diff -r 52b1745787cf -r 146af4f081b9 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Mon Nov 25 08:41:45 2019 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Thu Jun 11 22:04:26 2020 +0200 @@ -1,7 +1,356 @@ ------------------------------------------------------------------- -Tue Nov 19 09:30:19 UTC 2019 - Wolfgang Rosenauer - -- Mozilla Firefox 71.0b11 +Wed Jun 10 07:17:15 UTC 2020 - Guillaume GARDET + +- Exclude armv6, since it is unbuildable since about 3 years + +------------------------------------------------------------------- +Wed Jun 3 21:39:11 UTC 2020 - Andreas Stieger + +- Mozilla Firefox 77.0.1 + * Disable automatic selection of DNS over HTTPS providers during + a test to enable wider deployment in a more controlled way + (bmo#1642723) + +------------------------------------------------------------------- +Fri May 29 11:49:36 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 77.0 + * view and manage web certificates more easily on the new + about:certificate page + * improvements in accessibility + * significant improvements to JavaScript debugging + MFSA 2020-20 (bsc#1172402) + * CVE-2020-12399 (bmo#1631576) + Timing attack on DSA signatures in NSS library + (fixed with external NSS >= 3.52.1) + * CVE-2020-12405 (bmo#1631618) + Use-after-free in SharedWorkerService + * CVE-2020-12406 (bmo#1639590) + JavaScript type confusion with NativeTypes + * CVE-2020-12407 (bmo#1637112) + WebRender leaking GPU memory when using border-image CSS + directive + * CVE-2020-12408 (bmo#1623888) + URL spoofing when using IP addresses + * CVE-2020-12409 (bmo#1619305, bmo#1632717) + Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 + * CVE-2020-12411 (bmo#1620972, bmo#1625333) + Memory safety bugs fixed in Firefox 77 +- requires + * NSS >= 3.52.1 + * rust-cbindgen >= 1.14.1 + * clang >= 5 +- added mozilla-bmo1634646.patch as part of fixing PGO build + (still not working) + +------------------------------------------------------------------- +Wed May 13 12:21:13 UTC 2020 - Michel Normand + +- change again _constraints for ppc64le use + and increase limit_build in spec file to reduce max_jobs. + +------------------------------------------------------------------- +Sat May 9 11:45:39 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 76.0.1 + * Fixed a bug causing some add-ons such as Amazon Assistant to see + multiple onConnect events, impairing functionality (bmo#1635637) + +------------------------------------------------------------------- +Fri May 1 11:59:58 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 76.0 + * Lockwise improvements + * Improvements in Picture-in-Picture feature + * Support Audio Worklets + MFSA-2020-16 (bsc#1171186) + * CVE-2020-12387 (bmo#1545345) + Use-after-free during worker shutdown + * CVE-2020-12388 (bmo#1618911) + Sandbox escape with improperly guarded Access Tokens + * CVE-2020-12389 (bmo#1554110) + Sandbox escape with improperly separated process types + * CVE-2020-6831 (bmo#1632241) + Buffer overflow in SCTP chunk input validation + * CVE-2020-12390 (bmo#1141959) + Incorrect serialization of nsIPrincipal.origin for IPv6 addresses + * CVE-2020-12391 (bmo#1457100) + Content-Security-Policy bypass using object elements + * CVE-2020-12392 (bmo#1614468) + Arbitrary local file access with 'Copy as cURL' + * CVE-2020-12393 (bmo#1615471) + Devtools' 'Copy as cURL' feature did not fully escape + website-controlled data, potentially leading to command injection + * CVE-2020-12394 (bmo#1628288) + URL spoofing in location bar when unfocussed + * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098, + bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508) + Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 + * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488, + bmo#1622291, bmo#1627644) + Memory safety bugs fixed in Firefox 76 +- requires + * NSS >= 3.51.1 + * nasm >= 2.14 +- removed obsolete patch mozilla-bmo1622013.patch +- fix URI creation for KDE file selector integration (boo#1160331) + +------------------------------------------------------------------- +Tue Apr 7 12:18:27 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 75.0 + * https://www.mozilla.org/en-US/firefox/75.0/releasenotes + MFSA 2020-12 (bsc#1168874) + * CVE-2020-6821 (bmo#1625404) + Uninitialized memory could be read when using the WebGL + copyTexSubImage method + * CVE-2020-6822 (bmo#1544181) + Out of bounds write in GMPDecodeData when processing large images + * CVE-2020-6823 (bmo#1614919) + Malicious Extension could obtain auth codes from OAuth login flows + * CVE-2020-6824 (bmo#1621853) + Generated passwords may be identical on the same site between + separate private browsing sessions + * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203) + Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 + * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488, + bmo#1619229,bmo#1620719,bmo#1624897) + Memory safety bugs fixed in Firefox 75 +- removed obsolete patch + mozilla-bmo1609538.patch +- requires + * rust >= 1.41 + * rust-cbindgen >= 0.13.1 + * mozilla-nss >= 3.51 + * nodejs10 >= 10.19 +- fix build issue in libvpx for i586 via mozilla-bmo1622013.patch + +------------------------------------------------------------------- +Mon Apr 6 11:19:24 UTC 2020 - Michel Normand + +- increase _constraints memory for ppc64le + +------------------------------------------------------------------- +Fri Apr 3 15:23:28 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 74.0.1 + MFSA 2020-11 (boo#1168630) + * CVE-2020-6819 (bmo#1620818) + Use-after-free while running the nsDocShell destructor + * CVE-2020-6820 (bmo#1626728) + Use-after-free when handling a ReadableStream + +------------------------------------------------------------------- +Wed Mar 25 07:30:39 UTC 2020 - Marcus Meissner + +- mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled + to be read, as openssl 1.1.1 FIPS aborts if it cannot access it + (bsc#1167132) + +------------------------------------------------------------------- +Sat Mar 7 08:51:06 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 74.0 + * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/ + MFSA 2020-08 (bsc#1166238) + * CVE-2020-6805 (bmo#1610880) + Use-after-free when removing data about origins + * CVE-2020-6806 (bmo#1612308) + BodyStream::OnInputStreamReady was missing protections against + state confusion + * CVE-2020-6807 (bmo#1614971) + Use-after-free in cubeb during stream destruction + * CVE-2020-6808 (bmo#1247968) + URL Spoofing via javascript: URL + * CVE-2020-6809 (bmo#1420296) + Web Extensions with the all-urls permission could access local + files + * CVE-2020-6810 (bmo#1432856) + Focusing a popup while in fullscreen could have obscured the + fullscreen notification + * CVE-2020-6811 (bmo#1607742) + Devtools' 'Copy as cURL' feature did not fully escape + website-controlled data, potentially leading to command injection + * CVE-2019-20503 (bmo#1613765) + Out of bounds reads in sctp_load_addresses_from_init + * CVE-2020-6812 (bmo#1616661) + The names of AirPods with personally identifiable information + were exposed to websites with camera or microphone permission + * CVE-2020-6813 (bmo#1605814) + @import statements in CSS could bypass the Content Security + Policy nonce feature + * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636, + bmo#1614339) + Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 + * CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457, + bmo#1612431) + Memory and script safety bugs fixed in Firefox 74 +- requires + * NSPR 4.25 + * NSS 3.50 + * rust-cbindgen 0.13.0 +- removed obsolete patches + mozilla-bmo1610814.patch + mozilla-cubeb-noreturn.patch +- add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36 + (bmo#1609538, boo#1166471) + +------------------------------------------------------------------- +Wed Feb 26 08:12:00 UTC 2020 - Wolfgang Rosenauer + +- big endian fixes + +------------------------------------------------------------------- +Tue Feb 25 14:17:00 UTC 2020 - Guillaume GARDET + +- Fix build on aarch64/armv7 with: + * mozilla-bmo1610814.patch (boo#1164845, bmo#1610814) + +------------------------------------------------------------------- +Thu Feb 20 13:40:59 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 73.0.1 + * Resolved problems connecting to the RBC Royal Bank website + (bmo#1613943) + * Fixed Firefox unexpectedly exiting when leaving Print Preview mode + (bmo#1611133) + * Fixed crashes when playing encrypted content on some Linux systems + (bmo#1614535, boo#1164646) +- start in wayland mode when running under wayland session + +------------------------------------------------------------------- +Sun Feb 9 07:45:00 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 73.0 + * Added support for setting a default zoom level applicable for all + web content + * High-contrast mode has been updated to allow background images + * Improved audio quality when playing back audio at a faster or + slower speed + * Added NextDNS as alternative option for DNS over HTTPS + MFSA 2020-05 (bsc#1163368) + * CVE-2020-6796 (bmo#1610426) + Missing bounds check on shared memory read in the parent process + * CVE-2020-6797 (bmo#1596668) (MacOS X only) + Extensions granted downloads.open permission could open arbitrary + applications on Mac OSX + * CVE-2020-6798 (bmo#1602944) + Incorrect parsing of template tag could result in JavaScript injection + * CVE-2020-6799 (bmo#1606596) (Windows only) + Arbitrary code execution when opening pdf links from other + applications, when Firefox is configured as default pdf reader + * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851, + bmo#1608580,bmo#1608785,bmo#1605777) + Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 + * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492) + Memory safety bugs fixed in Firefox 73 +- updated requirements + * rust >= 1.39 + * NSS >= 3.49.2 + * rust-cbindgen >= 0.12.0 +- rebased patches +- removed obsolete patch + * mozilla-bmo1601707.patch +- switched to cairo-gtk3-wayland build + (to fully enable wayland MOZ_ENABLE_WAYLAND=1 needs to be set) +- disabled elfhack due to failing packager + https://github.com/openSUSE/firefox-maintenance/issues/28 +- disabled PGO due to build failure + https://github.com/openSUSE/firefox-maintenance/issues/29 + +------------------------------------------------------------------- +Tue Jan 28 07:30:16 UTC 2020 - Stasiek Michalski + +- Use a symbolic icon from branding internals +- Pixmaps no longer required for the desktops + +------------------------------------------------------------------- +Wed Jan 22 10:30:21 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 72.0.2 + * Various stability fixes + * Fixed issues opening files with spaces in their path (bmo#1601905) + * Fixed a hang opening about:logins when a master password is set + (bmo#1606992) + * Fixed a web compatibility issue with CSS Shadow Parts which + shipped in Firefox 72 (bmo#1604989) + * Fixed inconsistent playback performance for fullscreen 1080p + videos on some systems (bmo#1608485) + +------------------------------------------------------------------- +Tue Jan 21 12:59:54 UTC 2020 - Guillaume GARDET + +- Fix build for aarch64/ppc64le (do not update config.sub file + for libbacktrace) + +------------------------------------------------------------------- +Wed Jan 8 08:19:12 UTC 2020 - Wolfgang Rosenauer + +- Mozilla Firefox 72.0.1 + MFSA 2020-03 (bsc#1160498) + * CVE-2019-17026 (bmo#1607443) + IonMonkey type confusion with StoreElementHole and FallibleStoreElement +- Mozilla Firefox 72.0 + * block fingerprinting scripts by default + * new notification pop-ups + * Picture-in-picture video + MFSA 2020-01 (bsc#1160305) + * CVE-2019-17016 (bmo#1599181) + Bypass of @namespace CSS sanitization during pasting + * CVE-2019-17017 (bmo#1603055) + Type Confusion in XPCVariant.cpp + * CVE-2019-17020 (bmo#1597645) + Content Security Policy not applied to XSL stylesheets applied + to XML documents + * CVE-2019-17022 (bmo#1602843) + CSS sanitization does not escape HTML tags + * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME) + NSS may negotiate TLS 1.2 or below after a TLS 1.3 + HelloRetryRequest had been sent + * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826) + Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 + * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965 + bmo#1595692,bmo#1597321,bmo#1597481) + Memory safety bugs fixed in Firefox 72 +- update create-tar.sh to skip compare-locales +- requires NSPR 4.24 and NSS 3.48 +- removed usage of browser-plugins convention for NPAPI plugins + from start wrapper and changed the RPM macro to the + /usr/$LIB/mozilla/plugins location (boo#1160302) + +------------------------------------------------------------------- +Mon Dec 2 08:24:05 UTC 2019 - Wolfgang Rosenauer + +- Mozilla Firefox 71.0 + * Improvements to Lockwise, our integrated password manager + * More information about Enhanced Tracking Protection in action + * Native MP3 decoding on Windows, Linux, and macOS + * Configuration page (about:config) reimplemented in HTML + * New kiosk mode functionality, which allows maximum screen space + for customer-facing displays + MFSA 2019-36 + * CVE-2019-11756 (bmo#1508776) + Use-after-free of SFTKSession object + * CVE-2019-17008 (bmo#1546331) + Use-after-free in worker destruction + * CVE-2019-13722 (bmo#1580156) (Windows only) + Stack corruption due to incorrect number of arguments in WebRTC code + * CVE-2019-17014 (bmo#1322864) + Dragging and dropping a cross-origin resource, incorrectly loaded + as an image, could result in information disclosure + * CVE-2019-17010 (bmo#1581084) + Use-after-free when performing device orientation checks + * CVE-2019-17005 (bmo#1584170) + Buffer overflow in plain text serializer + * CVE-2019-17011 (bmo#1591334) + Use-after-free when retrieving a document in antitracking + * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209 + bmo#1580288, bmo#1585760, bmo#1592502) + Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 + * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937 + bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865 + bmo#1594181) + Memory safety bugs fixed in Firefox 71 - requires NSPR >= 4.23 NSS >= 3.47.1 @@ -12,6 +361,12 @@ - removed obsolete patches mozilla-bmo1511604.patch mozilla-openaes-decl.patch +- changed locale building procedure + * removed obsolete compare-locales.tar.xz +- added mozilla-bmo1601707.patch to fix gcc/LTO builds + (bmo#1601707, boo#1158466) +- added mozilla-bmo849632.patch to fix big endian issues in skia + used for WebGL ------------------------------------------------------------------- Fri Nov 1 14:16:39 UTC 2019 - Wolfgang Rosenauer