diff -r f9b2d408b7ef -r 130d464159be MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Feb 05 15:04:53 2022 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Wed Mar 02 15:34:50 2022 +0100 @@ -1,10 +1,91 @@ ------------------------------------------------------------------- +Fri Feb 18 20:38:22 UTC 2022 - Andreas Stieger + +- Mozilla Firefox 97.0.1 + * Fixed: Fixed an issue where TikTok videos would fail to load + when selected from a user's profile page (bmo#1750973) + * Fixed: Fixed an issue which led to Picture-in-Picture mode + being unable to be toggled on Hulu (bmo#1753401) + * Fixed: Works around problems with WebRoot SecureAnywhere + antivirus rendering Firefox unusable in some situations + (bmo#1752466) + * Fixed: Fixed an issue causing users to see the Restore + Session screen unexpectedly when starting Firefox + (bmo#1749996) + +------------------------------------------------------------------- +Mon Feb 14 19:31:29 UTC 2022 - Luciano Santos + +- Remove bashisms ("source" and "function" keywords) from + mozilla.sh.in to ally with the #!/bin/sh shebang. If the end user + has either dash-sh package or busybox-sh to handle Bourn Shell + scripts rather than having bash-sh package, the script would + fail. Using "." instead of "source" and "create_langpack_link()" + function definition is enough to keep both sides sane, + behavior-wise. + +------------------------------------------------------------------- +Tue Feb 8 08:40:45 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Firefox 97.0 + MFSA 2022-04 (bsc#1195682) + * CVE-2022-22753 (bmo#1732435) + Privilege Escalation to SYSTEM on Windows via Maintenance Service + * CVE-2022-22754 (bmo#1750565) + Extensions could have bypassed permission confirmation during update + * CVE-2022-22755 (bmo#1309630) + XSL could have allowed JavaScript execution after a tab was closed + * CVE-2022-22756 (bmo#1317873) + Drag and dropping an image could have resulted in the dropped + object being an executable + * CVE-2022-22757 (bmo#1720098) + Remote Agent did not prevent local websites from connecting + * CVE-2022-22758 (bmo#1728742) + tel: links could have sent USSD codes to the dialer on + Firefox for Android + * CVE-2022-22759 (bmo#1739957) + Sandboxed iframes could have executed script if the parent + appended elements + * CVE-2022-22760 (bmo#1740985, bmo#1748503) + Cross-Origin responses could be distinguished between script + and non-script content-types + * CVE-2022-22761 (bmo#1745566) + frame-ancestors Content Security Policy directive was not + enforced for framed extension pages + * CVE-2022-22762 (bmo#1743931) + JavaScript Dialogs could have been displayed over other + domains on Firefox for Android + * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545, + bmo#1748210, bmo#1748279) + Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 + * CVE-2022-0511 (bmo#1713579, bmo#1735448, bmo#1743821, bmo#1746313, + bmo#1746314, bmo#1746316, bmo#1746321, bmo#1746322, bmo#1746323, + bmo#1746412, bmo#1746430, bmo#1746451, bmo#1746488, bmo#1746875, + bmo#1746898, bmo#1746905, bmo#1746907, bmo#1746917, bmo#1747128, + bmo#1747137, bmo#1747331, bmo#1747346, bmo#1747439, bmo#1747457, + bmo#1747870, bmo#1749051, bmo#1749274, bmo#1749831) + Memory safety bugs fixed in Firefox 97 +- requires NSS 3.74 +- requires rust 1.57 + +------------------------------------------------------------------- +Mon Feb 7 22:21:29 UTC 2022 - Dirk Müller + +- remove memoryperjob and use %limit instead. this allows to + adapt to more worker types, and lowers the time the package + is stuck in "scheduling". raising memory above 8 to lower + risk for LTO jobs to run OOM +- add hack to disable -Wl,--gc-section which avoids a binutils + segfault on x86 +- change mozilla-reduce-rust-debuginfo.patch: use -g1 everywhere + +------------------------------------------------------------------- Sun Jan 30 23:58:34 UTC 2022 - Dirk Müller -- disable ccache, this adds about 1 minute of build time and +- disable ccache, this adds about 1 minute of build time and over 2 GB of disk space usage without benefit on OBS builds - build with rust-simd like upstream does -- use -g1 for debuginfo generation as this is what upstream +- use -g1 for debuginfo generation as this is what upstream does as well and it saves ~ 2GB of writes - use %limit on x86_64 to scale down to less capable workers - disable install stripping so that debuginfo is useful