issue that caused tab height to display inconsistently
+    on Linux when audio was played (bmo#1714276)
+  * Fix an issue that caused Lastpass dropdowns to appear blank in
+    Private Browsing mode (bmo#1748158)
+  * Fix a crash encountered when resizing a Facebook app
+    (bmo#1746084)
+
+-------------------------------------------------------------------
+Fri Jan 14 16:56:42 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 96.0.1
+  * Fixed: Improvements to make the parsing of content-length
+    headers more robust (bmo#1749957, boo#1194677)
+
+-------------------------------------------------------------------
+Sat Jan  8 10:32:46 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 96.0
+  * https://www.mozilla.org/en-US/firefox/96.0/releasenotes
+  MFSA 2022-01 (bsc#1194547)
+  * CVE-2022-22746 (bmo#1735071)
+    Calling into reportValidity could have lead to fullscreen
+    window spoof
+  * CVE-2022-22743 (bmo#1739220)
+    Browser window spoof using fullscreen mode
+  * CVE-2022-22742 (bmo#1739923)
+    Out-of-bounds memory access when inserting text in edit mode
+  * CVE-2022-22741 (bmo#1740389)
+    Browser window spoof using fullscreen mode
+  * CVE-2022-22740 (bmo#1742334)
+    Use-after-free of ChannelEventQueue::mOwner
+  * CVE-2022-22738 (bmo#1742382)
+    Heap-buffer-overflow in blendGaussianBlur
+  * CVE-2022-22737 (bmo#1745874)
+    Race condition when playing audio files
+  * CVE-2021-4140 (bmo#1746720)
+    Iframe sandbox bypass with XSLT
+  * CVE-2022-22750 (bmo#1566608)
+    IPC passing of resource handles could have lead to sandbox
+    bypass
+  * CVE-2022-22749 (bmo#1705094)
+    Lack of URL restrictions when scanning QR codes
+  * CVE-2022-22748 (bmo#1705211)
+    Spoofed origin on external protocol launch dialog
+  * CVE-2022-22745 (bmo#1735856)
+    Leaking cross-origin URLs through securitypolicyviolation
+    event
+  * CVE-2022-22744 (bmo#1737252)
+    The 'Copy as curl' feature in DevTools did not fully escape
+    website-controlled data, potentially leading to command
+    injection
+  * CVE-2022-22747 (bmo#1735028)
+    Crash when handling empty pkcs7 sequence
+  * CVE-2022-22736 (bmo#1742692)
+    Potential local privilege escalation when loading modules
+    from the install directory.
+  * CVE-2022-22739 (bmo#1744158)
+    Missing throttling on external protocol launch dialog
+  * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366,
+    bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869,
+    bmo#1743221, bmo#1743515, bmo#1745373, bmo#1746011)
+    Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
+  * CVE-2022-22752 (bmo#1740534, bmo#1741210, bmo#1742770)
+    Memory safety bugs fixed in Firefox 96
+- removed obsolete patches
+  * mozilla-bmo1745560.patch
+  * mozilla-bmo1744896.patch
+  * mozilla-sandbox-fips.patch
+- requires
+  NSPR >= 4.33
+  NSS  >= 3.73.1
+
+-------------------------------------------------------------------
 Tue Dec 28 17:45:28 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
 
 - Add upstream patches:
mozilla