Overview Repositories Revisions Requests Users Attributes Meta

Revisions of MozillaFirefox

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 588116 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 267) 
yet another small tweak to have really all fixes in place also for ARM (libtremor) which was left out from the upstream Firefox tag (and only applied to the Fennec one)

- update to Firefox 59.0.1 (bsc#1085671)
  MFSA 2018-08
  * CVE-2018-5146 (bmo#1446062)
    Vorbis audio processing out of bounds write
  * CVE-2018-5147 (bmo#1446365)
    Out of bounds memory write in libtremor
    (mozilla-bmo1446062.patch)

- Added patch:
  * mozilla-bmo1005535.patch:
    Enable skia_gpu on big endian platforms.

- update to Firefox 59.0
  * Performance enhancements
  * Drag-and-drop to rearrange Top Sites on the Firefox Home page
  * added features for Firefox Screenshots
  * Enhanced WebExtensions API
  * Improved RTC capabilities
  MFSA 2018-06 (bsc#1085130)
  * CVE-2018-5127 (bmo#1430557)
    Buffer overflow manipulating SVG animatedPathSegList
  * CVE-2018-5128 (bmo#1431336)
    Use-after-free manipulating editor selection ranges
  * CVE-2018-5129 (bmo#1428947)
    Out-of-bounds write with malformed IPC messages
  * CVE-2018-5130 (bmo#1433005)
    Mismatched RTP payload type can trigger memory corruption
  * CVE-2018-5131 (bmo#1440775)
    Fetch API improperly returns cached copies of no-store/no-cache resources
  * CVE-2018-5132 (bmo#1408194)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 563240 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 264) 
This should hopefully fix the build issue with latest rust in staging.

- fixed build with latest rust (mozilla-rust-1.23.patch)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 561754 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 263) 
- update to Firefox 57.0.4
  MFSA 2018-1: Speculative execution side-channel attack ("Spectre")
  (boo#1074723)

- fixed regression introduced Oct 10th which made Firefox crash
  when cancelling the KDE file dialog (boo#1069962)

- Mozilla Firefox 57.0.3:
  * Fix a crash reporting issue that inadvertently sends background
    tab crash reports to Mozilla without user opt-in (bmo#1427111,
    bsc#1074235)
- Includes changes from 57.0.2:
  * fixes for platforms other than GNU/Linux
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 555866 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 262) 
- Explicitly buildrequires python2-xml: The build system relies on
  it. We wrongly relied on other packages pulling it in for us.

- Escape the usage of %{VERSION} when calling out to rpm.
  RPM 4.14 has %{VERSION} defined as 'the main packages version'.

  * CVE-2017-7843: Web worker in Private Browsing mode can write
    IndexedDB data (bsc#1072034, bmo#1410106)
  * CVE-2017-7844: Visited history information leak through SVG
    image (bsc#1072036, bmo#1420001)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 547925 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 261) 
- update to Firefox 57.0.1
  * Fix a video color distortion issue on YouTube and other video
    sites with some AMD devices (bmo#1417442)
  * Fix an issue with prefs.js when the profile path has non-ascii
    characters (bmo#1420427)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 545695 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 260) 
- Add mozilla-bmo1360278.patch
  Starting with Firefox 57, the context menu appears on key press.
  This patch creates a config entry to restore the
  old behaviour. Without the patch, the mouse gesture extensions
  require 2 clicks to work (bmo#1360278).
  The new config entry is named ui.context_menus.after_mouseup
  (default : false).

- Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled
  widget.allow-client-side-decoration=true
  (mozilla-bmo1399611-csd.patch)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 541950 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 259) 
- update to Firefox 57.0 (boo#1068101)
  * Firefox Quantum
  * Photon UI
  * Unified address and search bar
  * AMD VP9 hardware video decoder support
  * Added support for Date/Time input
  * stricter security sandbox blocking filesystem reading and
    writing on Linux systems
  * middle mouse paste in the content area no longer navigates to
    URLs by default on Unix systems
  MFSA 2017-24
  * CVE-2017-7828 (bmo#1406750. bmo#1412252)
    Use-after-free of PressShell while restyling layout
  * CVE-2017-7830 (bmo#1408990)
    Cross-origin URL information leak through Resource Timing API
  * CVE-2017-7831 (bmo#1392026)
    Information disclosure of exposed properties on JavaScript proxy
    objects
  * CVE-2017-7832 (bmo#1408782)
    Domain spoofing through use of dotless 'i' character followed
    by accent markers
  * CVE-2017-7833 (bmo#1370497)
    Domain spoofing with Arabic and Indic vowel marker characters
  * CVE-2017-7834 (bmo#1358009)
    data: URLs opened in new tabs bypass CSP protections
  * CVE-2017-7835 (bmo#1402363)
    Mixed content blocking incorrectly applies with redirects
  * CVE-2017-7836 (bmo#1401339)
    Pingsender dynamically loads libcurl on Linux and OS X
  * CVE-2017-7837 (bmo#1325923)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 530307 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 258) 
- Correct plugin directory for aarch64 (boo#1061207). The wrapper
  script was not detecting aarch64 as a 64 bit architecture, thus
  used /usr/lib/browser-plugins/.
- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
  pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
  pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
  pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
  looks for.

- update to Firefox 56.0 (boo#1060445)
  * Firefox Screenshots
  * Find Options/Preferences more quickly with new search function
  * Media is no longer auto-played when opened in a background tab
  * Enable CSS Grid Layout View
  MFSA 2017-21
  * CVE-2017-7793 (bmo#1371889)
    Use-after-free with Fetch API
  * CVE-2017-7817 (bmo#1356596) (Android-only)
    Firefox for Android address bar spoofing through fullscreen mode
  * CVE-2017-7818 (bmo#1363723)
    Use-after-free during ARIA array manipulation
  * CVE-2017-7819 (bmo#1380292)
    Use-after-free while resizing images in design mode
  * CVE-2017-7824 (bmo#1398381)
    Buffer overflow when drawing and validating elements with ANGLE
  * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
    Use-after-free in TLS 1.2 generating handshake hashes
  * CVE-2017-7812 (bmo#1379842)
    Drag and drop of malicious page content to the tab bar can open locally stored files
  * CVE-2017-7814 (bmo#1376036)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 503675 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 255) 
- update to Firefox 52.2esr (boo#1043960)
  MFSA 2017-16
  * CVE-2017-5472 (bmo#1365602)
    Use-after-free using destroyed node when regenerating trees
  * CVE-2017-7749 (bmo#1355039)
    Use-after-free during docshell reloading
  * CVE-2017-7750 (bmo#1356558)
    Use-after-free with track elements
  * CVE-2017-7751 (bmo#1363396)
    Use-after-free with content viewer listeners
  * CVE-2017-7752 (bmo#1359547)
    Use-after-free with IME input
  * CVE-2017-7754 (bmo#1357090)
    Out-of-bounds read in WebGL with ImageInfo object
  * CVE-2017-7755 (bmo#1361326)
    Privilege escalation through Firefox Installer with same
    directory DLL files (Windows only)
  * CVE-2017-7756 (bmo#1366595)
    Use-after-free and use-after-scope logging XHR header errors
  * CVE-2017-7757 (bmo#1356824)
    Use-after-free in IndexedDB
  * CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
    CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
    CVE-2017-7777
    Vulnerabilities in the Graphite 2 library
  * CVE-2017-7758 (bmo#1368490)
    Out-of-bounds read in Opus encoder
  * CVE-2017-7760 (bmo#1348645)
    File manipulation and privilege escalation via callback parameter
    in Mozilla Windows Updater and Maintenance Service (Windows only)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 498129 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 254) 
- remove -fno-inline-small-functions and explicitely optimize with
  -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 493642 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 253) 
- update to Firefox 52.1.1
  MFSA 2017-14
  * CVE-2017-5031: Use after free in ANGLE (bmo#1328762)
                   (Windows only, Linux not affected)
- switch to Mozilla's geolocation service (boo#1026989)
- removed mozilla-preferences.patch obsoleted by overriding via
  firefox.js
- fixed KDE integration to avoid crash caused by filepicker
  (boo#1015998)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 491715 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 252) 
Automatic submission by obs-autosubmit
Yuchen Lin's avatar Yuchen Lin (maxlin_factory) accepted request 485000 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 251) 
- update to Firefox 52.0.2
  * Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787)
  * Fix loading tab icons on session restore (bmo#1338009)
  * Fix a crash on startup on Linux (bmo#1345413)
  * Fix new installs erroneously not prompting to change the default
    browser setting (bmo#1343938)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 481555 from Wolfgang Rosenauer's avatar Wolfgang Rosenauer (wrosenauer) (revision 250) 
hopefully last iteration (let's see what the i586 builds are doing :-()

- disable rust usage for everything but x86(-64)
- explicitely add libffi build requirement

- update to Firefox 52.0.1 (boo#1029822)
  MFSA 2017-08
  CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)

- reenable ALSA support which was removed by default upstream

- update to Firefox 52.0 (boo#1028391)
  * requires NSS >= 3.28.3
  * Pages containing insecure password fields now display a warning
    directly within username and password fields.
  * Send and open a tab from one device to another with Sync
  * Removed NPAPI support for plugins other than Flash. Silverlight,
    Java, Acrobat and the like are no longer supported.
  * Removed Battery Status API to reduce fingerprinting of users by
    trackers
  * MFSA 2017-05
    CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
                   (bmo#1334933)
    CVE-2017-5401: Memory Corruption when handling ErrorResult
                   (bmo#1328861)
    CVE-2017-5402: Use-after-free working with events in FontFace
                   objects (bmo#1334876)
    CVE-2017-5403: Use-after-free using addRange to add range to an
                   incorrect root object (bmo#1340186)
    CVE-2017-5404: Use-after-free working with ranges in selections
                   (bmo#1340138)
    CVE-2017-5406: Segmentation fault in Skia with canvas operations
Displaying revisions 161 - 180 of 428
openSUSE Build Service is sponsored by
Places