diff -r 7481543bab31 -r f9b2d408b7ef MozillaFirefox/MozillaFirefox.changes --- a/MozillaFirefox/MozillaFirefox.changes Sat Jan 08 10:41:19 2022 +0100 +++ b/MozillaFirefox/MozillaFirefox.changes Sat Feb 05 15:04:53 2022 +0100 @@ -1,4 +1,107 @@ ------------------------------------------------------------------- +Sun Jan 30 23:58:34 UTC 2022 - Dirk Müller + +- disable ccache, this adds about 1 minute of build time and + over 2 GB of disk space usage without benefit on OBS builds +- build with rust-simd like upstream does +- use -g1 for debuginfo generation as this is what upstream + does as well and it saves ~ 2GB of writes +- use %limit on x86_64 to scale down to less capable workers +- disable install stripping so that debuginfo is useful +- use autopatch +- cleanup constraints to specify only jobs, physicalmemory + and memoryperjob to be more flexible on which host to build + on + +------------------------------------------------------------------- +Fri Jan 28 15:26:45 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Firefox 96.0.3 (bsc#1195230) + * Fixed an issue that allowed unexpected data to be submitted in + some of our search telemetry (bmo#1752317) + +------------------------------------------------------------------- +Mon Jan 24 07:42:03 UTC 2022 - Martin Liška + +- Enable -fimplicit-constexpr for GCC 12+. + +------------------------------------------------------------------- +Thu Jan 20 23:21:44 UTC 2022 - Andreas Stieger + +- Mozilla Firefox 96.0.2 + * Fix an issue that caused tab height to display inconsistently + on Linux when audio was played (bmo#1714276) + * Fix an issue that caused Lastpass dropdowns to appear blank in + Private Browsing mode (bmo#1748158) + * Fix a crash encountered when resizing a Facebook app + (bmo#1746084) + +------------------------------------------------------------------- +Fri Jan 14 16:56:42 UTC 2022 - Andreas Stieger + +- Mozilla Firefox 96.0.1 + * Fixed: Improvements to make the parsing of content-length + headers more robust (bmo#1749957, boo#1194677) + +------------------------------------------------------------------- +Sat Jan 8 10:32:46 UTC 2022 - Wolfgang Rosenauer + +- Mozilla Firefox 96.0 + * https://www.mozilla.org/en-US/firefox/96.0/releasenotes + MFSA 2022-01 (bsc#1194547) + * CVE-2022-22746 (bmo#1735071) + Calling into reportValidity could have lead to fullscreen + window spoof + * CVE-2022-22743 (bmo#1739220) + Browser window spoof using fullscreen mode + * CVE-2022-22742 (bmo#1739923) + Out-of-bounds memory access when inserting text in edit mode + * CVE-2022-22741 (bmo#1740389) + Browser window spoof using fullscreen mode + * CVE-2022-22740 (bmo#1742334) + Use-after-free of ChannelEventQueue::mOwner + * CVE-2022-22738 (bmo#1742382) + Heap-buffer-overflow in blendGaussianBlur + * CVE-2022-22737 (bmo#1745874) + Race condition when playing audio files + * CVE-2021-4140 (bmo#1746720) + Iframe sandbox bypass with XSLT + * CVE-2022-22750 (bmo#1566608) + IPC passing of resource handles could have lead to sandbox + bypass + * CVE-2022-22749 (bmo#1705094) + Lack of URL restrictions when scanning QR codes + * CVE-2022-22748 (bmo#1705211) + Spoofed origin on external protocol launch dialog + * CVE-2022-22745 (bmo#1735856) + Leaking cross-origin URLs through securitypolicyviolation + event + * CVE-2022-22744 (bmo#1737252) + The 'Copy as curl' feature in DevTools did not fully escape + website-controlled data, potentially leading to command + injection + * CVE-2022-22747 (bmo#1735028) + Crash when handling empty pkcs7 sequence + * CVE-2022-22736 (bmo#1742692) + Potential local privilege escalation when loading modules + from the install directory. + * CVE-2022-22739 (bmo#1744158) + Missing throttling on external protocol launch dialog + * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366, + bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869, + bmo#1743221, bmo#1743515, bmo#1745373, bmo#1746011) + Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 + * CVE-2022-22752 (bmo#1740534, bmo#1741210, bmo#1742770) + Memory safety bugs fixed in Firefox 96 +- removed obsolete patches + * mozilla-bmo1745560.patch + * mozilla-bmo1744896.patch + * mozilla-sandbox-fips.patch +- requires + NSPR >= 4.33 + NSS >= 3.73.1 + +------------------------------------------------------------------- Tue Dec 28 17:45:28 UTC 2021 - Bjørn Lie - Add upstream patches: