diff -r c384af864671 -r 7481543bab31 MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Dec 04 11:19:16 2021 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Sat Jan 08 10:41:19 2022 +0100 @@ -1,4 +1,79 @@ ------------------------------------------------------------------- +Tue Dec 28 17:45:28 UTC 2021 - Bjørn Lie + +- Add upstream patches: + * mozilla-bmo1745560.patch: Fix build against wayland 1.20. + * mozilla-bmo1744896.patch: Create WaylandVsyncSource on window + creation + +------------------------------------------------------------------- +Mon Dec 20 21:57:30 UTC 2021 - Wolfgang Rosenauer + +- Mozilla Firefox 95.0.2 + * Addresses frequent crashes experienced by users with C/E/Z-Series + "Bobcat" CPUs running on Windows 7, 8, and 8.1. +- updated constraints for ppc and x86-64 + +------------------------------------------------------------------- +Fri Dec 17 13:49:16 UTC 2021 - Wolfgang Rosenauer + +- Mozilla Firefox 95.0.1 (bsc#1193845) + * Fixed frequent + MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error + messages when trying to connect to various microsoft.com + domains (bmo#1745600) + * Fix for a WebRender crash on some Linux/X11 systems (bmo#1741956) + * Fix for a frequent Windows shutdown crash (bmo#1738984) + * Fix websites contrast issues for some Linux users with + Dark mode set at OS level (bmo#1740518) + +------------------------------------------------------------------- +Sat Dec 4 12:07:21 UTC 2021 - Wolfgang Rosenauer + +- Mozilla Firefox 95.0 + * You can now move the Picture-in-Picture toggle button to the + opposite side of the video. Simply look for the new context menu + option Move Picture-in-Picture Toggle to Left (Right) Side. + * To better protect Firefox users against side-channel attacks such + as Spectre, Site Isolation is now enabled for all Firefox 95 users. + * https://www.mozilla.org/en-US/firefox/95.0/releasenotes + MFSA 2021-52 (bsc#1193485) + * CVE-2021-43536 (bmo#1730120) + URL leakage when navigating while executing asynchronous + function + * CVE-2021-43537 (bmo#1738237) + Heap buffer overflow when using structured clone + * CVE-2021-43538 (bmo#1739091) + Missing fullscreen and pointer lock notification when + requesting both + * CVE-2021-43539 (bmo#1739683) + GC rooting failure when calling wasm instance methods + * MOZ-2021-0010 (bmo#1735852) + Use-after-free in fullscreen objects on MacOS + * CVE-2021-43540 (bmo#1636629) + WebExtensions could have installed persistent ServiceWorkers + * CVE-2021-43541 (bmo#1696685) + External protocol handler parameters were unescaped + * CVE-2021-43542 (bmo#1723281) + XMLHttpRequest error codes could have leaked the existence of + an external protocol handler + * CVE-2021-43543 (bmo#1738418) + Bypass of CSP sandbox directive when embedding + * CVE-2021-43544 (bmo#1739934) + Receiving a malicious URL as text through a SEND intent could + have led to XSS + * CVE-2021-43545 (bmo#1720926) + Denial of Service when using the Location API in a loop + * CVE-2021-43546 (bmo#1737751) + Cursor spoofing could overlay user interface when native + cursor is zoomed + * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751, + bmo#1737009, bmo#1739372, bmo#1739421) + Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 +- requires + NSS >= 3.72 + +------------------------------------------------------------------- Thu Dec 2 20:32:42 UTC 2021 - Andreas Stieger - remove x-scheme-handler/ftp from firefox.desktop boo#1193321