summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorBjörn Bidar2023-11-07 01:01:19 +0200
committerBjörn Bidar2023-11-07 01:08:12 +0200
commite9554dfe5f025e1905c34b0405e94e971d23e6d6 (patch)
tree6be38866d30b261fd388ef4ac2960b04c20639de
parentbc489c7309f07a15064eecf702956aef9df790a3 (diff)
downloadaur-e9554dfe5f025e1905c34b0405e94e971d23e6d6.tar.gz
Update to 119.0.1-1
- New upstrem release - Rebase patches - Reuse openSUSE changelog The packaging of this package is about 80% the same to the SUSE packaging except that the packaging format is open upon the Arch Linux PKGBUID of course The changelog is relevant to the package when it comes to to these Signed-off-by: Björn Bidar <bjorn.bidar@thaodan.de>
Diffstat
-rw-r--r--.SRCINFO51
-rw-r--r--0004-mozilla-libavcodec58_91.patch.patch2
-rw-r--r--0005-mozilla-silence-no-return-type.patch-to-fix-build-er.patch12
-rw-r--r--0011-bsc-991344-Rpi3-Firefox-crashes-after-a-few-seconds-.patch4
-rw-r--r--0014-Make-PGO-use-toolchain.patch2
-rw-r--r--0015-bmo-1516803-force-one-LTO-partition-for-sandbox-when.patch4
-rw-r--r--0017-LTO-Only-enable-LTO-for-Rust-when-complete-build-use.patch2
-rw-r--r--0019-Bug-559213-Support-system-av1.patch6
-rw-r--r--0020-Bug-847568-Support-system-harfbuzz.patch15
-rw-r--r--0021-Bug-847568-Support-system-graphite2.patch12
-rw-r--r--0022-Bug-1611386-Reenable-support-for-enable-system-sqlit.patch8
-rw-r--r--0023-Bug-1419151-Add-Unity-menubar-support.patch22
-rw-r--r--0025-Add-KDE-integration-to-Firefox-toolkit-parts.patch18
-rw-r--r--0026-Add-KDE-integration-to-Firefox.patch2
-rw-r--r--0027-Imported-patch-firefox-branded-icons.patch.patch4
-rw-r--r--0028-Allow-Eme-for-arm-and-Aarch64.patch4
-rw-r--r--0029-Shut-up-warnings-about-future-Rust-version-incompati.patch2
-rw-r--r--PKGBUILD49
-rw-r--r--firefox-kde-opensuse.changes10476
19 files changed, 10586 insertions, 109 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 582111d93d4f..0d34ed328510 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
pkgbase = firefox-kde-opensuse
pkgdesc = Standalone web browser from mozilla.org with OpenSUSE patch, integrate better with KDE
- pkgver = 118.0.2
+ pkgver = 119.0.1
pkgrel = 1
url = https://github.com/openSUSE/firefox-maintenance
arch = i686
@@ -59,12 +59,12 @@ pkgbase = firefox-kde-opensuse
optdepends = pulseaudio: Audio support
optdepends = libnotify: Notification integration
optdepends = xdg-desktop-portal: Screensharing with Wayland
- provides = firefox=118.0.2
+ provides = firefox=119.0.1
conflicts = firefox
options = !emptydirs
options = !lto
- source = https://archive.mozilla.org/pub/firefox/releases/118.0.2/source/firefox-118.0.2.source.tar.xz
- source = https://archive.mozilla.org/pub/firefox/releases/118.0.2/source/firefox-118.0.2.source.tar.xz.asc
+ source = https://archive.mozilla.org/pub/firefox/releases/119.0.1/source/firefox-119.0.1.source.tar.xz
+ source = https://archive.mozilla.org/pub/firefox/releases/119.0.1/source/firefox-119.0.1.source.tar.xz.asc
source = mozconfig
source = firefox.desktop
source = vendor.js
@@ -101,42 +101,43 @@ pkgbase = firefox-kde-opensuse
source = 0031-Bug-1796523-Workaround-source-locations-for-function.patch
source = 0032-Bug-1822730-Add-basic-blob-protocol-handling-for-blo.patch
validpgpkeys = 14F26682D0916CDD81E37B6D61B7B526D98F0353
- sha256sums = 7ea4203b5cf9e59f80043597e2c9020291754fcab784a337586b5f5e1370c416
+ sha256sums = 48cc43cab060e97467e9a17617f511a177e7b91b7e77e408425351a2cbb07f70
sha256sums = SKIP
- sha256sums = b440e88515847972a512feb2dd5706a86ad45384cae613c18244bc3c1e0df2a5
+ sha256sums = be65b2421999ad5c8ffa363dc009ce2cd291badc422fbb456967616bad3e2e19
sha256sums = 4c93b2e1f1675e033ed7910fe5f379626a92903a940697430985bcfdf94afceb
sha256sums = eaad0eee76f89e0a1a241742ec5c8ec9315b096f7b3e0ea302b253b926750aae
- sha256sums = 10593c391762298c8f740d432e51224d031f17cf3689341497d3cc02bfa744f3
+ sha256sums = c3c785256e7497118e9e19de4c1748664e8df5930a436040f029023a1190a9a5
sha256sums = eb19d9568e8d7705b2a0c4774d4f6a758a910c0e5cf427727feb5884a2a1ee98
sha256sums = 4322124dc370ac56063837370a8107e85ca6e0d4037ff71ece5e7b0f55ed8053
- sha256sums = 691de24752efa64ebe8f1a77c31ee769bb359c49655352399cf345300c0c6cb6
- sha256sums = ea2339511a6be6d44406dd478623a41aa0de6a748a5267fe675f90abcb30971a
- sha256sums = 2fdb6066cf348843f57b963571e0211acfb2f671896dfad650723129b62bd1af
+ sha256sums = a8aeb8b73abe711752ebf1a561fb4af736854be5c298441b8de7a1148a47a416
+ sha256sums = f1b6cdce0e35bce959c325ea9f1316fea062923bdad9091d58050bee21cc9102
+ sha256sums = 999f0f5c198f00943894639d9dd4157f3e078a40e1f8a815aef2dacd5158a67c
sha256sums = bba76c5e13952ef45362f8e53a5c030e0f5d722f8f266228787136a5312330ea
sha256sums = f2fcd4ca82b833f5e5b7e991882e24f09463cd837242b18cf163bc751f2e21d5
sha256sums = 766faefbd4898049e9913589962bf839da6785d50f0631b4eac7316f16bf2ea6
- sha256sums = 3aa459ef9295cd76d102a767a8910cc42cfc672bdde9ab98453465a37946024d
- sha256sums = e5e960afe0a2ed519b3a8d20e645b4defd0ff9920797bf9accdd7b235ab8637d
+ sha256sums = ccb405fe8a3cae43b7211807eab90baf4ae99d9e09612304e6b3e52474f9434d
+ sha256sums = 516f6f38c442208c79f4c3d8734520ebe026607dc2d88c6b4383e7893522313b
sha256sums = 32d40630a010ee91d2c35c814ef2f567ad7faf859f8198735829958cb055f53b
sha256sums = 1ffdcff3d4e31c5cceddadfa0111c27a34480594238cdf85866ee1073d922910
- sha256sums = 26fe6a707517789f512fffd83009d20544987e944ad4b3d10ed30e8b566f96ba
- sha256sums = 4007869a43897d45ba56b631195ff9ce96616cb160e9a3785f2b4c9313115095
+ sha256sums = 316c6ed1a85cee7ec1e00b6b3b869dbf47b81c23e8384d9f704f69e99a21c2e9
+ sha256sums = 5ee703cddba6045a03ee882ff70423fe185d009e2c912fc49ef66f7703ea46fe
sha256sums = 2400173d2c84573194c6af9031663a5b2332ccb4929b246b216c61c97d8b0a54
- sha256sums = 04cf5528a4e211a2f33d74282013672ac1a585814c0de46419f2dc3c469a71a7
+ sha256sums = 77a4635a30d54f187efaae5ac1f1cb029445b1317f148053206ebeb6a3255ae6
sha256sums = 72d30acbe1e8488c6bd3af2e0813223842a63b859d6e7aff66d2f23612b7ad8b
- sha256sums = 8cd6457b71bf20023f25b66e78cdebb43205f26db03a6d88c64202cc51ba1b39
- sha256sums = 039a07b1171a9fc1bd71a792c2ee152f774a1bf34a768eae72113b3ff5fd19e7
- sha256sums = fdab230f8c1c457277d921cf318771852288c665c01fd1b9f570e1b9be6dac25
- sha256sums = f129686f536941c820022a95b242c83f4de54facdac59b6eb16db46e84de0c7c
- sha256sums = a41b65c032a21298eed7d70e83dfbe3d28fe268963803d225914d2a21f97b22c
+ sha256sums = 1b9b4ac7550b33f2dcce3ef7d64cdc52682cc78ce397aba9ff71cca93b1282be
+ sha256sums = a319b263cd437a2a817845a0670137e8aef7826e768db8454994ecd2af01c247
+ sha256sums = 62e4d94c648a48313d3716a85c5503f99d02674cc97be6b86fdddbc397cd0999
+ sha256sums = 6684d5c564a4d4a8a2b90a51890abae719f419f81baae057b41e9b4cfba07c34
+ sha256sums = fc53e7bcaa3ebcd0bb5e6562f57561dc23727690529cae97c86560fed05e05c0
sha256sums = dfb11575e7d43071c9046762408b7267507c645020678d57689d55d3f68c0c28
- sha256sums = b0bc4493dea4241a5a7e83ce705c25a867a22ff9d610cbbe50c031c65d8c83e8
- sha256sums = b941526ab077d21dc0e833ff2bd375eb06ff53d3898d3142ef917e3a7f3a67c7
- sha256sums = 8fe583a722a48596c93634136fb2bea621b30311bc935447bf4dc0c472aac117
- sha256sums = eab658c30b83505825765f6a99aeaff693888e6bfa4e5b436349a79c43b322e0
- sha256sums = 9b7bf3b170494a2a10b56b2d903902140d50919e1e4a32bcfd16feeb08fa402e
+ sha256sums = c4258daf80395735546d2e12214b77a14207e09be16372030322e459235a37ea
+ sha256sums = 6545e1406fe6ee307ea876dffb41ae5453469d388ff12941ab210d5e372462b6
+ sha256sums = 056dd0b79d0e1992dd6cdfe1553e5048d8c4cc8baf8812d69f9e2e55000467bd
+ sha256sums = 76f83f143ea043fa07e8db8e39163a17b5889ed6cdfe2e88b95440d7c4f8ef3e
+ sha256sums = d747ba2ee13eda08f2d52006333f81d845b82b1b3e1c099d96a5de9aeea6ac0e
sha256sums = 7038651e09bd1f1cf2561ee977e6fcc58f7295ce821f419288da6d0b2bcc8feb
sha256sums = 0d7a0f8bd7f0a8f1319d79a433d848a3eb43e81f4a14f29d5c8602be49d93cb9
+ sha256sums = ca63e1a8b93eed45fe1b6dc4da087d18b866570d99cfc6abfb8a7d3187d98e83
pkgname = firefox-kde-opensuse
depends = libxt
diff --git a/0004-mozilla-libavcodec58_91.patch.patch b/0004-mozilla-libavcodec58_91.patch.patch
index 09f8b939aa9c..76c58e41717b 100644
--- a/0004-mozilla-libavcodec58_91.patch.patch
+++ b/0004-mozilla-libavcodec58_91.patch.patch
@@ -8,7 +8,7 @@ Subject: [PATCH] mozilla-libavcodec58_91.patch
1 file changed, 2 insertions(+)
diff --git a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
-index 51d25c97e7ba425db041a31800df6203ae71bf66..dbf08a48c9b55adc1508a288915cb15d96de74ea 100644
+index 485f4c0f28b3c8d8ceeb5b76eb8aa41444b37183..6b772c5930819f8ba5095407b914b74a6408e917 100644
--- a/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
+++ b/dom/media/platforms/ffmpeg/FFmpegRuntimeLinker.cpp
@@ -41,6 +41,8 @@ static const char* sLibs[] = {
diff --git a/0005-mozilla-silence-no-return-type.patch-to-fix-build-er.patch b/0005-mozilla-silence-no-return-type.patch-to-fix-build-er.patch
index 93b7394bda21..189d2c42dc23 100644
--- a/0005-mozilla-silence-no-return-type.patch-to-fix-build-er.patch
+++ b/0005-mozilla-silence-no-return-type.patch-to-fix-build-er.patch
@@ -300,7 +300,7 @@ index ddd287ad0cc1e3910adeb125a989fe2b0d93ec9e..c7a62205ab89742e8994b8fc067064c0
sk_sp<SkVertices> makeVertices(const SkPath& path, const SkMatrix& ctm,
diff --git a/intl/icu/source/i18n/number_rounding.cpp b/intl/icu/source/i18n/number_rounding.cpp
-index e6bb509ffd75a409faa03ea471bb97b84d2f61de..6055a435309c969ff2431cc1d2ad90c2eef33a15 100644
+index 4da6f4a4b00a9280e9ef4e4415857f7f715cd07b..6e2c9fa7b2b92b5a5b3469b0aed9405f43937b58 100644
--- a/intl/icu/source/i18n/number_rounding.cpp
+++ b/intl/icu/source/i18n/number_rounding.cpp
@@ -283,6 +283,7 @@ FractionPrecision Precision::constructFraction(int32_t minFrac, int32_t maxFrac)
@@ -438,7 +438,7 @@ index 5a970fb2ef1af8069b7dd0c52a993ea7d7e6e896..0feec89ab185ab214e1f24b05efab02f
VideoStreamAdapter::RestrictionsOrState
diff --git a/third_party/libwebrtc/call/rtp_payload_params.cc b/third_party/libwebrtc/call/rtp_payload_params.cc
-index 18e6d9136bc399f9a22fe66162daba584e14c6c6..e0c9e9184147bfb25228efae4813f37686e0a561 100644
+index f0347bc74ea215a80f28e8aaf929b6781403c0ad..d1feb979c93c4add23fafa1186f58335de1db565 100644
--- a/third_party/libwebrtc/call/rtp_payload_params.cc
+++ b/third_party/libwebrtc/call/rtp_payload_params.cc
@@ -405,7 +405,7 @@ absl::optional<FrameDependencyStructure> RtpPayloadParams::GenericStructure(
@@ -451,7 +451,7 @@ index 18e6d9136bc399f9a22fe66162daba584e14c6c6..e0c9e9184147bfb25228efae4813f376
void RtpPayloadParams::GenericToGeneric(int64_t shared_frame_id,
diff --git a/third_party/libwebrtc/call/video_send_stream.cc b/third_party/libwebrtc/call/video_send_stream.cc
-index 241d44a2303a10c7a13557080665ee677835c4d0..0e4e28a70c76220121bedbc7e670045b63238a9b 100644
+index e8532a7a2669e717e79c49a1fd45020ca07dbced..c251629073b4c555c57d79d7fa7578a2a575bb92 100644
--- a/third_party/libwebrtc/call/video_send_stream.cc
+++ b/third_party/libwebrtc/call/video_send_stream.cc
@@ -30,6 +30,7 @@ const char* StreamTypeToString(VideoSendStream::StreamStats::StreamType type) {
@@ -598,10 +598,10 @@ index f1e4eddb4b9d8855f6accf24ef980cbc11d0077d..b3fde3cda3c7c636b8f37f3778fb3b73
} // namespace webrtc
diff --git a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc b/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc
-index f97fb167ed8b1e1f5b9e8aa3acf4cca5f067d35f..1b168f3fc6a22c55b4d7e958f9abfc4d3c4765c1 100644
+index 13cb30ee7f543435c4c6f58edc0ee1b402385596..dc4eae363eba9196d07c752c7bf851efe400430d 100644
--- a/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc
+++ b/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender.cc
-@@ -140,6 +140,7 @@ bool IsNonVolatile(RTPExtensionType type) {
+@@ -138,6 +138,7 @@ bool IsNonVolatile(RTPExtensionType type) {
#endif
}
RTC_CHECK_NOTREACHED();
@@ -646,7 +646,7 @@ index 5aebd2c5268e8c58b07be4bc393f83ac5abd1c09..8d18446430ff4b7f6d0d669416e3493d
TemporalLayersChecker::TemporalLayersChecker(int num_temporal_layers)
diff --git a/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc b/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc
-index 2470bc889383a572605021edbaec01ac5ed34ddb..37309e4822f16d3f4a38d4c6719b6773b30b8372 100644
+index 46db6867033faaa9be96738d2999a7010af75da7..4178664b9c47da2c9792858c60cc38f26ecdb7ab 100644
--- a/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc
+++ b/third_party/libwebrtc/video/adaptation/video_stream_encoder_resource_manager.cc
@@ -63,6 +63,7 @@ std::string ToString(VideoAdaptationReason reason) {
diff --git a/0011-bsc-991344-Rpi3-Firefox-crashes-after-a-few-seconds-.patch b/0011-bsc-991344-Rpi3-Firefox-crashes-after-a-few-seconds-.patch
index 564271667fc1..1227577c42ff 100644
--- a/0011-bsc-991344-Rpi3-Firefox-crashes-after-a-few-seconds-.patch
+++ b/0011-bsc-991344-Rpi3-Firefox-crashes-after-a-few-seconds-.patch
@@ -10,10 +10,10 @@ bmo#1302554 - ARM/AARCH64: Firefox crashes on NULL nsIChannel** result pointer i
1 file changed, 6 insertions(+)
diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
-index d25fa2945223c231a428064f6d8aa450fe77eeaf..cb7093d6aa1e7accef7281315128c3f9e022066c 100644
+index 8cdc881665c81cd3fb709cd615b26c58b822d6be..ca9bf8a7c0baa1bcf675345b51ddabfac281dc26 100644
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
-@@ -1148,7 +1148,13 @@ nsresult nsIOService::NewChannelFromURIWithProxyFlagsInternal(
+@@ -1154,7 +1154,13 @@ nsresult nsIOService::NewChannelFromURIWithProxyFlagsInternal(
}
}
diff --git a/0014-Make-PGO-use-toolchain.patch b/0014-Make-PGO-use-toolchain.patch
index cb291ea8a274..681b86d2fb38 100644
--- a/0014-Make-PGO-use-toolchain.patch
+++ b/0014-Make-PGO-use-toolchain.patch
@@ -9,7 +9,7 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
1 file changed, 9 insertions(+)
diff --git a/build/unix/mozconfig.unix b/build/unix/mozconfig.unix
-index 22db5d401cd0b1081edd0ca558dfff3a77e5bd2a..b2fde82694b81eb3e2ec316088070051ad073db9 100644
+index f1e5a2edd9257f82210019ae4b9e68187a9545a7..b7f9c6bb8f9c01f1c6ab9c9c7bf7ed41e8f99fc3 100644
--- a/build/unix/mozconfig.unix
+++ b/build/unix/mozconfig.unix
@@ -4,6 +4,15 @@ if [ -n "$FORCE_GCC" ]; then
diff --git a/0015-bmo-1516803-force-one-LTO-partition-for-sandbox-when.patch b/0015-bmo-1516803-force-one-LTO-partition-for-sandbox-when.patch
index 8723ff45b4f4..9f9a15360288 100644
--- a/0015-bmo-1516803-force-one-LTO-partition-for-sandbox-when.patch
+++ b/0015-bmo-1516803-force-one-LTO-partition-for-sandbox-when.patch
@@ -10,10 +10,10 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/security/sandbox/linux/moz.build b/security/sandbox/linux/moz.build
-index c56daf62a6c30903e567ad49681beba7c06e1357..4ca49d6eac1b098d6039416a09fd665010eec4d9 100644
+index cbb99e514c3e274ba2384b9bbf03c3d78cd3da0f..d5ed59192222ad2920b17efc3a061abf80cbf08e 100644
--- a/security/sandbox/linux/moz.build
+++ b/security/sandbox/linux/moz.build
-@@ -115,9 +115,10 @@ if CONFIG["CC_TYPE"] in ("clang", "gcc"):
+@@ -107,9 +107,10 @@ if CONFIG["CC_TYPE"] in ("clang", "gcc"):
# gcc lto likes to put the top level asm in syscall.cc in a different partition
# from the function using it which breaks the build. Work around that by
# forcing there to be only one partition.
diff --git a/0017-LTO-Only-enable-LTO-for-Rust-when-complete-build-use.patch b/0017-LTO-Only-enable-LTO-for-Rust-when-complete-build-use.patch
index 455e3fdb9baf..079b3f2b40a3 100644
--- a/0017-LTO-Only-enable-LTO-for-Rust-when-complete-build-use.patch
+++ b/0017-LTO-Only-enable-LTO-for-Rust-when-complete-build-use.patch
@@ -9,7 +9,7 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
1 file changed, 2 insertions(+)
diff --git a/config/makefiles/rust.mk b/config/makefiles/rust.mk
-index 5d1d5470b33a4d083a846573751fbbbdbb6c249d..1071608a58130db8d006f260ea345bafdc5f9e86 100644
+index 2159e127cae5a9d59a43a3fadbd893d891b36354..a3ae7ce5ea8276b2c4f6da62e47183a597080ed1 100644
--- a/config/makefiles/rust.mk
+++ b/config/makefiles/rust.mk
@@ -82,6 +82,7 @@ endif
diff --git a/0019-Bug-559213-Support-system-av1.patch b/0019-Bug-559213-Support-system-av1.patch
index 727394c6151f..7764e3b74186 100644
--- a/0019-Bug-559213-Support-system-av1.patch
+++ b/0019-Bug-559213-Support-system-av1.patch
@@ -90,10 +90,10 @@ index 845d0030229cc2a81eaa1a0ca341d0175af3d976..3b5d5153fc9f49ed729eb5685e8d6779
LOCAL_INCLUDES += ['/media/mozva']
SOURCES += [
diff --git a/toolkit/moz.configure b/toolkit/moz.configure
-index e0a54645f8fcf49ab89525740008afb030c9ab12..badeb8dc4b629a9dba166bf270aa24e567288df5 100644
+index 98373842410d8ff4ae5e272bca38f39a0bb20118..b865c45a462f8d1a791115c7ab265dd23218e817 100644
--- a/toolkit/moz.configure
+++ b/toolkit/moz.configure
-@@ -743,14 +743,29 @@ def av1(value):
+@@ -747,14 +747,29 @@ def av1(value):
if value:
return True
@@ -125,7 +125,7 @@ index e0a54645f8fcf49ab89525740008afb030c9ab12..badeb8dc4b629a9dba166bf270aa24e5
def dav1d_nasm(target):
if target.cpu in ("x86", "x86_64"):
return namespace(version="2.14", what="AV1")
-@@ -760,6 +775,7 @@ set_config("MOZ_DAV1D_ASM", dav1d_asm)
+@@ -764,6 +779,7 @@ set_config("MOZ_DAV1D_ASM", dav1d_asm)
set_define("MOZ_DAV1D_ASM", dav1d_asm)
set_config("MOZ_AV1", av1)
set_define("MOZ_AV1", av1)
diff --git a/0020-Bug-847568-Support-system-harfbuzz.patch b/0020-Bug-847568-Support-system-harfbuzz.patch
index 612c2025038d..32a538c47ad7 100644
--- a/0020-Bug-847568-Support-system-harfbuzz.patch
+++ b/0020-Bug-847568-Support-system-harfbuzz.patch
@@ -17,8 +17,8 @@ Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
intl/unicharutil/util/moz.build | 3 +++
netwerk/dns/moz.build | 3 +++
toolkit/library/moz.build | 3 +++
- toolkit/moz.configure | 9 +++++++++
- 10 files changed, 40 insertions(+), 1 deletion(-)
+ toolkit/moz.configure | 8 ++++++++
+ 10 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/config/system-headers.mozbuild b/config/system-headers.mozbuild
index f0404231eab0ba35391cad2f87ccfbf0afec4d67..53cbde197a2956052d1e0b0da1917716837c20b1 100644
@@ -103,10 +103,10 @@ index 1d92936263a091eac0dc90fdb0038982e711d5c3..afef373e62af4273aa2b21f3fd3103dc
LOCAL_INCLUDES += [
"/gfx/cairo/cairo/src",
diff --git a/gfx/thebes/moz.build b/gfx/thebes/moz.build
-index 71903756ea1949136cdc25e3b7cd83eeb68dc6ea..8af85a4ed663292583310efea06ada8c60eb908d 100644
+index 97f02d59f51a7e9b06a852963cf03a8463df09f0..3067b49c8d3d069e74acd2baa04eaaf2c95094f9 100644
--- a/gfx/thebes/moz.build
+++ b/gfx/thebes/moz.build
-@@ -294,6 +294,9 @@ LOCAL_INCLUDES += CONFIG["SKIA_INCLUDES"]
+@@ -292,6 +292,9 @@ LOCAL_INCLUDES += CONFIG["SKIA_INCLUDES"]
DEFINES["GRAPHITE2_STATIC"] = True
@@ -157,10 +157,10 @@ index 3faa0370cc1c0025f03f0011c73876c0da8a6e71..fb81f6ceebcb4c6c14d0e2e2df48531b
OS_LIBS += CONFIG["MOZ_JPEG_LIBS"]
diff --git a/toolkit/moz.configure b/toolkit/moz.configure
-index badeb8dc4b629a9dba166bf270aa24e567288df5..510db578b5e1b15fde924db8d0878588fe2f7526 100644
+index b865c45a462f8d1a791115c7ab265dd23218e817..a811d7ba1f783681628e1c3f67d594573c4f9e39 100644
--- a/toolkit/moz.configure
+++ b/toolkit/moz.configure
-@@ -675,6 +675,15 @@ def freetype2_combined_info(fontconfig_info, freetype2_info):
+@@ -678,6 +678,14 @@ def freetype2_combined_info(fontconfig_info, freetype2_info):
set_define("MOZ_HAVE_FREETYPE2", depends_if(freetype2_info)(lambda _: True))
@@ -172,7 +172,6 @@ index badeb8dc4b629a9dba166bf270aa24e567288df5..510db578b5e1b15fde924db8d0878588
+ when='--with-system-harfbuzz')
+
+set_config('MOZ_SYSTEM_HARFBUZZ', depends_if(system_harfbuzz)(lambda _: True))
-+
+
# Apple platform decoder support
# ==============================================================
- @depends(toolkit)
diff --git a/0021-Bug-847568-Support-system-graphite2.patch b/0021-Bug-847568-Support-system-graphite2.patch
index 46149eddde66..434c374ee9a7 100644
--- a/0021-Bug-847568-Support-system-graphite2.patch
+++ b/0021-Bug-847568-Support-system-graphite2.patch
@@ -118,10 +118,10 @@ index 6cc19f84709bbe3be4ff830e3a6dd29189048c6f..14b08dbac3e3f5d3df421d5dd6840673
"thebes",
"ipc",
diff --git a/gfx/thebes/moz.build b/gfx/thebes/moz.build
-index 8af85a4ed663292583310efea06ada8c60eb908d..239579c86e3a0c5ef46c14659117a86d217eff11 100644
+index 3067b49c8d3d069e74acd2baa04eaaf2c95094f9..04c75cc7234d242fb56ca95da212e11ccf9c891e 100644
--- a/gfx/thebes/moz.build
+++ b/gfx/thebes/moz.build
-@@ -292,7 +292,10 @@ if CONFIG["MOZ_WAYLAND"]:
+@@ -290,7 +290,10 @@ if CONFIG["MOZ_WAYLAND"]:
LOCAL_INCLUDES += CONFIG["SKIA_INCLUDES"]
@@ -134,10 +134,10 @@ index 8af85a4ed663292583310efea06ada8c60eb908d..239579c86e3a0c5ef46c14659117a86d
if CONFIG["MOZ_SYSTEM_HARFBUZZ"]:
CXXFLAGS += CONFIG["MOZ_HARFBUZZ_CFLAGS"]
diff --git a/old-configure.in b/old-configure.in
-index 0dfcddd0f14eddf7df73913417eb2e617a598b43..95850f11b4d9516c9dd0b9b04e504ef60cdba0a5 100644
+index 57a41cb1b28592b761c51d6fbdc6ec0ce4a54936..7d6b36c150eca93b035de97ade08a78e80dd4136 100644
--- a/old-configure.in
+++ b/old-configure.in
-@@ -1146,6 +1146,27 @@ fi
+@@ -1141,6 +1141,27 @@ fi
AC_DEFINE_UNQUOTED(MOZ_MACBUNDLE_ID,$MOZ_MACBUNDLE_ID)
AC_SUBST(MOZ_MACBUNDLE_ID)
@@ -180,10 +180,10 @@ index fb81f6ceebcb4c6c14d0e2e2df48531b74d174bf..e43d77d815ace132469fe3c1ecca7256
OS_LIBS += CONFIG["MOZ_HARFBUZZ_LIBS"]
diff --git a/toolkit/moz.configure b/toolkit/moz.configure
-index 510db578b5e1b15fde924db8d0878588fe2f7526..ded2b7099ec841b93d74fc14d7ef733acdbba0bb 100644
+index a811d7ba1f783681628e1c3f67d594573c4f9e39..bbcbde85670803415bd804bc472f64fb592f490b 100644
--- a/toolkit/moz.configure
+++ b/toolkit/moz.configure
-@@ -675,6 +675,19 @@ def freetype2_combined_info(fontconfig_info, freetype2_info):
+@@ -678,6 +678,19 @@ def freetype2_combined_info(fontconfig_info, freetype2_info):
set_define("MOZ_HAVE_FREETYPE2", depends_if(freetype2_info)(lambda _: True))
diff --git a/0022-Bug-1611386-Reenable-support-for-enable-system-sqlit.patch b/0022-Bug-1611386-Reenable-support-for-enable-system-sqlit.patch
index 12f6614f8c9a..58ce63b9236e 100644
--- a/0022-Bug-1611386-Reenable-support-for-enable-system-sqlit.patch
+++ b/0022-Bug-1611386-Reenable-support-for-enable-system-sqlit.patch
@@ -24,10 +24,10 @@ Signed-off-by: Björn Bidar <bjorn.bidar@jolla.com>
9 files changed, 70 insertions(+), 14 deletions(-)
diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
-index 5296d2b4b195d6c5d3f61aa43ea8d1d2fdad053f..ca0a730183836121fe53ccddada31f8746361514 100644
+index 1e48dd12b43ed48085f22f6576f8c6696153775f..02e4a98563b72c421bbd79ea232a12b1792ff4b3 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
-@@ -147,9 +147,11 @@
+@@ -146,9 +146,11 @@
@RESPATH@/update-settings.ini
#endif
@RESPATH@/platform.ini
@@ -214,10 +214,10 @@ index fc576f30bc6a47db5c8bfbaa77bb117f1bd68011..903d6b29f62528b6ecd762ef69fb5f20
sqlite3_complete16
sqlite3_config
diff --git a/toolkit/moz.configure b/toolkit/moz.configure
-index ded2b7099ec841b93d74fc14d7ef733acdbba0bb..17726440ef2122a29e6966220287ccdbe5677b10 100644
+index bbcbde85670803415bd804bc472f64fb592f490b..9fd9356c4016933f84f660c40116739f20ca15ee 100644
--- a/toolkit/moz.configure
+++ b/toolkit/moz.configure
-@@ -377,6 +377,20 @@ sndio = pkg_check_modules("MOZ_SNDIO", "sndio", when="--enable-sndio")
+@@ -380,6 +380,20 @@ sndio = pkg_check_modules("MOZ_SNDIO", "sndio", when="--enable-sndio")
set_config("MOZ_SNDIO", depends_if(sndio)(lambda _: True))
diff --git a/0023-Bug-1419151-Add-Unity-menubar-support.patch b/0023-Bug-1419151-Add-Unity-menubar-support.patch
index c67857301933..ae5dc1272ae1 100644
--- a/0023-Bug-1419151-Add-Unity-menubar-support.patch
+++ b/0023-Bug-1419151-Add-Unity-menubar-support.patch
@@ -84,10 +84,10 @@ index fca2398bfc97aad365d3b446fab06f2a7863948e..fe057e454e9fcfa04db17d44306357a7
event.target.parentNode.openedWithKey);"
#endif
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
-index 1b1e3ed5c972d6629adb2cfd7dcf051d2489398b..fe7c8dc6dc8ff0e854253b3eb45a814630c871ee 100644
+index 0bc3e362057b69754919b0e4a57eeb1846a7e6e5..23a7d39d852d9e57e960f9def3719c0b76e63e2f 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
-@@ -6327,11 +6327,18 @@ function onViewToolbarsPopupShowing(aEvent, aInsertPoint) {
+@@ -6326,11 +6326,18 @@ function onViewToolbarsPopupShowing(aEvent, aInsertPoint) {
MozXULElement.insertFTLIfNeeded("browser/toolbarContextMenu.ftl");
let firstMenuItem = aInsertPoint || popup.firstElementChild;
let toolbarNodes = gNavToolbox.querySelectorAll("toolbar");
@@ -146,7 +146,7 @@ index d60173900ec1e32fe7b60fecab657fb7bb875f0e..ffdf4d53135576a5723c03f0f6be09ed
nsINode* XULPopupElement::GetTriggerNode() const {
diff --git a/dom/xul/moz.build b/dom/xul/moz.build
-index 6057c71aa56d9cc7ceac3e0a6fbe29ef4761e953..a24f53f657a8737b569c0dbb49b348b5325db8af 100644
+index 343f2cc3642b9590016e178a968e6a9b0ab7447b..2286790140161b95b00056e73939073b2badbfe0 100644
--- a/dom/xul/moz.build
+++ b/dom/xul/moz.build
@@ -91,4 +91,9 @@ LOCAL_INCLUDES += [
@@ -175,10 +175,10 @@ index b2059e396efec51ec515540e69adfd18a74a906f..5f00ef562b374aa5d1d5792240395c4a
XPCOM_MANIFESTS += [
"components.conf",
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
-index a190b6caff8c21fb6bedaf37b9c25c812cd7114a..8bf1016739f21adb983d4cbfdc6858a01ece8601 100644
+index a38a760f9c5ce666ad8d51d46f7685c9ac45d7b3..33f501870f9309da3f38a61adb212caf008aeb15 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
-@@ -167,6 +167,9 @@ pref("dom.text-recognition.enabled", true);
+@@ -161,6 +161,9 @@ pref("dom.text-recognition.enabled", true);
// Fastback caching - if this pref is negative, then we calculate the number
// of content viewers to cache based on the amount of available memory.
pref("browser.sessionhistory.max_total_viewers", -1);
@@ -5263,10 +5263,10 @@ index 0000000000000000000000000000000000000000..2e0d429eddfdfc84620834eced6b9733
+
+#endif /* __nsNativeMenuService_h__ */
diff --git a/widget/gtk/nsWindow.cpp b/widget/gtk/nsWindow.cpp
-index be700ff20db1a4ca68c06e5882831a6d72fef0ca..e1a2d331eb555eaa0d98a2099cccccf6712512aa 100644
+index c73a4c64a58d93a827b9a793ed5cfd714a7852da..ceb048d79b69bb4e470d3f794c4f308eae5e868b 100644
--- a/widget/gtk/nsWindow.cpp
+++ b/widget/gtk/nsWindow.cpp
-@@ -7486,6 +7486,10 @@ void nsWindow::HideWindowChrome(bool aShouldHide) {
+@@ -7561,6 +7561,10 @@ void nsWindow::HideWindowChrome(bool aShouldHide) {
SetWindowDecoration(aShouldHide ? BorderStyle::None : mBorderStyle);
}
@@ -5278,7 +5278,7 @@ index be700ff20db1a4ca68c06e5882831a6d72fef0ca..e1a2d331eb555eaa0d98a2099cccccf6
bool aAlwaysRollup) {
LOG("nsWindow::CheckForRollup() aAlwaysRollup %d", aAlwaysRollup);
diff --git a/widget/gtk/nsWindow.h b/widget/gtk/nsWindow.h
-index a892a08cfa2e24e3dfd3809def7e8502b0632bb7..6aaa94f0503f88f8408bba82d07cfa137e14527a 100644
+index 240e7a1415caf1257ab8bdd2d0c8c930341750a6..f4956ab57cd75b4440911f22eb2da21fdc51339b 100644
--- a/widget/gtk/nsWindow.h
+++ b/widget/gtk/nsWindow.h
@@ -27,6 +27,8 @@
@@ -5299,7 +5299,7 @@ index a892a08cfa2e24e3dfd3809def7e8502b0632bb7..6aaa94f0503f88f8408bba82d07cfa13
/**
* GetLastUserInputTime returns a timestamp for the most recent user input
* event. This is intended for pointer grab requests (including drags).
-@@ -926,6 +930,8 @@ class nsWindow final : public nsBaseWidget {
+@@ -933,6 +937,8 @@ class nsWindow final : public nsBaseWidget {
static bool sTransparentMainWindow;
@@ -5404,7 +5404,7 @@ index 0000000000000000000000000000000000000000..488c8f49c0217890d2c5a12f57fdc194
+ Atom("shellshowingmenubar", "shellshowingmenubar"),
+]
diff --git a/xpcom/ds/StaticAtoms.py b/xpcom/ds/StaticAtoms.py
-index eb3997411a692ff1edb86c967236e25f90bdc46d..1a9e22911eada7288c5af751d974468181dc85e0 100644
+index 2e4fd0133936bd57bcd1721894cf310527169658..d636a1e23507309742ee6b6b6daec8868932c723 100644
--- a/xpcom/ds/StaticAtoms.py
+++ b/xpcom/ds/StaticAtoms.py
@@ -13,6 +13,7 @@ from Atom import (
@@ -5415,7 +5415,7 @@ index eb3997411a692ff1edb86c967236e25f90bdc46d..1a9e22911eada7288c5af751d9744681
# Static atom definitions, used to generate nsGkAtomList.h.
#
-@@ -2549,7 +2550,7 @@ STATIC_ATOMS = [
+@@ -2548,7 +2549,7 @@ STATIC_ATOMS = [
InheritingAnonBoxAtom("AnonBox_mozSVGForeignContent", ":-moz-svg-foreign-content"),
InheritingAnonBoxAtom("AnonBox_mozSVGText", ":-moz-svg-text"),
# END ATOMS
diff --git a/0025-Add-KDE-integration-to-Firefox-toolkit-parts.patch b/0025-Add-KDE-integration-to-Firefox-toolkit-parts.patch
index 97f116feb455..43ca9915341b 100644
--- a/0025-Add-KDE-integration-to-Firefox-toolkit-parts.patch
+++ b/0025-Add-KDE-integration-to-Firefox-toolkit-parts.patch
@@ -48,7 +48,7 @@ Co-authored-by: Björn Bidar <bjorn.bidar@thaodan.de>
create mode 100644 uriloader/exthandler/unix/nsKDERegistry.h
diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp
-index 94a5aa0f3f169563d570e18fc1a525994293ad99..c1cf316d05b742502f7b07da1b7f25024b09f4e8 100644
+index 240dd198b529460eebca32da2dd14d3a91a99179..d956d013a1ce3480df823d1275e9a1eb6423016e 100644
--- a/modules/libpref/Preferences.cpp
+++ b/modules/libpref/Preferences.cpp
@@ -95,6 +95,7 @@
@@ -60,7 +60,7 @@ index 94a5aa0f3f169563d570e18fc1a525994293ad99..c1cf316d05b742502f7b07da1b7f2502
#ifdef DEBUG
# include <map>
diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build
-index e8f8b97170d32c1d3ac342dd93da7265bf707c8f..831001cee4b1eb33171d83d524ee9e453a800257 100644
+index 63c4608a88d9b9a5e3163294b6d778a2354dc5f5..dbafcdda35c672e00159c9d461219bd23072c6cf 100644
--- a/modules/libpref/moz.build
+++ b/modules/libpref/moz.build
@@ -126,6 +126,10 @@ UNIFIED_SOURCES += [
@@ -998,7 +998,7 @@ index c6a765df9e5a4c95f77e9ee1b4ebbf9913a81e15..6e9028169ac594a24f90a4f58dc493c8
"/widget/headless",
"/widget/x11",
diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp
-index 22d0f46b9563734c7afb4292417124f3cd171a12..b2a68711eb344d5ac41a7133751b2c19d574f532 100644
+index d15c44d3a0bde1ae0b3c73ba6f35ace25a1c9a8b..987f23b4ea29ecfa943ce0b1646db669cd40de19 100644
--- a/widget/gtk/nsFilePicker.cpp
+++ b/widget/gtk/nsFilePicker.cpp
@@ -5,6 +5,7 @@
@@ -1009,7 +1009,7 @@ index 22d0f46b9563734c7afb4292417124f3cd171a12..b2a68711eb344d5ac41a7133751b2c19
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
-@@ -28,6 +29,8 @@
+@@ -30,6 +31,8 @@
#include "WidgetUtilsGtk.h"
#include "nsFilePicker.h"
@@ -1018,7 +1018,7 @@ index 22d0f46b9563734c7afb4292417124f3cd171a12..b2a68711eb344d5ac41a7133751b2c19
#undef LOG
#ifdef MOZ_LOGGING
-@@ -242,7 +245,8 @@ NS_IMETHODIMP
+@@ -310,7 +313,8 @@ NS_IMETHODIMP
nsFilePicker::AppendFilter(const nsAString& aTitle, const nsAString& aFilter) {
if (aFilter.EqualsLiteral("..apps")) {
// No platform specific thing we can do here, really....
@@ -1028,7 +1028,7 @@ index 22d0f46b9563734c7afb4292417124f3cd171a12..b2a68711eb344d5ac41a7133751b2c19
}
nsAutoCString filter, name;
-@@ -352,6 +356,31 @@ nsFilePicker::Open(nsIFilePickerShownCallback* aCallback) {
+@@ -420,6 +424,31 @@ nsFilePicker::Open(nsIFilePickerShownCallback* aCallback) {
// Can't show two dialogs concurrently with the same filepicker
if (mRunning) return NS_ERROR_NOT_AVAILABLE;
@@ -1060,7 +1060,7 @@ index 22d0f46b9563734c7afb4292417124f3cd171a12..b2a68711eb344d5ac41a7133751b2c19
NS_ConvertUTF16toUTF8 title(mTitle);
GtkWindow* parent_widget =
-@@ -633,6 +662,205 @@ void nsFilePicker::Done(void* file_chooser, gint response) {
+@@ -701,6 +730,205 @@ void nsFilePicker::Done(void* file_chooser, gint response) {
NS_RELEASE_THIS();
}
@@ -1267,10 +1267,10 @@ index 22d0f46b9563734c7afb4292417124f3cd171a12..b2a68711eb344d5ac41a7133751b2c19
void* nsFilePicker::GtkFileChooserNew(const gchar* title, GtkWindow* parent,
GtkFileChooserAction action,
diff --git a/widget/gtk/nsFilePicker.h b/widget/gtk/nsFilePicker.h
-index 496df4937277d96485376176296ee836aa261ec7..a4c1862ec042f4465d53bc95f138afb87260ba07 100644
+index 7ec93a6694276b3622dbd2d5ba0ececa262b221c..c2571d314c59c3b6d8d70cd65534c9b5818ee86d 100644
--- a/widget/gtk/nsFilePicker.h
+++ b/widget/gtk/nsFilePicker.h
-@@ -74,6 +74,12 @@ class nsFilePicker : public nsBaseFilePicker {
+@@ -76,6 +76,12 @@ class nsFilePicker : public nsBaseFilePicker {
private:
static nsIFile* mPrevDisplayDirectory;
diff --git a/0026-Add-KDE-integration-to-Firefox.patch b/0026-Add-KDE-integration-to-Firefox.patch
index 0438adce847f..1e102d5a9ef0 100644
--- a/0026-Add-KDE-integration-to-Firefox.patch
+++ b/0026-Add-KDE-integration-to-Firefox.patch
@@ -63,7 +63,7 @@ index 609b9a9d06178b42b0ba8509500a1b72d8bd3b88..05df0fc6ce279ab6161a3f93450e7296
console.error(ex);
return;
diff --git a/browser/components/shell/moz.build b/browser/components/shell/moz.build
-index eb88cb287dc3f04022b74b978666118bbd5fa6b2..95277533781a7224d108e3c45731a6d9a89ba1a0 100644
+index 67e7c19ffa434b4f6df1be0d9e127dd1bdf5d9f5..974aa7ed189a3ec2036177e0ba37d0c1d7abe616 100644
--- a/browser/components/shell/moz.build
+++ b/browser/components/shell/moz.build
@@ -36,6 +36,8 @@ elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk":
diff --git a/0027-Imported-patch-firefox-branded-icons.patch.patch b/0027-Imported-patch-firefox-branded-icons.patch.patch
index 4c0f83fd48f4..9b7ce965cbab 100644
--- a/0027-Imported-patch-firefox-branded-icons.patch.patch
+++ b/0027-Imported-patch-firefox-branded-icons.patch.patch
@@ -23,10 +23,10 @@ index 4e737310b37bc0bdbe4367e51c0f245eefbdbb50..0faf21fb931a0ed72495197d2152fd74
'default48.png',
'default64.png',
diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
-index ca0a730183836121fe53ccddada31f8746361514..0d666fd391e729ba050721a7a4073b57f0a5425b 100644
+index 02e4a98563b72c421bbd79ea232a12b1792ff4b3..96d13bf5e02698e357cd56ab136e0dc813bf3bef 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
-@@ -225,10 +225,13 @@
+@@ -224,10 +224,13 @@
@RESPATH@/chrome/toolkit.manifest
#ifdef MOZ_GTK
@RESPATH@/browser/chrome/icons/default/default16.png
diff --git a/0028-Allow-Eme-for-arm-and-Aarch64.patch b/0028-Allow-Eme-for-arm-and-Aarch64.patch
index b44d391bee66..9f7653f4e7aa 100644
--- a/0028-Allow-Eme-for-arm-and-Aarch64.patch
+++ b/0028-Allow-Eme-for-arm-and-Aarch64.patch
@@ -12,10 +12,10 @@ Signed-off-by: Björn Bidar <bjorn.bidar@jolla.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/toolkit/moz.configure b/toolkit/moz.configure
-index 17726440ef2122a29e6966220287ccdbe5677b10..ddb2c59e17d386b3f834f7c190c287790d4760d4 100644
+index 9fd9356c4016933f84f660c40116739f20ca15ee..521202cdbfbd372900a98a4247bd008135952bf4 100644
--- a/toolkit/moz.configure
+++ b/toolkit/moz.configure
-@@ -863,7 +863,7 @@ def eme_choices(target, wmf):
+@@ -867,7 +867,7 @@ def eme_choices(target, wmf):
if (
target.kernel in ("WINNT", "Linux")
and target.os != "Android"
diff --git a/0029-Shut-up-warnings-about-future-Rust-version-incompati.patch b/0029-Shut-up-warnings-about-future-Rust-version-incompati.patch
index 6bdfd0ba43de..c769b63cfd9d 100644
--- a/0029-Shut-up-warnings-about-future-Rust-version-incompati.patch
+++ b/0029-Shut-up-warnings-about-future-Rust-version-incompati.patch
@@ -12,7 +12,7 @@ Signed-off-by: Björn Bidar <bjorn.bidar@jolla.com>
1 file changed, 5 insertions(+)
diff --git a/Cargo.toml b/Cargo.toml
-index 1437c717633023482de42cc96a56fe98e431fb89..9382614c4b5c32575bb90cb81ee1624bb2febf62 100644
+index 0934789ba3026230f55434b88195f985f3355213..e97876bcd494e3ec2d83b445acbaa7bffd2a31bf 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -226,3 +226,8 @@ uniffi_bindgen = "=0.24.3"
diff --git a/PKGBUILD b/PKGBUILD
index f5c434895c03..d461ae7c1ee3 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -13,7 +13,7 @@ _pgo=true
_pkgname=firefox
pkgname=$_pkgname-kde-opensuse
-pkgver=118.0.2
+pkgver=119.0.1
pkgrel=1
pkgdesc="Standalone web browser from mozilla.org with OpenSUSE patch, integrate better with KDE"
arch=('i686' 'x86_64')
@@ -49,7 +49,7 @@ makedepends=('unzip' 'zip' 'diffutils' 'yasm' 'mesa' 'imake'
'libnotify'
'libpulse'
)
-
+changeslog=$pkgname.changes
# https://bugs.gentoo.org/792705
# needs fixes from GCC 11.2
@@ -262,39 +262,40 @@ Version=2
END
}
-sha256sums=('7ea4203b5cf9e59f80043597e2c9020291754fcab784a337586b5f5e1370c416'
+sha256sums=('48cc43cab060e97467e9a17617f511a177e7b91b7e77e408425351a2cbb07f70'
'SKIP'
- 'b440e88515847972a512feb2dd5706a86ad45384cae613c18244bc3c1e0df2a5'
+ 'be65b2421999ad5c8ffa363dc009ce2cd291badc422fbb456967616bad3e2e19'
'4c93b2e1f1675e033ed7910fe5f379626a92903a940697430985bcfdf94afceb'
'eaad0eee76f89e0a1a241742ec5c8ec9315b096f7b3e0ea302b253b926750aae'
- '10593c391762298c8f740d432e51224d031f17cf3689341497d3cc02bfa744f3'
+ 'c3c785256e7497118e9e19de4c1748664e8df5930a436040f029023a1190a9a5'
'eb19d9568e8d7705b2a0c4774d4f6a758a910c0e5cf427727feb5884a2a1ee98'
'4322124dc370ac56063837370a8107e85ca6e0d4037ff71ece5e7b0f55ed8053'
- '691de24752efa64ebe8f1a77c31ee769bb359c49655352399cf345300c0c6cb6'
- 'ea2339511a6be6d44406dd478623a41aa0de6a748a5267fe675f90abcb30971a'
- '2fdb6066cf348843f57b963571e0211acfb2f671896dfad650723129b62bd1af'
+ 'a8aeb8b73abe711752ebf1a561fb4af736854be5c298441b8de7a1148a47a416'
+ 'f1b6cdce0e35bce959c325ea9f1316fea062923bdad9091d58050bee21cc9102'
+ '999f0f5c198f00943894639d9dd4157f3e078a40e1f8a815aef2dacd5158a67c'
'bba76c5e13952ef45362f8e53a5c030e0f5d722f8f266228787136a5312330ea'
'f2fcd4ca82b833f5e5b7e991882e24f09463cd837242b18cf163bc751f2e21d5'
'766faefbd4898049e9913589962bf839da6785d50f0631b4eac7316f16bf2ea6'
- '3aa459ef9295cd76d102a767a8910cc42cfc672bdde9ab98453465a37946024d'
- 'e5e960afe0a2ed519b3a8d20e645b4defd0ff9920797bf9accdd7b235ab8637d'
+ 'ccb405fe8a3cae43b7211807eab90baf4ae99d9e09612304e6b3e52474f9434d'
+ '516f6f38c442208c79f4c3d8734520ebe026607dc2d88c6b4383e7893522313b'
'32d40630a010ee91d2c35c814ef2f567ad7faf859f8198735829958cb055f53b'
'1ffdcff3d4e31c5cceddadfa0111c27a34480594238cdf85866ee1073d922910'
- '26fe6a707517789f512fffd83009d20544987e944ad4b3d10ed30e8b566f96ba'
- '4007869a43897d45ba56b631195ff9ce96616cb160e9a3785f2b4c9313115095'
+ '316c6ed1a85cee7ec1e00b6b3b869dbf47b81c23e8384d9f704f69e99a21c2e9'
+ '5ee703cddba6045a03ee882ff70423fe185d009e2c912fc49ef66f7703ea46fe'
'2400173d2c84573194c6af9031663a5b2332ccb4929b246b216c61c97d8b0a54'
- '04cf5528a4e211a2f33d74282013672ac1a585814c0de46419f2dc3c469a71a7'
+ '77a4635a30d54f187efaae5ac1f1cb029445b1317f148053206ebeb6a3255ae6'
'72d30acbe1e8488c6bd3af2e0813223842a63b859d6e7aff66d2f23612b7ad8b'
- '8cd6457b71bf20023f25b66e78cdebb43205f26db03a6d88c64202cc51ba1b39'
- '039a07b1171a9fc1bd71a792c2ee152f774a1bf34a768eae72113b3ff5fd19e7'
- 'fdab230f8c1c457277d921cf318771852288c665c01fd1b9f570e1b9be6dac25'
- 'f129686f536941c820022a95b242c83f4de54facdac59b6eb16db46e84de0c7c'
- 'a41b65c032a21298eed7d70e83dfbe3d28fe268963803d225914d2a21f97b22c'
+ '1b9b4ac7550b33f2dcce3ef7d64cdc52682cc78ce397aba9ff71cca93b1282be'
+ 'a319b263cd437a2a817845a0670137e8aef7826e768db8454994ecd2af01c247'
+ '62e4d94c648a48313d3716a85c5503f99d02674cc97be6b86fdddbc397cd0999'
+ '6684d5c564a4d4a8a2b90a51890abae719f419f81baae057b41e9b4cfba07c34'
+ 'fc53e7bcaa3ebcd0bb5e6562f57561dc23727690529cae97c86560fed05e05c0'
'dfb11575e7d43071c9046762408b7267507c645020678d57689d55d3f68c0c28'
- 'b0bc4493dea4241a5a7e83ce705c25a867a22ff9d610cbbe50c031c65d8c83e8'
- 'b941526ab077d21dc0e833ff2bd375eb06ff53d3898d3142ef917e3a7f3a67c7'
- '8fe583a722a48596c93634136fb2bea621b30311bc935447bf4dc0c472aac117'
- 'eab658c30b83505825765f6a99aeaff693888e6bfa4e5b436349a79c43b322e0'
- '9b7bf3b170494a2a10b56b2d903902140d50919e1e4a32bcfd16feeb08fa402e'
+ 'c4258daf80395735546d2e12214b77a14207e09be16372030322e459235a37ea'
+ '6545e1406fe6ee307ea876dffb41ae5453469d388ff12941ab210d5e372462b6'
+ '056dd0b79d0e1992dd6cdfe1553e5048d8c4cc8baf8812d69f9e2e55000467bd'
+ '76f83f143ea043fa07e8db8e39163a17b5889ed6cdfe2e88b95440d7c4f8ef3e'
+ 'd747ba2ee13eda08f2d52006333f81d845b82b1b3e1c099d96a5de9aeea6ac0e'
'7038651e09bd1f1cf2561ee977e6fcc58f7295ce821f419288da6d0b2bcc8feb'
- '0d7a0f8bd7f0a8f1319d79a433d848a3eb43e81f4a14f29d5c8602be49d93cb9')
+ '0d7a0f8bd7f0a8f1319d79a433d848a3eb43e81f4a14f29d5c8602be49d93cb9'
+ 'ca63e1a8b93eed45fe1b6dc4da087d18b866570d99cfc6abfb8a7d3187d98e83')
diff --git a/firefox-kde-opensuse.changes b/firefox-kde-opensuse.changes
new file mode 100644
index 000000000000..005efa9ee0fe
--- /dev/null
+++ b/firefox-kde-opensuse.changes
@@ -0,0 +1,10476 @@
+-------------------------------------------------------------------
+Thu Oct 26 10:31:03 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 119.0
+ https://www.mozilla.org/en-US/firefox/119.0/releasenotes
+ MFSA 2023-45 (bsc#1216338)
+ * CVE-2023-5721 (bmo#1830820)
+ Queued up rendering could have allowed websites to clickjack
+ * CVE-2023-5722 (bmo#1738426)
+ Cross-Origin size and header leakage
+ * CVE-2023-5723 (bmo#1802057)
+ Invalid cookie characters could have led to unexpected errors
+ * CVE-2023-5724 (bmo#1836705)
+ Large WebGL draw could have led to a crash
+ * CVE-2023-5725 (bmo#1845739)
+ WebExtensions could open arbitrary URLs
+ * CVE-2023-5726 (bmo#1846205)
+ Full screen notification obscured by file open dialog on macOS
+ * CVE-2023-5727 (bmo#1847180)
+ Download Protections were bypassed by .msix, .msixbundle,
+ .appx, and .appxbundle files on Windows
+ * CVE-2023-5728 (bmo#1852729)
+ Improper object tracking during GC in the JavaScript engine
+ could have led to a crash.
+ * CVE-2023-5729 (bmo#1823720)
+ Fullscreen notification dialog could have been obscured by
+ WebAuthn prompts
+ * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833,
+ bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002,
+ bmo#1855306, bmo#1855640, bmo#1856695)
+ Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4,
+ and Thunderbird 115.4.1
+ * CVE-2023-5731 (bmo#1690111, bmo#1721904, bmo#1851803, bmo#1854068)
+ Memory safety bugs fixed in Firefox 119
+- requires NSS 3.94
+
+-------------------------------------------------------------------
+Wed Oct 11 18:28:09 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 118.0.2
+ * Fix games not loading on betsoft.com (bmo#1856145)
+ * Fix printing issues for some SVG images (bmo#1853727)
+ * Fix CORS XHR with authentication no longer working (bmo#1855650)
+ * Fix h264 WebRTC video not working in some contexts (bmo#1855636)
+ * Fix Firefox Translations not working on some pages
+ (bmo#1841656, bmo#1855307)
+ * Stability fixes (bmo#1851991, bmo#1799326, bmo#1856637)
+
+-------------------------------------------------------------------
+Sat Sep 30 19:51:56 UTC 2023 - Björn Bidar <bjorn.bidar@thaodan.de>
+
+- Activate KDE integration again, included rebased and updated
+ patches, firefox-kde.patch and mozilla-kde.patch, (upstream
+ removed special files handling for preferences but that has no
+ effect since we haven't shipped obsolete kde.js for a while)
+ (boo#1216027)
+
+-------------------------------------------------------------------
+Fri Sep 29 06:50:26 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 118.0.1
+ MFSA 2023-44 (bsc#1215814)
+ * CVE-2023-5217 (bmo#1855550),
+ Heap buffer overflow in libvpx
+
+-------------------------------------------------------------------
+Mon Sep 25 06:35:49 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 118.0
+ MFSA 2023-41 (bsc#1215575)
+ * CVE-2023-5168 (bmo#1846683)
+ Out-of-bounds write in FilterNodeD2D1
+ * CVE-2023-5169 (bmo#1846685)
+ Out-of-bounds write in PathOps
+ * CVE-2023-5170 (bmo#1846686)
+ Memory leak from a privileged process
+ * CVE-2023-5171 (bmo#1851599)
+ Use-after-free in Ion Compiler
+ * CVE-2023-5172 (bmo#1852218)
+ Memory Corruption in Ion Hints
+ * CVE-2023-5173 (bmo#1823172)
+ Out-of-bounds write in HTTP Alternate Services
+ * CVE-2023-5174 (bmo#1848454)
+ Double-free in process spawning on Windows
+ * CVE-2023-5175 (bmo#1849704)
+ Use-after-free of ImageBitmap during process shutdown
+ * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962,
+ bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195)
+ Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3,
+ and Thunderbird 115.3
+- requires NSS 3.93
+- add mozilla-bmo1822730.patch
+- deactivated KDE integration temporarily
+ (removed mozilla-kde.patch and firefox-kde.patch for now)
+
+-------------------------------------------------------------------
+Tue Sep 12 17:04:01 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 117.0.1
+ * Fix a bug causing extensions using an event page for long-
+ running tasks to be terminated while running, causing
+ unexpected behavior changes (bmo#1851373)
+ * Temporarily revert an intentional behavior change preventing
+ Javascript from changing URL.protocol (bmo#1850954).
+ * Fix audio worklets not working for sites using WebAssembly
+ exception handling (bmo#1851468)
+ * Fix the Reopen all tabs option in the Recently closed tabs
+ menu sometimes failing to open all tabs (bmo#1850856)
+ * Fix the bookmarks menu sometimes remaining partially visible
+ when minimizing Firefox (bmo#1843700)
+ * Fix an issue causing incorrect time zones to be detected on
+ some sites (bmo#1848615)
+ * MFSA 2023-40 CVE-2023-4863 (boo#1215231)
+ Heap buffer overflow in WebP
+
+-------------------------------------------------------------------
+Sun Aug 27 08:51:28 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 117.0
+ https://www.mozilla.org/en-US/firefox/117.0/releasenotes
+ MFSA 2023-34 (bsc#1214606)
+ * CVE-2023-4573 (bmo#1846687)
+ Memory corruption in IPC CanvasTranslator
+ * CVE-2023-4574 (bmo#1846688)
+ Memory corruption in IPC ColorPickerShownCallback
+ * CVE-2023-4575 (bmo#1846689)
+ Memory corruption in IPC FilePickerShownCallback
+ * CVE-2023-4576 (bmo#1846694)
+ Integer Overflow in RecordedSourceSurfaceCreation
+ * CVE-2023-4577 (bmo#1847397)
+ Memory corruption in JIT UpdateRegExpStatics
+ * CVE-2023-4578 (bmo#1839007)
+ Error reporting methods in SpiderMonkey could have triggered
+ an Out of Memory Exception
+ * CVE-2023-4579 (bmo#1842766)
+ Persisted search terms were formatted as URLs
+ * CVE-2023-4580 (bmo#1843046)
+ Push notifications saved to disk unencrypted
+ * CVE-2023-4581 (bmo#1843758)
+ XLL file extensions were downloadable without warnings
+ * CVE-2023-4582 (bmo#1773874)
+ Buffer Overflow in WebGL glGetProgramiv
+ * CVE-2023-4583 (bmo#1842030)
+ Browsing Context potentially not cleared when closing Private
+ Window
+ * CVE-2023-4584 (bmo#1843968, bmo#1845205, bmo#1846080,
+ bmo#1846526, bmo#1847529)
+ Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,
+ Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
+ * CVE-2023-4585 (bmo#1751583, bmo#1841082, bmo#1847904, bmo#1848999)
+ Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2,
+ and Thunderbird 115.2
+- requires
+ NSS = 3.92
+ rustc = 1.71
+
+-------------------------------------------------------------------
+Thu Aug 17 18:20:18 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 116.0.3
+ * Fixed an issue for OPFS users that broke access to files that
+ were locally cached in a previous version
+ (bmo#1847989, bmo#1847619)
+ * Fixed an issue that was breaking screensharing for some users
+ on Wayland (bmo#1841851)
+ * Fixed an issue where a fullscreen notification was persistently
+ being shown to a user, even after disabling it (bmo#1847901)
+ * Fixed an issue where Firefox would hang when doing a Google
+ search (bmo#1847066)
+
+-------------------------------------------------------------------
+Tue Aug 15 09:51:15 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- After further testing on memory consumption during linking, it's
+ safe to remove most of the memory reducing options for ix86 linker.
+ A combination of these actually resulted in the OOM condition.
+ It's even possible to add basic debugging info while keeping
+ linker memory consumption at about 2GB
+
+-------------------------------------------------------------------
+Thu Aug 10 16:32:02 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 116.0.2
+ * fixes for other platforms
+
+-------------------------------------------------------------------
+Wed Aug 9 09:52:36 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- Workarold ld bug causing OOM when linking on 32-bit
+- Remove -j1 limit on x86. The build runs on 64-bit kernel with a
+ 32-bit userland. This means there is plenty of memory available
+ but userland is limited to just under 4GB per process.
+
+-------------------------------------------------------------------
+Sat Aug 5 17:46:22 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 116.0.1
+ * fixes for other platforms
+
+-------------------------------------------------------------------
+Sat Aug 5 10:04:18 UTC 2023 - Andreas Schwab <schwab@suse.de>
+
+- ship vaapitest binary for supported archs
+
+-------------------------------------------------------------------
+Fri Aug 4 09:55:05 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- re-enable ppc64le
+- ship v4l2test binary for supported archs
+- drop obsolete mozilla-bmo1775202.patch
+
+-------------------------------------------------------------------
+Sun Jul 30 19:55:49 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 116.0
+ * https://www.mozilla.org/en-US/firefox/116.0/releasenotes/
+ MFSA 2023-29 (bsc#1213746)
+ * CVE-2023-4045 (bmo#1833876)
+ Offscreen Canvas could have bypassed cross-origin restrictions
+ * CVE-2023-4046 (bmo#1837686)
+ Incorrect value used during WASM compilation
+ * CVE-2023-4047 (bmo#1839073)
+ Potential permissions request bypass via clickjacking
+ * CVE-2023-4048 (bmo#1841368)
+ Crash in DOMParser due to out-of-memory conditions
+ * CVE-2023-4049 (bmo#1842658)
+ Fix potential race conditions when releasing platform objects
+ * CVE-2023-4050 (bmo#1843038)
+ Stack buffer overflow in StorageManager
+ * CVE-2023-4051 (bmo#1821884)
+ Full screen notification obscured by file open dialog
+ * CVE-2023-4052 (bmo#1824420)
+ File deletion and privilege escalation through Firefox uninstaller
+ * CVE-2023-4053 (bmo#1839079)
+ Full screen notification obscured by external program
+ * CVE-2023-4054 (bmo#1840777)
+ Lack of warning when opening appref-ms files
+ * CVE-2023-4055 (bmo#1782561)
+ Cookie jar overflow caused unexpected cookie jar state
+ * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235,
+ bmo#1842325, bmo#1843847)
+ Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
+ Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14
+ * CVE-2023-4057 (bmo#1841682)
+ Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
+ and Thunderbird 115.1
+ * CVE-2023-4058 (bmo#1819160, bmo#1828024)
+ Memory safety bugs fixed in Firefox 116
+- require NSS 3.91
+- remove obsolete mozilla-fix-top-level-asm.patch
+- re-enable LTO
+
+-------------------------------------------------------------------
+Fri Jul 28 20:56:00 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 115.0.3
+ * fixes for other platforms
+- remove bashisms from firefox startup script (boo#1213657)
+
+-------------------------------------------------------------------
+Thu Jul 13 13:30:20 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 115.0.2
+ * Fixed a bug with displaying a caret in the text editor on some websites
+ (bmo#1840804)
+ * Fixed a bug with broken audio rendering on some websites (bmo#1841982)
+ * Fixed a bug with patternTransform translate using the wrong units
+ (bmo#1840746)
+ MFSA 2023-26 (bsc#1213230)
+ * CVE-2023-3600 (bmo#1839703)
+ Use-after-free in workers
+
+-------------------------------------------------------------------
+Fri Jul 7 19:39:30 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
+
+- Mozilla Firefox 115.0.1
+ * fixes for other platforms
+
+-------------------------------------------------------------------
+Sun Jul 2 16:00:53 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 115.0
+ * Support for importing payment methods saved in Chrome-based browser
+ * Hardware video decoding is now enabled for Intel GPUs on Linux
+ * The Tab Manager dropdown now features close buttons, so tabs
+ can be closed more quickly
+ * Streamlined the user interface for importing data in from other browsers
+ * Users without platform support for H264 video decoding can now
+ fallback to Cisco's OpenH264 plugin for playback.
+ * Undo and redo are now available in Password fields
+ * Changed: On Linux, middle clicks on the new tab button will
+ now open the xclipboard contents in the new tab. If the
+ xclipboard content is a URL then that URL is opened, any
+ other text is opened with your default search provider.
+ * Changed: For users with a Firefox Colorways built-in theme,
+ the theme will be automatically migrated to the same theme
+ hosted on addons.mozilla.org for Firefox profiles that have
+ disabled add-ons auto-updates. This will allow users to keep
+ their Colorways theme when they are later removed from
+ Firefox installer files.
+ * Changed: Certain Firefox users may come across a message in
+ the extensions panel indicating that their add-ons are not
+ allowed on the site currently open. We have introduced a new
+ back-end feature to only allow some extensions monitored by
+ Mozilla to run on specific websites for various reasons,
+ including security concerns.
+ * HTML5: The builtin editor now behaves similarly to other
+ browsers with `contenteditable` and `designMode` when
+ splitting a node, e.g. typing Enter to split a paragraph, and
+ also when joining two nodes, e.g. typing Backspace at the
+ start of a paragraph to join the paragraph and the previous
+ one.
+ When a node is split, the builtin editor creates a new node
+ after the original one instead of before, i.e. creates the
+ right node instead of the left node.
+ Similarly, when two nodes are joined, the builtin editor
+ deletes the latter node and moves its children to the end of
+ the preceding node instead of deleting the former node and
+ moving its child to the start of the following node.
+ * HTML5: WebRTC application developers can now specify a target
+ in milliseconds of media for the jitter buffer to hold.
+ Altering the target value allows applications to control the
+ tradeoff between playout delay and the risk of running out of
+ audio or video frames due to network jitter.
+ * HTML5: Change array by copy provides additional methods on
+ `Array.prototype` and `TypedArray.prototype` to enable
+ changes on the array by returning a new copy of it with the
+ change.
+ * HTML5: The animation-composition property is now supported,
+ allowing a declarative way to define the composite operation
+ used when multiple animations affect the same property
+ simultaneously.
+ * HTML5: Added the URL.canParse() function to allow easy and
+ fast checking if URLs are valid and parseable.
+ * HTML5: IndexedDB is now also supported in private browsing
+ without memory limits thanks to encrypted storage on disk.
+ The temporary keys to decrypt the information are hold in RAM
+ only and all stored information is purged at the normal end
+ of a private browsing session from disk.
+ * HTML5: Supports conditions are now supported in CSS import
+ rules @import supports(...)
+ * Developer: In web development, we rely on third-party
+ libraries which you may not be interested in while debugging.
+ These can be ignored. Ignoring them means that breakpoints
+ will not get hit and they are skipped during stepping.
+ You can now choose to **Hide ignore-listed sources** in the
+ Developer Tools source tree
+ * Developer: We have introduced a new option,
+ `devtools.f12_enabled`, that can be utilized to prevent the
+ accidental use of the F12 key, which opens the DevTools
+ toolbox (bug).
+ * Enterprise: You can find information about policy updates and
+ enterprise specific bug fixes in the Firefox for Enterprise
+ 115 Release Notes.
+ MFSA 2023-22 (bsc#1212438)
+ * CVE-2023-3482 (bmo#1839464)
+ Block all cookies bypass for localstorage
+ * CVE-2023-37201 (bmo#1826002)
+ Use-after-free in WebRTC certificate generation
+ * CVE-2023-37202 (bmo#1834711)
+ Potential use-after-free from compartment mismatch in SpiderMonkey
+ * CVE-2023-37203 (bmo#291640)
+ Drag and Drop API may provide access to local system files
+ * CVE-2023-37204 (bmo#1832195)
+ Fullscreen notification obscured via option element
+ * CVE-2023-37205 (bmo#1704420)
+ URL spoofing in address bar using RTL characters
+ * CVE-2023-37206 (bmo#1813299)
+ Insufficient validation of symlinks in the FileSystem API
+ * CVE-2023-37207 (bmo#1816287)
+ Fullscreen notification obscured
+ * CVE-2023-37208 (bmo#1837675)
+ Lack of warning when opening Diagcab files
+ * CVE-2023-37209 (bmo#1837993)
+ Use-after-free in `NotifyOnHistoryReload`
+ * CVE-2023-37210 (bmo#1821886)
+ Full-screen mode exit prevention
+ * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886,
+ bmo#1836550, bmo#1837450)
+ Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
+ and Thunderbird 102.13
+ * CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206, bmo#1827076,
+ bmo#1828690, bmo#1833503, bmo#1835710, bmo#1838587)
+ Memory safety bugs fixed in Firefox 115
+- Requires NSS 3.90
+- Add patches:
+ mozilla-rust-disable-future-incompat.patch
+ mozilla-bmo1775202.patch
+ mozilla-partial-revert-1768632.patch
+- removed obsolete mozilla-buildfixes.patch
+
+-------------------------------------------------------------------
+Tue Jun 20 19:49:51 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
+
+- Mozilla Firefox 114.0.2:
+ * Several crash fixes
+ * Web Extensions: Fixes for 114 regressions in Native Messaging
+ support
+
+-------------------------------------------------------------------
+Tue Jun 20 06:30:02 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- do not enable LTO as it caused crashes now (boo#1212101)
+
+-------------------------------------------------------------------
+Sat Jun 10 14:48:07 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
+
+- Mozilla Firefox 114.0.1
+ * Fix a startup crash (bmo#1837201, boo#1212101)
+
+-------------------------------------------------------------------
+Fri Jun 9 11:05:47 UTC 2023 - Martin Sirringhaus <martin.sirringhaus@suse.com>
+
+- Only install vaapitest for wayland-enabled builds, where it gets built
+- Rebase mozilla-silence-no-return-type.patch
+- Rebase s390x-patches, and remove obsolete patches:
+ mozilla-bmo1005535.patch mozilla-s390x-skia-gradient.patch
+
+-------------------------------------------------------------------
+Mon Jun 5 21:22:19 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 114.0
+ MFSA 2023-20 (bsc#1211922)
+ * CVE-2023-34414 (bmo#1695986)
+ Click-jacking certificate exceptions through rendering lag
+ * CVE-2023-34415 (bmo#1811999)
+ Site-isolation bypass on sites that allow open redirects to
+ data: urls
+ * CVE-2023-34416 (bmo#1752703, bmo#1818394, bmo#1826875,
+ bmo#1827340, bmo#1827655, bmo#1828065, bmo#1830190,
+ bmo#1830206, bmo#1830795, bmo#1833339)
+ Memory safety bugs fixed in Firefox 114 and Firefox ESR
+ 102.12
+ * CVE-2023-34417 (bmo#1746447, bmo#1820903, bmo#1832832)
+ Memory safety bugs fixed in Firefox 114
+ * New: Added UI to manage the DNS over HTTPS exception list.
+ (bmo#1596847)
+ * New: Bookmarks can now be searched from the Bookmarks menu.
+ The Bookmarks menu is accessible by adding the *Bookmarks
+ menu* button to the toolbar. (bmo#1736937)
+ * New: Restrict searches to your local browsing history by
+ selecting *Search history* from the History, Library or
+ Application menu buttons. (bmo#1736939)
+ * New: Mac users can now capture video from their cameras in
+ all supported native resolutions. This enables resolutions
+ higher than 1280x720. (bmo#1806604)
+ * New: It is now possible to reorder the extensions listed in
+ the extensions panel. (bmo#1805924)
+ * New: Users on macOS, Linux, and Windows 7 can now use FIDO2 /
+ WebAuthn authenticators over USB. Some advanced features,
+ such as fully passwordless logins, require a PIN to be set on
+ the authenticator. (bmo#1814487)
+ * New: Pocket Recommended content can now be seen in France,
+ Italy, and Spain. (bmo#None)
+ * Changed: DNS over HTTPS settings are now part of the
+ *Privacy & Security* section of the *Settings* page and allow
+ the user to choose from all the supported modes.
+ (bmo#1610741)
+ * HTML5: DOM: Added support for ES Modules on DedicatedWorker
+ and SharedWorker
+ * HTML5: WebTransport is now enabled by default and will be
+ going to release with 114. As the original Explainer notes,
+ it enables multiple use-cases that are hard or impossible to
+ handle without it, especially for Gaming and live streaming.
+ It covers cases that are problematic for alternative
+ mechanisms, such as WebSockets.
+ Built on top of HTTP3 (HTTP2 support will be coming later).
+ The current implementation in Firefox is passing 505 out of
+ 565 Web-Platform Tests.
+ * HTML5: CSS: The `infinity` and `NaN` constants are now
+ supported inside the `calc()` function. (bmo#1830759)
+ * Developer: The *Copy as cURL* feature, available in the
+ Network panel, has been enhanced. It now supports the
+ -`-compressed` argument. (bmo#1776120)
+ * Developer: The Accessibility Inspector has been improved to
+ accurately recognize all the ARIA roles like `banner`,
+ `main`, `navigation`, and `contentinfo`, etc. This
+ enhancement is particularly beneficial for web developers
+ working with ARIA roles to improve web accessibility.
+ (bmo#1572512)
+ * Developer: Firefox now provides support for the CSS Cascading
+ Level 4 `supports()` syntax for `@import` rules. This allows
+ for the importation of other stylesheets based on support-
+ dependency. In addition, the Inspector panel now accurately
+ displays the conditions at the top of the imported rule.
+- requires NSS 3.89.1
+
+-------------------------------------------------------------------
+Wed May 24 19:26:35 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
+
+- Mozilla Firefox 113.0.2 (boo#1211696)
+ * Fixed: Fixed a bug which could cause Firefox to freeze on
+ some pages when loading them with the Developer Tools Web
+ Console open (bmo#1828026)
+ * Fixed: Fixed a bug which would cause the bookmarks and
+ history sidebars to not properly react to the browser window
+ being vertically resized (bmo#1831535)
+
+-------------------------------------------------------------------
+Sat May 13 20:56:05 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
+
+- Mozilla Firefox 113.0.1
+ * UI fixes for other platforms
+- upstream signing key updated
+
+-------------------------------------------------------------------
+Tue May 9 21:12:38 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 113.0
+ * https://www.mozilla.org/en-US/firefox/113.0/releasenotes
+ MFSA 2023-16 (bsc#1211175)
+ * CVE-2023-32205 (bmo#1753339, bmo#1753341)
+ Browser prompts could have been obscured by popups
+ * CVE-2023-32206 (bmo#1824892)
+ Crash in RLBox Expat driver
+ * CVE-2023-32207 (bmo#1826116)
+ Potential permissions request bypass via clickjacking
+ * CVE-2023-32208 (bmo#1646034)
+ Leak of script base URL in service workers via import()
+ * CVE-2023-32209 (bmo#1767194)
+ Persistent DoS via favicon image
+ * CVE-2023-32210 (bmo#1776755)
+ Incorrect principal object ordering
+ * CVE-2023-32211 (bmo#1823379)
+ Content process crash due to invalid wasm code
+ * CVE-2023-32212 (bmo#1826622)
+ Potential spoof due to obscured address bar
+ * CVE-2023-32213 (bmo#1826666)
+ Potential memory corruption in FileReader::DoReadData()
+ * MFSA-TMP-2023-0002 (bmo#1814560, bmo#1814790, bmo#1819796)
+ Race condition in dav1d decoding
+ * CVE-2023-32214 (bmo#1828716)
+ Potential DoS via exposed protocol handlers
+ * CVE-2023-32215 (bmo#1540883, bmo#1751943, bmo#1814856, bmo#1820210,
+ bmo#1821480, bmo#1827019, bmo#1827024, bmo#1827144, bmo#1827359,
+ bmo#1830186)
+ Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
+ * CVE-2023-32216 (bmo#1746479, bmo#1806852, bmo#1815987,
+ bmo#1820359, bmo#1823568, bmo#1824803, bmo#1824834, bmo#1825170,
+ bmo#1827020, bmo#1828130)
+ Memory safety bugs fixed in Firefox 113
+- removed obsolete mozilla-bmo1568145.patch
+
+-------------------------------------------------------------------
+Sun May 7 19:47:00 UTC 2023 - Aaron Puchert <aaronpuchert@alice-dsl.net>
+
+- Fix i586 build by reducing debug info to -g1. (boo#1210168)
+
+-------------------------------------------------------------------
+Tue Apr 25 16:01:07 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 112.0.2
+ * Fix a high memory usage issue with animated images in minimized
+ (or completely covered) windows, especially when using animated
+ themes (bmo#1828587)
+ * Fix an issue where Linux users with bitmap fonts installed may
+ have had entire sections of text invisible to them on some
+ sites (bmo#1827950)
+
+-------------------------------------------------------------------
+Fri Apr 21 09:48:25 UTC 2023 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Include Leap 15.5 in check for which python version is required.
+
+-------------------------------------------------------------------
+Thu Apr 20 13:24:13 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
+
+- Mozilla Firefox 112.0.1
+ * Fix a bug where cookie dates appear to be set in the far
+ future after updating Firefox. This may have caused cookies to
+ be unintentionally purged (bmo#1827669)
+
+-------------------------------------------------------------------
+Mon Apr 10 21:58:19 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 112.0
+ * https://www.mozilla.org/en-US/firefox/112.0/releasenotes/
+ MFSA 2023-13 (bsc#1210212)
+ * CVE-2023-29531 (bmo#1794292)
+ Out-of-bound memory access in WebGL on macOS
+ * CVE-2023-29532 (bmo#1806394)
+ Mozilla Maintenance Service Write-lock bypass
+ * CVE-2023-29533 (bmo#1798219, bmo#1814597)
+ Fullscreen notification obscured
+ * CVE-2023-29534 (bmo#1816007, bmo#1816059, bmo#1821155, bmo#1821576,
+ bmo#1821906, bmo#1822298, bmo#1822305)
+ Fullscreen notification could have been obscured on Firefox
+ for Android
+ * MFSA-TMP-2023-0001 (bmo#1819244)
+ Double-free in libwebp
+ * CVE-2023-29535 (bmo#1820543)
+ Potential Memory Corruption following Garbage Collector compaction
+ * CVE-2023-29536 (bmo#1821959)
+ Invalid free from JavaScript code
+ * CVE-2023-29537 (bmo#1823365, bmo#1824200, bmo#1825569)
+ Data Races in font initialization code
+ * CVE-2023-29538 (bmo#1685403)
+ Directory information could have been leaked to WebExtensions
+ * CVE-2023-29539 (bmo#1784348)
+ Content-Disposition filename truncation leads to Reflected
+ File Download
+ * CVE-2023-29540 (bmo#1790542)
+ Iframe sandbox bypass using redirects and sourceMappingUrls
+ * CVE-2023-29541 (bmo#1810191)
+ Files with malicious extensions could have been downloaded
+ unsafely on Linux
+ * CVE-2023-29542 (bmo#1810793, bmo#1815062)
+ Bypass of file download extension restrictions
+ * CVE-2023-29543 (bmo#1816158)
+ Use-after-free in debugging APIs
+ * CVE-2023-29544 (bmo#1818781)
+ Memory Corruption in garbage collector
+ * CVE-2023-29545 (bmo#1823077)
+ Windows Save As dialog resolved environment variables
+ * CVE-2023-29546 (bmo#1780842)
+ Screen recording in Private Browsing included address bar on
+ Android
+ * CVE-2023-29547 (bmo#1783536)
+ Secure document cookie could be spoofed with insecure cookie
+ * CVE-2023-29548 (bmo#1822754)
+ Incorrect optimization result on ARM64
+ * CVE-2023-29549 (bmo#1823042)
+ Javascript's bind function may have failed
+ * CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498, bmo#1814217,
+ bmo#1818357, bmo#1818762, bmo#1819493, bmo#1820389, bmo#1820602,
+ bmo#1821448, bmo#1822413, bmo#1824828)
+ Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
+ * CVE-2023-29551 (bmo#1763625, bmo#1814314, bmo#1815798, bmo#1815890,
+ bmo#1819239, bmo#1819465, bmo#1819486, bmo#1819492, bmo#1819957,
+ bmo#1820514, bmo#1820776, bmo#1821838, bmo#1822175, bmo#1823547)
+ Memory safety bugs fixed in Firefox 112
+- requires
+ * NSS 3.89
+ * Python >= 3.7 (for build)
+- removed obsolete mozilla-bmo1807652.patch
+- Fix Icons displayed incorrectly on GNOME/wayland via WMCLASS
+ in desktop file
+
+-------------------------------------------------------------------
+Mon Mar 27 15:17:17 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 111.0.1 (boo#1209688)
+ * Fixed a crash on macOS while pinch-zooming under some circumstances
+ (bmo#1658986)
+ * Fixed a bug causing Firefox to freeze on startup for some
+ Windows users (bmo#1823159)
+- Fix build on Tumbleweed (bmo#1807652, already included earlier but found later
+ by vanilla package)
+- Exclude i586/i686 once again because it fails to link libxul due
+ to its size
+
+-------------------------------------------------------------------
+Tue Mar 14 14:29:09 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 111.0
+ * https://www.mozilla.org/en-US/firefox/111.0/releasenotes
+ MFSA 2023-09 (bsc#1209173)
+ * CVE-2023-28159 (bmo#1783561)
+ Fullscreen Notification could have been hidden by download
+ popups on Android
+ * CVE-2023-25748 (bmo#1798798)
+ Fullscreen Notification could have been hidden by window
+ prompts on Android
+ * CVE-2023-25749 (bmo#1810705)
+ Firefox for Android may have opened third-party apps without
+ a prompt
+ * CVE-2023-25750 (bmo#1814733)
+ Potential ServiceWorker cache leak during private browsing mode
+ * CVE-2023-25751 (bmo#1814899)
+ Incorrect code generation during JIT compilation
+ * CVE-2023-28160 (bmo#1802385)
+ Redirect to Web Extension files may have leaked local path
+ * CVE-2023-28164 (bmo#1809122)
+ URL being dragged from a removed cross-origin iframe into the
+ same tab triggered navigation
+ * CVE-2023-28161 (bmo#1811181)
+ One-time permissions granted to a local file were extended to
+ other local files loaded in the same tab
+ * CVE-2023-28162 (bmo#1811327)
+ Invalid downcast in Worklets
+ * CVE-2023-25752 (bmo#1811627)
+ Potential out-of-bounds when accessing throttled streams
+ * CVE-2023-28163 (bmo#1817768)
+ Windows Save As dialog resolved environment variables
+ * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904, bmo#1817442,
+ bmo#1818674)
+ Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
+ * CVE-2023-28177 (bmo#1803109, bmo#1808832, bmo#1809542, bmo#1817336)
+ Memory safety bugs fixed in Firefox 111
+- ensure gcc11-c++ gets used on Leap 15.5
+- requires NSS >= 3.88.1
+- removed obsolete patches
+ gcc13-fix.patch
+ mozilla-bmo1810584.patch
+- rebased patches
+- update create-tar.sh
+- Packaging cleanup
+
+
+-------------------------------------------------------------------
+Tue Mar 7 09:40:11 UTC 2023 - Martin Liška <mliska@suse.cz>
+
+- Cherry-pick upstream changes for GCC 13 in gcc13-fix.patch.
+
+-------------------------------------------------------------------
+Mon Mar 6 20:09:41 UTC 2023 - Andreas Schwab <schwab@suse.de>
+
+- Limit memory use on riscv64
+
+-------------------------------------------------------------------
+Sat Mar 4 16:03:22 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Fix 32 bit build bmo#1810584 (add mozilla-bmo1810584.patch)
+
+-------------------------------------------------------------------
+Fri Mar 3 17:29:27 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 110.0.1 (boo#1208886)
+ * Fixed clearing recent cookies clears all cookies
+ (bmo#1816279)
+ * Fixed WebGL crashes on Linux when ran inside a VMWare virtual
+ machine (bmo#1807942)
+ * Fixed a bug with CSP serialization causing bugs with the MitID
+ Digital ID in Denmark (bmo#1819096)
+
+-------------------------------------------------------------------
+Wed Feb 15 09:56:46 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 110.0
+ * https://www.mozilla.org/en-US/firefox/110.0/releasenotes
+ MFSA 2023-05 (bsc#1208144)
+ * CVE-2023-25728 (bmo#1790345)
+ Content security policy leak in violation reports using iframes
+ * CVE-2023-25730 (bmo#1794622)
+ Screen hijack via browser fullscreen mode
+ * CVE-2023-25743 (bmo#1800203)
+ Fullscreen notification not shown in Firefox Focus
+ * CVE-2023-0767 (bmo#1804640)
+ Arbitrary memory write via PKCS 12 in NSS
+ * CVE-2023-25735 (bmo#1810711)
+ Potential use-after-free from compartment mismatch in SpiderMonkey
+ * CVE-2023-25737 (bmo#1811464)
+ Invalid downcast in SVGUtils::SetupStrokeGeometry
+ * CVE-2023-25738 (bmo#1811852)
+ Printing on Windows could potentially crash Firefox with some
+ device drivers
+ * CVE-2023-25739 (bmo#1811939)
+ Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
+ * CVE-2023-25729 (bmo#1792138)
+ Extensions could have opened external schemes without user knowledge
+ * CVE-2023-25732 (bmo#1804564)
+ Out of bounds memory write from EncodeInputStream
+ * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338)
+ Opening local .url files could cause unexpected network loads
+ * CVE-2023-25740 (bmo#1812354)
+ Opening local .scf files could cause unexpected network loads
+ * CVE-2023-25731 (bmo#1801542)
+ Prototype pollution when rendering URLPreview
+ * CVE-2023-25733 (bmo#1808632)
+ Possible null pointer dereference in TaskbarPreviewCallback
+ * CVE-2023-25736 (bmo#1811331)
+ Invalid downcast in GetTableSelectionMode
+ * CVE-2023-25741 (bmo#1437126, bmo#1812611, bmo#1813376)
+ Same-origin policy leak via image drag and drop
+ * CVE-2023-25742 (bmo#1813424)
+ Web Crypto ImportKey crashes tab
+ * CVE-2023-25744 (bmo#1789449, bmo#1803628, bmo#1810536)
+ Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
+ * CVE-2023-25745 (bmo#1688592, bmo#1797186, bmo#1804998,
+ bmo#1806521, bmo#1813284)
+ Memory safety bugs fixed in Firefox 110
+- requires
+ NSS = 3.87
+ rust/cargo = 1.66
+- update create-tar.sh
+
+-------------------------------------------------------------------
+Wed Feb 1 19:48:47 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 109.0.1
+ * Fixed jank when loading pages containing a large number of
+ emoji characters (bmo#1809081)
+ * Fixed an issue causing authentication prompts to not appear
+ when loading pages in some enterprise environments
+ (bmo#1809151)
+ * ixed inconsistent sizing of event listener checkboxes inside
+ the Inspector developer tool (bmo#1811760)
+
+-------------------------------------------------------------------
+Mon Jan 16 06:54:09 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 109.0
+ MFSA 2023-01 (bsc#1207119)
+ * CVE-2023-23597 (bmo#1538028)
+ Logic bug in process allocation allowed to read arbitrary
+ files
+ * CVE-2023-23598 (bmo#1800425)
+ Arbitrary file read from GTK drag and drop on Linux
+ * CVE-2023-23599 (bmo#1777800)
+ Malicious command could be hidden in devtools output on
+ Windows
+ * CVE-2023-23600 (bmo#1787034)
+ Notification permissions persisted between Normal and Private
+ Browsing on Android
+ * CVE-2023-23601 (bmo#1794268)
+ URL being dragged from cross-origin iframe into same tab
+ triggers navigation
+ * CVE-2023-23602 (bmo#1800890)
+ Content Security Policy wasn't being correctly applied to
+ WebSockets in WebWorkers
+ * CVE-2023-23603 (bmo#1800832)
+ Calls to <code>console.log</code> allowed bypasing Content
+ Security Policy via format directive
+ * CVE-2023-23604 (bmo#1802346)
+ Creation of duplicate <code>SystemPrincipal</code> from less
+ secure contexts
+ * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974)
+ Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
+ * CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201,
+ bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393,
+ bmo#1804626, bmo#1804971, bmo#1807004)
+ Memory safety bugs fixed in Firefox 109
+- requires NSS 3.86
+- rebased patches
+
+-------------------------------------------------------------------
+Fri Jan 6 06:57:25 UTC 2023 - Luciano Santos <luc14n0@opensuse.org>
+
+- Mozilla Firefox 108.0.2
+ * Fixes a crash that might occur when managing browser history
+ (bmo#1806408).
+- Drop merged-upstream mozilla-bmo1805809.patch.
+
+-------------------------------------------------------------------
+Wed Dec 21 16:05:26 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- add mozilla-bmo1805809.patch to fix build for x86-32 (boo#1206600)
+
+-------------------------------------------------------------------
+Tue Dec 20 07:58:58 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 108.0.1 (boo#1206507)
+ * Fixes the default search engine being reset on upgrade for
+ profiles which were previously copied from a different location
+
+-------------------------------------------------------------------
+Tue Dec 13 13:54:35 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 108.0
+ https://www.mozilla.org/en-US/firefox/108.0/releasenotes/
+ MFSA 2022-51 (bsc#1206242)
+ * CVE-2022-46871 (bmo#1795697)
+ libusrsctp library out of date
+ * CVE-2022-46872 (bmo#1799156)
+ Arbitrary file read from a compromised content process
+ * CVE-2022-46873 (bmo#1644790)
+ Firefox did not implement the CSP directive unsafe-hashes
+ * CVE-2022-46874 (bmo#1746139)
+ Drag and Dropped Filenames could have been truncated to
+ malicious extensions
+ * CVE-2022-46875 (bmo#1786188)
+ Download Protections were bypassed by .atloc and .ftploc
+ files on Mac OS
+ * CVE-2022-46877 (bmo#1795139)
+ Fullscreen notification bypass
+ * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
+ bmo#1801102, bmo#1801315, bmo#1802395)
+ Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
+ * CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845,
+ bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479)
+ Memory safety bugs fixed in Firefox 108
+- requires
+ NSS >= 3.85
+ rustc/cargo 1.65
+
+-------------------------------------------------------------------
+Thu Dec 8 08:42:14 UTC 2022 - Milachew <milachew@mail.lv>
+
+- added translations to .desktop file.
+
+-------------------------------------------------------------------
+Thu Dec 1 21:13:32 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 107.0.1:
+ * Fix an issue with accessing some sites reliably in Private
+ Browsing mode or Strict ETP due to anti-adblockers
+ (bmo#1717806)
+ * Fix an issue where Color Management was not available for
+ some users (bmo#1799391)
+ * Fix an issue with text overlapping in the Settings Menu for
+ some locales (bmo#1800379)
+ * Fix an issue where the DevTools UI is not accessible when an
+ alert dialog is displayed (bmo#1801840)
+
+-------------------------------------------------------------------
+Tue Nov 15 14:22:26 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 107.0
+ MFSA 2022-47 (bsc#1205270)
+ * CVE-2022-45403 (bmo#1762078)
+ Service Workers might have learned size of cross-origin media files
+ * CVE-2022-45404 (bmo#1790815)
+ Fullscreen notification bypass
+ * CVE-2022-45405 (bmo#1791314)
+ Use-after-free in InputStream implementation
+ * CVE-2022-45406 (bmo#1791975)
+ Use-after-free of a JavaScript Realm
+ * CVE-2022-45407 (bmo#1793314)
+ Loading fonts on workers was not thread-safe
+ * CVE-2022-45408 (bmo#1793829)
+ Fullscreen notification bypass via windowName
+ * CVE-2022-45409 (bmo#1796901)
+ Use-after-free in Garbage Collection
+ * CVE-2022-45410 (bmo#1658869)
+ ServiceWorker-intercepted requests bypassed SameSite cookie policy
+ * CVE-2022-45411 (bmo#1790311)
+ Cross-Site Tracing was possible via non-standard override headers
+ * CVE-2022-45412 (bmo#1791029)
+ Symlinks may resolve to partially uninitialized buffers
+ * CVE-2022-45413 (bmo#1791201)
+ SameSite=Strict cookies could have been sent cross-site via
+ intent URLs
+ * CVE-2022-40674 (bmo#1791598)
+ Use-after-free vulnerability in expat
+ * CVE-2022-45415 (bmo#1793551)
+ Downloaded file may have been saved with malicious extension
+ * CVE-2022-45416 (bmo#1793676)
+ Keystroke Side-Channel Leakage
+ * CVE-2022-45417 (bmo#1794508)
+ Service Workers in Private Browsing Mode may have been
+ written to disk
+ * CVE-2022-45418 (bmo#1795815)
+ Custom mouse cursor could have been drawn over browser UI
+ * CVE-2022-45419 (bmo#1716082)
+ Deleting a security exception did not take effect immediately
+ * CVE-2022-45420 (bmo#1792643)
+ Iframe contents could be rendered outside the iframe
+ * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
+ Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5
+- requires
+ * NSS >= 3.84
+ * rust = 1.64
+
+-------------------------------------------------------------------
+Sat Nov 5 13:16:42 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 106.0.5
+ * Addresses a crash experienced by users with Intel Gemini Lake
+ CPUs (bmo#1702019)
+- Mozilla Firefox 106.0.4
+ * Fixed an issue with DRM Video playback (bmo#1797292)
+ * Fixed broken layout of datetime input when switching
+ types (bmo#1797139)
+
+-------------------------------------------------------------------
+Tue Nov 1 19:26:39 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 106.0.3
+ * Fixes for other platforms
+
+-------------------------------------------------------------------
+Thu Oct 27 18:07:29 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 106.0.2
+ * Fix missing content on some PDF forms (bmo#1794351)
+ * Fix column width for the Notification sub-panel in Settings
+ (bmo#1793558)
+ * Fix a browser freeze with accessibility enabled on some sites
+ such as the Proxmox Web UI (bmo#1793748)
+ * Fix page reloading not working with Firefox View and not
+ refreshing synced data (bmo#1792680, bmo#1794474)
+
+-------------------------------------------------------------------
+Sun Oct 23 07:34:50 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 106.0.1
+ * Addresses a crash experienced by users with AMD Zen 1 CPUs
+ (bmo#1796126)
+
+-------------------------------------------------------------------
+Sun Oct 16 20:08:21 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 106.0
+ * support editing of PDFs
+ * introduced Firefox View
+ * major WebRTC update
+ - Better screen sharing for Windows and Linux Wayland users
+ - RTP performance and reliability improvements
+ - Richer statistics
+ - Cross-browser and service compatibility improvements
+ * detailed releasenotes
+ https://www.mozilla.org/en-US/firefox/106.0/releasenotes
+ MFSA 2022-44 (bsc#1204421)
+ * CVE-2022-42927 (bmo#1789128)
+ Same-origin policy violation could have leaked cross-origin URLs
+ * CVE-2022-42928 (bmo#1791520)
+ Memory Corruption in JS Engine
+ * CVE-2022-42929 (bmo#1789439)
+ Denial of Service via window.print
+ * CVE-2022-42930 (bmo#1789503)
+ Race condition in DOM Workers
+ * CVE-2022-42931 (bmo#1780571)
+ Username saved to a plaintext file on disk
+ * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
+ Memory safety bugs fixed in Firefox
+- added -msse2 flag to fix i386 build and workaround bmo#1795993
+- fixed used buildflags
+- renamed mozilla-i686-build.patch to mozilla-buildfixes.patch
+ as it was extended with changes for other archs
+
+-------------------------------------------------------------------
+Sat Oct 8 13:41:12 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 105.0.3:
+ * Fixes for other platforms
+
+-------------------------------------------------------------------
+Wed Oct 5 18:27:01 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 105.0.2:
+ * Fixed poor contrast on various menu items with certain
+ themes on Linux systems (bmo#1792063)
+ * Fixed the scrollbar appearing on the wrong side of
+ `select` elements in right-to-left locales (bmo#1791219)
+ * Fixed a possible deadlock when loading some sites in
+ Troubleshoot Mode (bmo#1786259)
+ * Fixed a bug causing some dynamic appearance changes to
+ not appear when expected (bmo#1786521)
+ * Fixed a bug causing theme styling to not be properly applied
+ to sidebars for some add-ons in Private Browsing Mode
+ (bmo#1787543)
+
+-------------------------------------------------------------------
+Thu Sep 22 22:12:39 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 105.0.1
+ * Reverted focus behavior for new windows back to the content
+ area instead of the address bar (bmo#1784692)
+- added mozilla-i686-build.patch to avoid using avx2
+
+-------------------------------------------------------------------
+Sat Sep 17 21:01:10 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 105.0
+ https://www.mozilla.org/en-US/firefox/105.0/releasenotes
+ MFSA 2022-40 (bsc#1203477)
+ * CVE-2022-40959 (bmo#1782211)
+ Bypassing FeaturePolicy restrictions on transient pages
+ * CVE-2022-40960 (bmo#1787633)
+ Data-race when parsing non-UTF-8 URLs in threads
+ * CVE-2022-40958 (bmo#1779993)
+ Bypassing Secure Context restriction for cookies with __Host
+ and __Secure prefix
+ * CVE-2022-40961 (bmo#1784588)
+ Stack-buffer overflow when initializing Graphics
+ * CVE-2022-40956 (bmo#1770094)
+ Content-Security-Policy base-uri bypass
+ * CVE-2022-40957 (bmo#1777604)
+ Incoherent instruction cache when building WASM on ARM64
+ * CVE-2022-40962 (bmo#1767360, bmo#1776655, bmo#1777574,
+ bmo#1784835, bmo#1785109, bmo#1786502, bmo#1789440)
+ Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3
+- requires
+ NSS 3.82
+ Rust 1.63 (1.61)
+- removed obsolete mozilla-glibc236.patch
+
+-------------------------------------------------------------------
+Fri Sep 9 05:59:03 UTC 2022 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Adjust memory requirements to fix build on aarch64
+
+-------------------------------------------------------------------
+Wed Sep 7 06:50:24 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 104.0.2 (boo#1203177)
+ https://www.mozilla.org/en-US/firefox/104.0.2/releasenotes/
+ * Fixed a bug making it impossible to use touch or a stylus to
+ drag the scrollbar on pages (bmo#1787361)
+ * Fixed an issue causing some users to crash in out-of-memory
+ conditions (bmo#1774155)
+ * Fixed an issue that would sometimes affect video & audio playback
+ when loaded via a cross-origin iframe src attribute (bmo#1781759)
+ * Fixed an issue that would sometimes affect video & audio playback
+ when served with Content-Security-Policy: sandbox (bmo#1781063)
+
+-------------------------------------------------------------------
+Thu Sep 1 07:04:11 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 104.0.1
+ * Addresses an issue with Youtube video playback that was
+ affecting some users (boo#1203003)
+
+-------------------------------------------------------------------
+Sun Aug 21 11:12:14 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 104.0
+ * https://www.mozilla.org/en-US/firefox/104.0/releasenotes
+ MFSA 2022-33 (bsc#1202645)
+ * CVE-2022-38472 (bmo#1769155)
+ Address bar spoofing via XSLT error handling
+ * CVE-2022-38473 (bmo#1771685)
+ Cross-origin XSLT Documents would have inherited the parent's
+ permissions
+ * CVE-2022-38474 (bmo#1719511)
+ Recording notification not shown when microphone was
+ recording on Android
+ * CVE-2022-38475 (bmo#1773266)
+ Attacker could write a value to a zero-length array
+ * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
+ Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
+ * CVE-2022-38478 (bmo#1770630, bmo#1776658)
+ Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
+ and Firefox ESR 91.13
+- requires
+ NSPR 4.34.1
+ NSS 3.81
+ rust 1.62
+
+-------------------------------------------------------------------
+Sat Aug 13 06:25:20 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- added mozilla-glibc236.patch (bmo#1782988, boo#1202323)
+
+-------------------------------------------------------------------
+Tue Aug 9 08:46:29 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 103.0.2
+ * Fixed menu shortcuts for users of the JAWS screen reader
+ * Fixed an occasional non-overridable certificate error when
+ accessing device configuration pages
+
+-------------------------------------------------------------------
+Tue Aug 2 08:05:28 UTC 2022 - Andreas Schwab <schwab@suse.de>
+
+- The --disable-elf-hack option only exists on ARM and X86
+
+-------------------------------------------------------------------
+Mon Aug 1 10:45:16 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 103.0.1
+ * Enabled hardware acceleration on newer AMD cards.
+ * Fixed a crash on Firefox shutdown caused by a bug in the
+ audio manager
+
+-------------------------------------------------------------------
+Wed Jul 27 07:13:07 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 103.0
+ https://www.mozilla.org/en-US/firefox/103.0/releasenotes
+ MFSA 2022-28 (bsc#1201758)
+ * CVE-2022-36319 (bmo#1737722)
+ Mouse Position spoofing with CSS transforms
+ * CVE-2022-36317 (bmo#1759951)
+ Long URL would hang Firefox for Android
+ * CVE-2022-36318 (bmo#1771774)
+ Directory indexes for bundled resources reflected URL
+ parameters
+ * CVE-2022-36314 (bmo#1773894)
+ Opening local <code>.lnk</code> files could cause unexpected
+ network loads
+ * CVE-2022-36315 (bmo#1762520)
+ Preload Cache Bypasses Subresource Integrity
+ * CVE-2022-36316 (bmo#1768583)
+ Performance API leaked whether a cross-site resource is
+ redirecting
+ * CVE-2022-36320 (bmo#1759794, bmo#1760998)
+ Memory safety bugs fixed in Firefox 103
+ * CVE-2022-2505 (bmo#1769739, bmo#1772824)
+ Memory safety bugs fixed in Firefox 103 and 102.1
+- requires
+ NSS >= 3.80
+ rust = 1.61
+ rust-cbindgen >= 0.24.3
+
+-------------------------------------------------------------------
+Wed Jul 13 07:54:21 UTC 2022 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Move %limit_build set before mozilla config to actually set the
+ value of %jobs to MOZ_MAKE_FLAGS to fix build on aarch64
+
+-------------------------------------------------------------------
+Wed Jul 6 18:35:47 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Firefox 102.0.1:
+ * Fixed: Fixed bookmarks sidebar flashing white when opened in
+ dark mode (bmo#1776157)
+ * Fixed: Fixed multilingual spell checking not working with
+ content in both English and a non-Latin alphabet
+ (bmo#1773802)
+ * Fixed: Developer tools: Fixed an issue where the console
+ output keep getting scrolled to the bottom when the last
+ visible message is an evaluation result (bmo#1776262)
+ * Fixed: Fixed *Delete cookies and site data when Firefox is
+ closed* checkbox getting disabled on startup (bmo#1777419)
+ * Fixed: Various stability fixes
+
+-------------------------------------------------------------------
+Sat Jun 25 12:51:46 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Firefox 102.0
+ * You can now disable automatic opening of the download panel
+ every time a new download starts
+ * Firefox now mitigates query parameter tracking when navigating
+ sites in ETP strict mode
+ * Improved security by moving audio decoding into a separate
+ process with stricter sandboxing, thus improving process isolation
+ * https://www.mozilla.org/en-US/firefox/102.0/releasenotes
+ MFSA 2022-24 (bsc#1200793)
+ * CVE-2022-34479 (bmo#1745595)
+ A popup window could be resized in a way to overlay the
+ address bar with web content
+ * CVE-2022-34470 (bmo#1765951)
+ Use-after-free in nsSHistory
+ * CVE-2022-34468 (bmo#1768537)
+ CSP sandbox header without `allow-scripts` can be bypassed
+ via retargeted javascript: URI
+ * CVE-2022-34482 (bmo#845880)
+ Drag and drop of malicious image could have led to malicious
+ executable and potential code execution
+ * CVE-2022-34483 (bmo#1335845)
+ Drag and drop of malicious image could have led to malicious
+ executable and potential code execution
+ * CVE-2022-34476 (bmo#1387919)
+ ASN.1 parser could have been tricked into accepting malformed ASN.1
+ * CVE-2022-34481 (bmo#1483699, bmo#1497246)
+ Potential integer overflow in ReplaceElementsAt
+ * CVE-2022-34474 (bmo#1677138)
+ Sandboxed iframes could redirect to external schemes
+ * CVE-2022-34469 (bmo#1721220)
+ TLS certificate errors on HSTS-protected domains could be
+ bypassed by the user on Firefox for Android
+ * CVE-2022-34471 (bmo#1766047)
+ Compromised server could trick a browser into an addon downgrade
+ * CVE-2022-34472 (bmo#1770123)
+ Unavailable PAC file resulted in OCSP requests being blocked
+ * CVE-2022-34478 (bmo#1773717)
+ Microsoft protocols can be attacked if a user accepts a prompt
+ * CVE-2022-2200 (bmo#1771381)
+ Undesired attributes could be set as part of prototype pollution
+ * CVE-2022-34480 (bmo#1454072)
+ Free of uninitialized pointer in lg_init
+ * CVE-2022-34477 (bmo#1731614)
+ MediaError message property leaked information on cross-
+ origin same-site pages
+ * CVE-2022-34475 (bmo#1757210)
+ HTML Sanitizer could have been bypassed via same-origin
+ script via use tags
+ * CVE-2022-34473 (bmo#1770888)
+ HTML Sanitizer could have been bypassed via use tags
+ * CVE-2022-34484 (bmo#1763634, bmo#1772651)
+ Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
+ * CVE-2022-34485 (bmo#1768409, bmo#1768578)
+ Memory safety bugs fixed in Firefox 102
+- requires
+ NSPR >= 4.34
+ NSS >= 3.79
+ rust = 1.60
+- switch out skia-patches with webrender-patches for big endian
+ removed:
+ * mozilla-bmo1504834-part2.patch
+ * mozilla-bmo1504834-part4.patch
+ * mozilla-bmo1626236.patch
+ added:
+ * one_swizzle_to_rule_them_all.patch
+ * svg-rendering.patch
+- add some more returns to the no-return-patch
+
+-------------------------------------------------------------------
+Fri Jun 10 20:45:37 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 101.0.1:
+ * Fixed context menus not appearing when right-clicking
+ Picture-in-Picture windows on some Linux systems (bmo#1771914)
+ * Various stability fixes
+
+-------------------------------------------------------------------
+Sun May 29 08:02:45 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 101.0
+ * Reading is now easier with the prefers-contrast media query,
+ which allows sites to detect if the user has requested that web
+ content is presented with a higher (or lower) contrast
+ * All non-configured MIME types can now be assigned a custom
+ action upon download completion
+ * allows users to use as many microphones as you want, at the
+ same time, during video conferencing. The most exciting benefit
+ is that you can easily switch your microphones at any time
+ (if your conferencing service provider enables this flexibility)
+ MFSA 2022-20 (bsc#1200027)
+ * CVE-2022-31736 (bmo#1735923)
+ Cross-Origin resource's length leaked
+ * CVE-2022-31737 (bmo#1743767)
+ Heap buffer overflow in WebGL
+ * CVE-2022-31738 (bmo#1756388)
+ Browser window spoof using fullscreen mode
+ * CVE-2022-31739 (bmo#1765049)
+ Attacker-influenced path traversal when saving downloaded files
+ * CVE-2022-31740 (bmo#1766806)
+ Register allocation problem in WASM on arm64
+ * CVE-2022-31741 (bmo#1767590)
+ Uninitialized variable leads to invalid memory read
+ * CVE-2022-31742 (bmo#1730434)
+ Querying a WebAuthn token with a large number of allowCredential
+ entries may have leaked cross-origin information
+ * CVE-2022-31743 (bmo#1747388)
+ HTML Parsing incorrectly ended HTML comments prematurely
+ * CVE-2022-31744 (bmo#1757604)
+ CSP bypass enabling stylesheet injection
+ * CVE-2022-31745 (bmo#1760944)
+ Incorrect Assertion caused by unoptimized array shift operations
+ * CVE-2022-1919 (bmo#1761275)
+ Memory Corruption when manipulating webp images
+ * CVE-2022-31747 (bmo#1760765, bmo#1765610, bmo#1766283,
+ bmo#1767365, bmo#1768559, bmo#1768734)
+ Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10
+ * CVE-2022-31748 (bmo#1713773, bmo#1762201, bmo#1762469,
+ bmo#1762770, bmo#1764878, bmo#1765226, bmo#1765782, bmo#1765973,
+ bmo#1767177, bmo#1767181, bmo#1768232, bmo#1768251, bmo#1769869)
+ Memory safety bugs fixed in Firefox 101
+- requires
+ * NSS 3.78.1
+ * rust-cbindgen 0.23.0
+ * rust 1.59
+
+-------------------------------------------------------------------
+Fri May 20 15:03:50 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 100.0.2
+ MFSA 2022-19 (bsc#1199768)
+ * CVE-2022-1802 (bmo#1770137)
+ Prototype pollution in Top-Level Await implementation
+ * CVE-2022-1529 (bmo#1770048)
+ Untrusted input used in JavaScript object indexing, leading
+ to prototype pollution
+
+-------------------------------------------------------------------
+Wed May 18 20:27:49 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 100.0.1:
+ * Fixed: Fixed an issue with subtitles in Picture-in-Picture
+ mode while using Netflix (bmo#1768818)
+ * Fixed: Fixed an issue where some commands were unavailable in
+ the Picture-in-Picture window (bmo#1768201)
+
+-------------------------------------------------------------------
+Sun May 1 21:31:01 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 100.0
+ * subtitle support in PiP
+ * spell checking supports multiple languages in parallel
+ * more details here
+ https://www.mozilla.org/en-US/firefox/100.0/releasenotes
+ MFSA 2022-16 (boo#1198970)
+ * CVE-2022-29914 (bmo#1746448)
+ Fullscreen notification bypass using popups
+ * CVE-2022-29909 (bmo#1755081)
+ Bypassing permission prompt in nested browsing contexts
+ * CVE-2022-29916 (bmo#1760674)
+ Leaking browser history with CSS variables
+ * CVE-2022-29911 (bmo#1761981)
+ iframe Sandbox bypass
+ * CVE-2022-29912 (bmo#1692655)
+ Reader mode bypassed SameSite cookies
+ * CVE-2022-29910 (bmo#1757138)
+ Firefox for Android forgot HTTP Strict Transport Security
+ settings
+ * CVE-2022-29915 (bmo#1751678)
+ Leaking cross-origin redirect through the Performance API
+ * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298,
+ bmo#1762614, bmo#1762620, bmo#1764778)
+ Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
+ * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535,
+ bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477,
+ bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771)
+ Memory safety bugs fixed in Firefox 100
+- requires NSS 3.77
+
+-------------------------------------------------------------------
+Tue Apr 12 19:30:30 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 99.0.1
+ * Fixed an issue with text rendering in Bengali (bmo#1763368)
+ * Fixed a selection issue in the Download panel with drag and
+ drop (bmo#1762723)
+ * Fixed: Fixed an issue preventing Zoom gallery mode for users
+ who go to zoom.us URLs instead of subdomain.zoom.us URLs
+ (bmo#1763801)
+
+-------------------------------------------------------------------
+Mon Apr 4 07:34:36 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 99.0
+ * You can now toggle Narrate in ReaderMode with the keyboard
+ shortcut "n."
+ * You can find added support for search—with or without
+ diacritics—in the PDF viewer.
+ * The Linux sandbox has been strengthened: processes exposed to web
+ content no longer have access to the X Window system (X11).
+ * Firefox now supports credit card autofill and capture in
+ Germany and France.
+ MFSA 2022-13 (bsc#1197903)
+ * CVE-2022-1097 (bmo#1745667)
+ Use-after-free in NSSToken objects
+ * CVE-2022-28281 (bmo#1755621)
+ Out of bounds write due to unexpected WebAuthN Extensions
+ * CVE-2022-28282 (bmo#1751609)
+ Use-after-free in DocumentL10n::TranslateDocument
+ * CVE-2022-28283 (bmo#1754066)
+ Missing security checks for fetching sourceMapURL
+ * CVE-2022-28284 (bmo#1754522)
+ Script could be executed via svg's use element
+ * CVE-2022-28285 (bmo#1756957)
+ Incorrect AliasSet used in JIT Codegen
+ * CVE-2022-28286 (bmo#1735265)
+ iframe contents could be rendered outside the border
+ * CVE-2022-28287 (bmo#1741515)
+ Text Selection could crash Firefox
+ * CVE-2022-24713 (bmo#1758509)
+ Denial of Service via complex regular expressions
+ * CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508,
+ bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776)
+ Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
+ * CVE-2022-28288 (bmo#1746415, bmo#1746495, bmo#1746500,
+ bmo#1747282, bmo#1748759, bmo#1749056, bmo#1749786,
+ bmo#1751679, bmo#1752120, bmo#1756010, bmo#1756017,
+ bmo#1757213, bmo#1757258, bmo#1757427)
+ Memory safety bugs fixed in Firefox 99
+- requires NSS >= 3.76.1
+- remove obsolete patch
+ * mozilla-bmo1756347.patch
+ * mozilla-bmo1757571.patch
+- update create-tar.sh
+
+-------------------------------------------------------------------
+Thu Mar 24 21:49:57 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- MozillaFirefox 98.0.2:
+ * Fixed: Fixed an issue preventing users from typing in Address
+ Bar after opening new tab and pressing cmd + enter
+ (bmo#1757376)
+ * Fixed: Fixed an issue causing some users to crash in out-of-
+ memory conditions (bmo#1757618)
+ * Fixed: Fixed an issue in session history which caused some
+ sites to fail to load (bmo#1758664)
+ * Fixed: Fixed an add-on specific compatibility issue
+ (bmo#1759162)
+
+-------------------------------------------------------------------
+Wed Mar 23 15:14:22 UTC 2022 - Simon Vogl <simon.vogl@gmx.net>
+
+- Change mozilla-kde.patch to follow the GNOME registry
+ behavior for new MIME types to avoid opening downloaded files
+ without any inquiries (bsc#1197319)
+
+-------------------------------------------------------------------
+Tue Mar 22 12:22:51 UTC 2022 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Add patch to fix start-up on aarch64:
+ * mozilla-bmo1757571.patch
+
+-------------------------------------------------------------------
+Thu Mar 17 14:52:39 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- exclude slow cpus for building
+
+-------------------------------------------------------------------
+Thu Mar 17 09:18:01 UTC 2022 - Martin Sirringhaus <martin.sirringhaus@suse.com>
+
+- Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer,
+ faster buildhosts, as the others struggle to build FF.
+
+-------------------------------------------------------------------
+Mon Mar 14 22:48:42 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 98.0.1:
+ * Yandex and Mail.ru have been removed as optional search
+ providers in the drop-down search menu in Firefox
+
+-------------------------------------------------------------------
+Tue Mar 8 10:27:16 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 98.0
+ * Firefox has a new optimized download flow
+ * other changes as documented here
+ https://www.mozilla.org/en-US/firefox/98.0/releasenotes
+ MFSA 2022-10 (bsc#1196900)
+ * CVE-2022-26383 (bmo#1742421)
+ Browser window spoof using fullscreen mode
+ * CVE-2022-26384 (bmo#1744352)
+ iframe allow-scripts sandbox bypass
+ * CVE-2022-26387 (bmo#1752979)
+ Time-of-check time-of-use bug when verifying add-on signatures
+ * CVE-2022-26381 (bmo#1736243)
+ Use-after-free in text reflows
+ * CVE-2022-26382 (bmo#1741888)
+ Autofill Text could be exfiltrated via side-channel attacks
+ * CVE-2022-26385 (bmo#1747526)
+ Use-after-free in thread shutdown
+ * CVE-2022-0843 (bmo#1746523, bmo#1749062, bmo#1749164, bmo#1749214,
+ bmo#1749610, bmo#1750032, bmo#1752100, bmo#1752405, bmo#1753612,
+ bmo#1754508)
+ Memory safety bugs fixed in Firefox 98
+- requires NSS 3.75
+- add mozilla-bmo1756347.patch to fix i586 build
+
+-------------------------------------------------------------------
+Fri Feb 18 20:38:22 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 97.0.1
+ * Fixed: Fixed an issue where TikTok videos would fail to load
+ when selected from a user's profile page (bmo#1750973)
+ * Fixed: Fixed an issue which led to Picture-in-Picture mode
+ being unable to be toggled on Hulu (bmo#1753401)
+ * Fixed: Works around problems with WebRoot SecureAnywhere
+ antivirus rendering Firefox unusable in some situations
+ (bmo#1752466)
+ * Fixed: Fixed an issue causing users to see the Restore
+ Session screen unexpectedly when starting Firefox
+ (bmo#1749996)
+
+-------------------------------------------------------------------
+Mon Feb 14 19:31:29 UTC 2022 - Luciano Santos <luc14n0@opensuse.org>
+
+- Remove bashisms ("source" and "function" keywords) from
+ mozilla.sh.in to ally with the #!/bin/sh shebang. If the end user
+ has either dash-sh package or busybox-sh to handle Bourn Shell
+ scripts rather than having bash-sh package, the script would
+ fail. Using "." instead of "source" and "create_langpack_link()"
+ function definition is enough to keep both sides sane,
+ behavior-wise.
+
+-------------------------------------------------------------------
+Tue Feb 8 08:40:45 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 97.0
+ MFSA 2022-04 (bsc#1195682)
+ * CVE-2022-22753 (bmo#1732435)
+ Privilege Escalation to SYSTEM on Windows via Maintenance Service
+ * CVE-2022-22754 (bmo#1750565)
+ Extensions could have bypassed permission confirmation during update
+ * CVE-2022-22755 (bmo#1309630)
+ XSL could have allowed JavaScript execution after a tab was closed
+ * CVE-2022-22756 (bmo#1317873)
+ Drag and dropping an image could have resulted in the dropped
+ object being an executable
+ * CVE-2022-22757 (bmo#1720098)
+ Remote Agent did not prevent local websites from connecting
+ * CVE-2022-22758 (bmo#1728742)
+ tel: links could have sent USSD codes to the dialer on
+ Firefox for Android
+ * CVE-2022-22759 (bmo#1739957)
+ Sandboxed iframes could have executed script if the parent
+ appended elements
+ * CVE-2022-22760 (bmo#1740985, bmo#1748503)
+ Cross-Origin responses could be distinguished between script
+ and non-script content-types
+ * CVE-2022-22761 (bmo#1745566)
+ frame-ancestors Content Security Policy directive was not
+ enforced for framed extension pages
+ * CVE-2022-22762 (bmo#1743931)
+ JavaScript Dialogs could have been displayed over other
+ domains on Firefox for Android
+ * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
+ bmo#1748210, bmo#1748279)
+ Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
+ * CVE-2022-0511 (bmo#1713579, bmo#1735448, bmo#1743821, bmo#1746313,
+ bmo#1746314, bmo#1746316, bmo#1746321, bmo#1746322, bmo#1746323,
+ bmo#1746412, bmo#1746430, bmo#1746451, bmo#1746488, bmo#1746875,
+ bmo#1746898, bmo#1746905, bmo#1746907, bmo#1746917, bmo#1747128,
+ bmo#1747137, bmo#1747331, bmo#1747346, bmo#1747439, bmo#1747457,
+ bmo#1747870, bmo#1749051, bmo#1749274, bmo#1749831)
+ Memory safety bugs fixed in Firefox 97
+- requires NSS 3.74
+- requires rust 1.57
+
+-------------------------------------------------------------------
+Mon Feb 7 22:21:29 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- remove memoryperjob and use %limit instead. this allows to
+ adapt to more worker types, and lowers the time the package
+ is stuck in "scheduling". raising memory above 8 to lower
+ risk for LTO jobs to run OOM
+- add hack to disable -Wl,--gc-section which avoids a binutils
+ segfault on x86
+- change mozilla-reduce-rust-debuginfo.patch: use -g1 everywhere
+
+-------------------------------------------------------------------
+Sun Jan 30 23:58:34 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- disable ccache, this adds about 1 minute of build time and
+ over 2 GB of disk space usage without benefit on OBS builds
+- build with rust-simd like upstream does
+- use -g1 for debuginfo generation as this is what upstream
+ does as well and it saves ~ 2GB of writes
+- use %limit on x86_64 to scale down to less capable workers
+- disable install stripping so that debuginfo is useful
+- use autopatch
+- cleanup constraints to specify only jobs, physicalmemory
+ and memoryperjob to be more flexible on which host to build
+ on
+
+-------------------------------------------------------------------
+Fri Jan 28 15:26:45 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 96.0.3 (bsc#1195230)
+ * Fixed an issue that allowed unexpected data to be submitted in
+ some of our search telemetry (bmo#1752317)
+
+-------------------------------------------------------------------
+Mon Jan 24 07:42:03 UTC 2022 - Martin Liška <mliska@suse.cz>
+
+- Enable -fimplicit-constexpr for GCC 12+.
+
+-------------------------------------------------------------------
+Thu Jan 20 23:21:44 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 96.0.2
+ * Fix an issue that caused tab height to display inconsistently
+ on Linux when audio was played (bmo#1714276)
+ * Fix an issue that caused Lastpass dropdowns to appear blank in
+ Private Browsing mode (bmo#1748158)
+ * Fix a crash encountered when resizing a Facebook app
+ (bmo#1746084)
+
+-------------------------------------------------------------------
+Fri Jan 14 16:56:42 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 96.0.1
+ * Fixed: Improvements to make the parsing of content-length
+ headers more robust (bmo#1749957, boo#1194677)
+
+-------------------------------------------------------------------
+Sat Jan 8 10:32:46 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 96.0
+ * https://www.mozilla.org/en-US/firefox/96.0/releasenotes
+ MFSA 2022-01 (bsc#1194547)
+ * CVE-2022-22746 (bmo#1735071)
+ Calling into reportValidity could have lead to fullscreen
+ window spoof
+ * CVE-2022-22743 (bmo#1739220)
+ Browser window spoof using fullscreen mode
+ * CVE-2022-22742 (bmo#1739923)
+ Out-of-bounds memory access when inserting text in edit mode
+ * CVE-2022-22741 (bmo#1740389)
+ Browser window spoof using fullscreen mode
+ * CVE-2022-22740 (bmo#1742334)
+ Use-after-free of ChannelEventQueue::mOwner
+ * CVE-2022-22738 (bmo#1742382)
+ Heap-buffer-overflow in blendGaussianBlur
+ * CVE-2022-22737 (bmo#1745874)
+ Race condition when playing audio files
+ * CVE-2021-4140 (bmo#1746720)
+ Iframe sandbox bypass with XSLT
+ * CVE-2022-22750 (bmo#1566608)
+ IPC passing of resource handles could have lead to sandbox
+ bypass
+ * CVE-2022-22749 (bmo#1705094)
+ Lack of URL restrictions when scanning QR codes
+ * CVE-2022-22748 (bmo#1705211)
+ Spoofed origin on external protocol launch dialog
+ * CVE-2022-22745 (bmo#1735856)
+ Leaking cross-origin URLs through securitypolicyviolation
+ event
+ * CVE-2022-22744 (bmo#1737252)
+ The 'Copy as curl' feature in DevTools did not fully escape
+ website-controlled data, potentially leading to command
+ injection
+ * CVE-2022-22747 (bmo#1735028)
+ Crash when handling empty pkcs7 sequence
+ * CVE-2022-22736 (bmo#1742692)
+ Potential local privilege escalation when loading modules
+ from the install directory.
+ * CVE-2022-22739 (bmo#1744158)
+ Missing throttling on external protocol launch dialog
+ * CVE-2022-22751 (bmo#1664149, bmo#1737816, bmo#1739366,
+ bmo#1740274, bmo#1740797, bmo#1741201, bmo#1741869,
+ bmo#1743221, bmo#1743515, bmo#1745373, bmo#1746011)
+ Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5
+ * CVE-2022-22752 (bmo#1740534, bmo#1741210, bmo#1742770)
+ Memory safety bugs fixed in Firefox 96
+- removed obsolete patches
+ * mozilla-bmo1745560.patch
+ * mozilla-bmo1744896.patch
+ * mozilla-sandbox-fips.patch
+- requires
+ NSPR >= 4.33
+ NSS >= 3.73.1
+
+-------------------------------------------------------------------
+Tue Dec 28 17:45:28 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Add upstream patches:
+ * mozilla-bmo1745560.patch: Fix build against wayland 1.20.
+ * mozilla-bmo1744896.patch: Create WaylandVsyncSource on window
+ creation
+
+-------------------------------------------------------------------
+Mon Dec 20 21:57:30 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 95.0.2
+ * Addresses frequent crashes experienced by users with C/E/Z-Series
+ "Bobcat" CPUs running on Windows 7, 8, and 8.1.
+- updated constraints for ppc and x86-64
+
+-------------------------------------------------------------------
+Fri Dec 17 13:49:16 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 95.0.1 (bsc#1193845)
+ * Fixed frequent
+ MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error
+ messages when trying to connect to various microsoft.com
+ domains (bmo#1745600)
+ * Fix for a WebRender crash on some Linux/X11 systems (bmo#1741956)
+ * Fix for a frequent Windows shutdown crash (bmo#1738984)
+ * Fix websites contrast issues for some Linux users with
+ Dark mode set at OS level (bmo#1740518)
+
+-------------------------------------------------------------------
+Sat Dec 4 12:07:21 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 95.0
+ * You can now move the Picture-in-Picture toggle button to the
+ opposite side of the video. Simply look for the new context menu
+ option Move Picture-in-Picture Toggle to Left (Right) Side.
+ * To better protect Firefox users against side-channel attacks such
+ as Spectre, Site Isolation is now enabled for all Firefox 95 users.
+ * https://www.mozilla.org/en-US/firefox/95.0/releasenotes
+ MFSA 2021-52 (bsc#1193485)
+ * CVE-2021-43536 (bmo#1730120)
+ URL leakage when navigating while executing asynchronous
+ function
+ * CVE-2021-43537 (bmo#1738237)
+ Heap buffer overflow when using structured clone
+ * CVE-2021-43538 (bmo#1739091)
+ Missing fullscreen and pointer lock notification when
+ requesting both
+ * CVE-2021-43539 (bmo#1739683)
+ GC rooting failure when calling wasm instance methods
+ * MOZ-2021-0010 (bmo#1735852)
+ Use-after-free in fullscreen objects on MacOS
+ * CVE-2021-43540 (bmo#1636629)
+ WebExtensions could have installed persistent ServiceWorkers
+ * CVE-2021-43541 (bmo#1696685)
+ External protocol handler parameters were unescaped
+ * CVE-2021-43542 (bmo#1723281)
+ XMLHttpRequest error codes could have leaked the existence of
+ an external protocol handler
+ * CVE-2021-43543 (bmo#1738418)
+ Bypass of CSP sandbox directive when embedding
+ * CVE-2021-43544 (bmo#1739934)
+ Receiving a malicious URL as text through a SEND intent could
+ have led to XSS
+ * CVE-2021-43545 (bmo#1720926)
+ Denial of Service when using the Location API in a loop
+ * CVE-2021-43546 (bmo#1737751)
+ Cursor spoofing could overlay user interface when native
+ cursor is zoomed
+ * MOZ-2021-0009 (bmo#1393362, bmo#1736046, bmo#1736751,
+ bmo#1737009, bmo#1739372, bmo#1739421)
+ Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
+- requires
+ NSS >= 3.72
+
+-------------------------------------------------------------------
+Thu Dec 2 20:32:42 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- remove x-scheme-handler/ftp from firefox.desktop boo#1193321
+
+-------------------------------------------------------------------
+Thu Nov 25 20:21:07 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Drop unused libidl-devel BuildRequires.
+
+-------------------------------------------------------------------
+Tue Nov 23 22:00:38 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 94.0.2:
+ * Update preference design for Firefox Suggest for improved clarity
+ * Resolved general instability/crashes on Linux caused by a file
+ descriptor leak when backgrounding tabs using WebGL
+ (bmo#1741997)
+
+-------------------------------------------------------------------
+Fri Nov 5 18:02:48 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 94.0.1:
+ * fixes for other platforms
+
+-------------------------------------------------------------------
+Sat Oct 30 07:52:22 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 94.0
+ * https://www.mozilla.org/en-US/firefox/94.0/releasenotes
+ MFSA 2021-48 (bsc#1192250)
+ * CVE-2021-38503 (bmo#1729517)
+ iframe sandbox rules did not apply to XSLT stylesheets
+ * CVE-2021-38504 (bmo#1730156)
+ Use-after-free in file picker dialog
+ * CVE-2021-38505 (bmo#1730194)
+ Windows 10 Cloud Clipboard may have recorded sensitive user data
+ * CVE-2021-38506 (bmo#1730750)
+ Firefox could be coaxed into going into fullscreen mode
+ without notification or warning
+ * CVE-2021-38507 (bmo#1730935)
+ Opportunistic Encryption in HTTP2 could be used to bypass the
+ Same-Origin-Policy on services hosted on other ports
+ * MOZ-2021-0003 (bmo#1736886)
+ Universal XSS in Firefox for Android via QR Code URLs
+ * CVE-2021-38508 (bmo#1366818)
+ Permission Prompt could be overlaid, resulting in user
+ confusion and potential spoofing
+ * MOZ-2021-0004 (bmo#1659155)
+ Web Extensions could access pre-redirect URL when their
+ context menu was triggered by a user
+ * CVE-2021-38509 (bmo#1718571)
+ Javascript alert box could have been spoofed onto an
+ arbitrary domain
+ * CVE-2021-38510 (bmo#1731779)
+ Download Protections were bypassed by .inetloc files on Mac OS
+ * MOZ-2021-0005 (bmo#1719203)
+ 'Copy Image Link' context menu action could have been abused
+ to see authentication tokens
+ * MOZ-2021-0006 (bmo#1724233)
+ URL Parsing may incorrectly parse internationalized domains
+ * MOZ-2021-0007 (bmo#1606864, bmo#1712671, bmo#1730048, bmo#1735152)
+ Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
+- removed obsolete patches
+ * mozilla-bmo1602730.patch
+ * mozilla-bmo1725828.patch
+ * mozilla-bmo1729124.patch
+- requires
+ NSS >= 3.71
+ rust >= 1.53
+- fix Plasma detection (boo#1191825)
+- fix Link error "undefined hidden symbol:"
+ https://github.com/openSUSE/firefox-maintenance/issues/37
+
+-------------------------------------------------------------------
+Tue Oct 26 19:48:24 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Drop unused pkgconfig(gdk-x11-2.0) BuildRequires
+- (re-)enable LTO on Tumbleweed
+
+-------------------------------------------------------------------
+Wed Oct 20 06:49:52 UTC 2021 - Martin Sirringhaus <martin.sirringhaus@suse.com>
+
+- Rebase mozilla-sandbox-fips.patch to punch another hole in the
+ sandbox containment, to be able to open /proc/sys/crypto/fips_enabled
+ from within the newly introduced socket process sandbox.
+ This fixes bsc#1191815 and bsc#1190141
+
+-------------------------------------------------------------------
+Mon Oct 18 12:44:44 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Add patch to fix build on aarch64 (bmo#1729124)
+ * mozilla-bmo1729124.patch
+
+-------------------------------------------------------------------
+Fri Oct 1 18:33:33 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 93.0
+ * supports the new AVIF image format
+ * PDF viewer now supports filling more forms (XFA-based forms)
+ * now blocks downloads that rely on insecure connections,
+ protecting against potentially malicious or unsafe downloads
+ * Improved web compatibility for privacy protections with SmartBlock 3.0
+ * Introducing a new referrer tracking protection in Strict Tracking
+ Protection and Private Browsing
+ * TLS ciphersuites that use 3DES have been disabled. Such
+ ciphersuites can only be enabled when deprecated versions of
+ TLS are also enabled
+ * The download panel now follows the Firefox visual styles
+ MFSA 2021-43 (bsc#1191332)
+ * CVE-2021-38496 (bmo#1725335)
+ Use-after-free in MessageTask
+ * CVE-2021-38497 (bmo#1726621)
+ Validation message could have been overlaid on another origin
+ * CVE-2021-38498 (bmo#1729642)
+ Use-after-free of nsLanguageAtomService object
+ * CVE-2021-32810 (bmo#1729813)
+ https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
+ Data race in crossbeam-deque
+ * CVE-2021-38500 (bmo#1725854, bmo#1728321)
+ Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
+ and Firefox ESR 91.2
+ * CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
+ Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
+ * CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
+ Memory safety bugs fixed in Firefox 93
+- removed obsolete mozilla-bmo1708709.patch
+- require NSS >= 3.70
+- allow to override wayland detection by defining MOZ_ENABLE_WAYLAND
+ explicitely as 0 or 1
+- fix aarch64 build by updating constraints
+- add mozilla-bmo1725828.patch to fix widevine (bsc#1190842)
+- add mozilla-bmo531915.patch to fix build for i586
+
+-------------------------------------------------------------------
+Sat Sep 25 10:10:56 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 92.0.1
+ * Fixed: Fixes an issue where audio playback was not working on
+ some Linux systems (bmo#1730499)
+ * Fixed: Fixes issues with the findbar close button on
+ different operating systems (bmo#1728368)
+
+-------------------------------------------------------------------
+Mon Sep 6 10:16:28 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 92.0
+ * More secure connections: Firefox can now automatically upgrade to
+ HTTPS using HTTPS RR as Alt-Svc headers
+ * Full-range color levels are now supported for video playback on
+ many systems
+ MFSA 2021-38 (bsc#1190269)
+ * CVE-2021-29993 (bmo#1708544, bmo#1708767, bmo#1712240,
+ bmo#1712242, bmo#1729259)
+ Handling custom intents could lead to crashes and UI spoofs
+ * CVE-2021-38491 (bmo#1551886)
+ Mixed-Content-Blocking was unable to check opaque origins
+ * CVE-2021-38492 (bmo#1721107)
+ Navigating to `mk:` URL scheme could load Internet Explorer
+ * CVE-2021-38493 (bmo#1723391, bmo#1724101, bmo#1724107)
+ Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and
+ Firefox ESR 91.1
+ * CVE-2021-38494 (bmo#1723920, bmo#1725638)
+ Memory safety bugs fixed in Firefox 92
+- updated appdata
+- remove mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
+ (does not apply anymore; unclear if obsolete)
+- bring back mozilla-silence-no-return-type.patch and
+ run post-build-checks everywhere again
+- requires NSS 3.69.1
+
+-------------------------------------------------------------------
+Tue Aug 31 00:33:39 UTC 2021 - Atri Bhattacharya <badshah400@gmail.com>
+
+- Add mozilla-bmo1708709.patch: On [wayland] popup can be wrongly
+ repositioned due to rounding errors when font scaling != 1
+ (bmo#1708709); patch taken from upstream bug report and rebased
+ to apply cleanly against current version.
+
+-------------------------------------------------------------------
+Sun Aug 29 14:45:29 UTC 2021 - Martin Liška <mliska@suse.cz>
+
+- Bump using with GCC (tested locally).
+
+-------------------------------------------------------------------
+Fri Aug 27 22:47:48 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 91.0.2:
+ * Fixed: Firefox no longer clears authentication data when
+ purging trackers, to avoid repeatedly prompting for a
+ password (bmo#1721084)
+
+-------------------------------------------------------------------
+Wed Aug 18 06:34:01 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 91.0.1
+ * Fixed an issue causing buttons on the tab bar to be resized when
+ loading certain websites (bmo#1704404)
+ * Fixed an issue which caused tabs from private windows to be
+ visible in non-private windows when viewing switch-to-tab results
+ in the address bar panel (bmo#1720369)
+ * Various stability fixes
+ MFSA 2021-37 (bsc#1189547)
+ * CVE-2021-29991 (bmo#1724896)
+ Header Splitting possible with HTTP/3 Responses
+
+-------------------------------------------------------------------
+Mon Aug 9 14:55:22 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 91.0
+ MFSA 2021-33 (bsc#1188891)
+ * CVE-2021-29986 (bmo#1696138)
+ Race condition when resolving DNS names could have led to
+ memory corruption
+ * CVE-2021-29981 (bmo#1707774)
+ Live range splitting could have led to conflicting
+ assignments in the JIT
+ * CVE-2021-29988 (bmo#1717922)
+ Memory corruption as a result of incorrect style treatment
+ * CVE-2021-29983 (bmo#1719088)
+ Firefox for Android could get stuck in fullscreen mode
+ * CVE-2021-29984 (bmo#1720031)
+ Incorrect instruction reordering during JIT optimization
+ * CVE-2021-29980 (bmo#1722204)
+ Uninitialized memory in a canvas object could have led to
+ memory corruption
+ * CVE-2021-29987 (bmo#1716129)
+ Users could have been tricked into accepting unwanted
+ permissions on Linux
+ * CVE-2021-29985 (bmo#1722083)
+ Use-after-free media channels
+ * CVE-2021-29982 (bmo#1715318)
+ Single bit data leak due to incorrect JIT optimization and
+ type confusion
+ * CVE-2021-29989 (bmo#1662676, bmo#1666184, bmo#1719178,
+ bmo#1719998, bmo#1720568)
+ Memory safety bugs fixed in Firefox 91 and Firefox ESR 78.13
+ * CVE-2021-29990 (bmo#1544190, bmo#1716481, bmo#1717778,
+ bmo#1719319, bmo#1722073)
+ Memory safety bugs fixed in Firefox 91
+- requires
+ * rustc/cargo >= 1.51
+ * NSPR >= 4.32
+ * NSS >= 3.68
+- force-disable webrender on BE platforms
+
+-------------------------------------------------------------------
+Sat Jul 24 07:15:54 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 90.0.2:
+ * Changed: Updates to support DoH Canada rollout (bmo#1713036)
+ * Fixed: Fixed truncated output when printing (bmo#1720621)
+ * Fixed: Fixed menu styling on some Gtk themes (bmo#1720441,
+ bmo#1720874)
+
+-------------------------------------------------------------------
+Mon Jul 19 20:08:56 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 90.0.1 (boo#1188480):
+ * Fixed: Fixed busy looping processing some HTTP3 responses
+ (bmo#1720079)
+ * Fixed: Fixed transient errors authenticating with some smart
+ cards (bmo#1715325)
+ * Fixed: Fixed a rare crash on shutdown (bmo#1707057)
+ * Fixed: Fixed a race on startup that caused about:support to
+ end up empty after upgrade (bmo#1717894, boo#1188330)
+
+-------------------------------------------------------------------
+Sun Jul 11 08:53:02 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 90.0
+ MFSA 2021-28 (bsc#1188275)
+ * CVE-2021-29970 (bmo#1709976)
+ Use-after-free in accessibility features of a document
+ * CVE-2021-29971 (bmo#1713638)
+ Granted permissions only compared host; omitting scheme and
+ port on Android
+ * CVE-2021-30547 (bmo#1715766)
+ Out of bounds write in ANGLE
+ * CVE-2021-29972 (bmo#1696816)
+ Use of out-of-date library included use-after-free
+ vulnerability
+ * CVE-2021-29973 (bmo#1701932)
+ Password autofill on HTTP websites was enabled without user
+ interaction on Android
+ * CVE-2021-29974 (bmo#1704843)
+ HSTS errors could be overridden when network partitioning was
+ enabled
+ * CVE-2021-29975 (bmo#1713259)
+ Text message could be overlaid on top of another website
+ * CVE-2021-29976 (bmo#1700895, bmo#1703334, bmo#1706910,
+ bmo#1711576, bmo#1714391)
+ Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
+ * CVE-2021-29977 (bmo#1665836, bmo#1686138, bmo#1704316,
+ bmo#1706314, bmo#1709931, bmo#1712084, bmo#1712357,
+ bmo#1714066)
+ Memory safety bugs fixed in Firefox 90
+- requires
+ NSPR 4.31
+ NSS 3.66
+- Gtk2 support removed (was only for Flash plugin before)
+
+-------------------------------------------------------------------
+Wed Jun 23 16:54:20 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 89.0.2 (boo#1187648):
+ * Fix occasional hangs with Software WebRender on Linux (bmo#1708224)
+
+-------------------------------------------------------------------
+Sat Jun 19 09:00:20 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 89.0.1 (boo#1187475):
+ * Updated translations, including full Spanish (Mexico)
+ localization and other improvements (bmo#1714946)
+ * Fix various font related regressions (bmo#1694174)
+ * Linux: Fix performance and stability regressions with
+ WebRender (bmo#1715895, bmo#1715902)
+ * Enterprise: Fix for the `DisableDeveloperTools` policy not
+ having effect anymore (bmo#1715777)
+ * Linux: Fix broken scrollbars on some GTK themes (bmo#1714103)
+ * Various stability fixes
+
+-------------------------------------------------------------------
+Sat May 29 20:55:56 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 89.0
+ * UI redesign
+ * The Event Timing API is now supported
+ * The CSS forced-colors media query is now supported
+ MFSA 2021-23 (bsc#1186696)
+ * CVE-2021-29965 (bmo#1709257)
+ Password Manager on Firefox for Android susceptible to domain
+ spoofing
+ * CVE-2021-29960 (bmo#1675965)
+ Filenames printed from private browsing mode incorrectly
+ retained in preferences
+ * CVE-2021-29961 (bmo#1700235)
+ Firefox UI spoof using `<select>` elements and CSS scaling
+ * CVE-2021-29963 (bmo#1705068)
+ Shared cookies for search suggestions in private browsing mode
+ * CVE-2021-29964 (bmo#1706501)
+ Out of bounds-read when parsing a `WM_COPYDATA` message
+ * CVE-2021-29959 (bmo#1395819)
+ Devices could be re-enabled without additional permission prompt
+ * CVE-2021-29962 (bmo#1701673)
+ No rate-limiting for popups on Firefox for Android
+ * CVE-2021-29967 (bmo#1602862, bmo#1703191, bmo#1703760,
+ bmo#1704722, bmo#1706041)
+ Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11
+ * CVE-2021-29966 (bmo#1660307, bmo#1686154, bmo#1702948, bmo#1708124)
+ Memory safety bugs fixed in Firefox 89
+- require
+ NSS >= 3.64
+ rust-cbindgen >= 0.19.0
+- do not rely on nodejs10 packagename anymore
+- updated mozilla.keyring
+- switched TW/x86_64 to clang as the last platform due to
+ https://bugs.gentoo.org/792705
+- but LTO with clang is broken in TW so disable LTO for it
+ https://bugs.llvm.org/show_bug.cgi?id=47872
+
+-------------------------------------------------------------------
+Thu May 6 13:40:10 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Relax RAM and disk constraints for aarch64
+
+-------------------------------------------------------------------
+Wed May 5 15:13:20 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 88.0.1
+ * Fixed: Resolved an issue caused by a recent Widevine plugin
+ update which prevented some purchased video content from
+ playing correctly (bmo#1705138)
+ * Fixed: Fixed corruption of videos playing on Twitter or
+ WebRTC calls on some Gen6 Intel graphics chipsets
+ (bmo#1708937)
+ * Fixed: Fixed menulists in Preferences being unreadable for
+ users with High Contrast Mode enabled (bmo#1706496)
+ MFSA 2021-20 (bsc#1185633)
+ * CVE-2021-29952 (bmo#1704227)
+ Race condition in Web Render Components
+- devel package: move macros to /usr/lib/rpm/macros.d (boo#1185658)
+
+-------------------------------------------------------------------
+Sun May 2 12:03:26 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- add compatibility for libavcodec58_134
+
+-------------------------------------------------------------------
+Sun Apr 18 09:01:32 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 88.0
+ * New: PDF forms now support JavaScript embedded in PDF files.
+ Some PDF forms use JavaScript for validation and other
+ interactive features
+ * New: Print updates: Margin units are now localized
+ * New: Smooth pinch-zooming using a touchpad is now supported
+ on Linux
+ * New: To protect against cross-site privacy leaks, Firefox now
+ isolates window.name data to the website that created it.
+ Learn more
+ * Changed: Firefox will not prompt for access to your
+ microphone or camera if you’ve already granted access to the
+ same device on the same site in the same tab within the past
+ 50 seconds. This new grace period reduces the number of times
+ you’re prompted to grant device access
+ * Changed: The ‘Take a Screenshot’ feature was removed from the
+ Page Actions menu in the url bar. To take a screenshot,
+ right-click to open the context menu. You can also add a
+ screenshots shortcut directly to your toolbar via the
+ Customize menu. Open the Firefox menu and select Customize…
+ * Changed: FTP support has been disabled, and its full removal
+ is planned for an upcoming release. Addressing this security
+ risk reduces the likelihood of an attack while also removing
+ support for a non-encrypted protocol
+ * Developer: Introduced a new toggle button in the Network
+ panel for switching between JSON formatted HTTP response and
+ raw data (as received over the wire).
+ !enter image description here
+ * Enterprise: Various bug fixes and new policies have been
+ implemented in the latest version of Firefox. You can see
+ more details in the Firefox for Enterprise 88 Release Notes.
+ * Fixed: Screen readers no longer incorrectly read content that
+ websites have visually hidden, as in the case of articles in
+ the Google Help panel
+ MFSA 2021-16 (bsc#1184960)
+ * CVE-2021-23994 (bmo#1699077)
+ Out of bound write due to lazy initialization
+ * CVE-2021-23995 (bmo#1699835)
+ Use-after-free in Responsive Design Mode
+ * CVE-2021-23996 (bmo#1701834)
+ Content rendered outside of webpage viewport
+ * CVE-2021-23997 (bmo#1701942)
+ Use-after-free when freeing fonts from cache
+ * CVE-2021-23998 (bmo#1667456)
+ Secure Lock icon could have been spoofed
+ * CVE-2021-23999 (bmo#1691153)
+ Blob URLs may have been granted additional privileges
+ * CVE-2021-24000 (bmo#1694698)
+ requestPointerLock() could be applied to a tab different from
+ the visible tab
+ * CVE-2021-24001 (bmo#1694727)
+ Testing code could have enabled session history manipulations
+ by a compromised content process
+ * CVE-2021-24002 (bmo#1702374)
+ Arbitrary FTP command execution on FTP servers using an
+ encoded URL
+ * CVE-2021-29945 (bmo#1700690)
+ Incorrect size computation in WebAssembly JIT could lead to
+ null-reads
+ * CVE-2021-29944 (bmo#1697604)
+ HTML injection vulnerability in Firefox for Android's Reader View
+ * CVE-2021-29946 (bmo#1698503)
+ Port blocking could be bypassed
+ * CVE-2021-29947 (bmo#1651449, bmo#1674142, bmo#1693476,
+ bmo#1696886, bmo#1700091)
+ Memory safety bugs fixed in Firefox 88
+- requires
+ * NSPR 4.30
+ * NSS 3.63.1
+- align wayland support logic
+
+-------------------------------------------------------------------
+Sat Mar 27 10:40:46 UTC 2021 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Switch to clang_build globally; just on TW/x86_64 it does not work
+ due to unreolved externals `__rust_probestack' - disable clang_build
+ then.
+- useccache: Add conditionals to enable/disable ccache.
+
+-------------------------------------------------------------------
+Tue Mar 23 16:42:19 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 87.0
+ * requires NSS 3.62
+ * removed obsolete BigEndian ICU build workaround
+ * rebased patches
+ MFSA 2021-10 (bsc#1183942)
+ * CVE-2021-23981 (bmo#1692832)
+ Texture upload into an unbound backing buffer resulted in an
+ out-of-bound read
+ * CVE-2021-23982 (bmo#1677046)
+ Internal network hosts could have been probed by a malicious
+ webpage
+ * CVE-2021-23983 (bmo#1692684)
+ Transitions for invalid ::marker properties resulted in memory
+ corruption
+ * CVE-2021-23984 (bmo#1693664)
+ Malicious extensions could have spoofed popup information
+ * CVE-2021-23985 (bmo#1659129)
+ Devtools remote debugging feature could have been enabled
+ without indication to the user
+ * CVE-2021-23986 (bmo#1692623)
+ A malicious extension could have performed credential-less
+ same origin policy violations
+ * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
+ bmo#1690718)
+ Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
+ * CVE-2021-23988 (bmo#1684994, bmo#1686653)
+ Memory safety bugs fixed in Firefox 87
+
+-------------------------------------------------------------------
+Tue Mar 16 14:26:35 UTC 2021 - Martin Liška <mliska@suse.cz>
+
+- Set memory limits for DWZ to 4x.
+
+-------------------------------------------------------------------
+Sat Mar 13 08:23:06 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 86.0.1
+ * Fixed: Fixed an issue on Apple Silicon machines that caused
+ Firefox to be unresponsive after system sleep (bmo#1682713)
+ * Fixed: Fixed an issue causing windows to gain or lose focus
+ unexpectedly (bmo#1694927)
+ * Fixed: Fixed truncation of date and time widgets due to
+ incorrect width calculation (bmo#1695578)
+ * Fixed: Fixed an issue causing unexpected behavior with
+ extensions managing tab groups (bmo#1694699)
+ * Fixed: Fixed a frequent Linux crash on browser launch
+ (bmo#1694670)
+
+-------------------------------------------------------------------
+Sun Feb 21 18:14:12 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 86.0
+ * requires NSS >= 3.61
+ * requires rust-cbindgen >= 0.16.0
+ * Firefox now supports simultaneously watching multiple videos in
+ Picture-in-Picture.
+ * Total Cookie Protection to Strict Mode
+ * https://www.mozilla.org/en-US/firefox/86.0/releasenotes
+ MSFA 2021-07 (bsc#1182614)
+ * CVE-2021-23969 (bmo#1542194)
+ Content Security Policy violation report could have contained
+ the destination of a redirect
+ * CVE-2021-23970 (bmo#1681724)
+ Multithreaded WASM triggered assertions validating separation
+ of script domains
+ * CVE-2021-23968 (bmo#1687342)
+ Content Security Policy violation report could have contained
+ the destination of a redirect
+ * CVE-2021-23974 (bmo#1528997, bmo#1683627)
+ noscript elements could have led to an HTML Sanitizer bypass
+ * CVE-2021-23971 (bmo#1678545)
+ A website's Referrer-Policy could have been be overridden,
+ potentially resulting in the full URL being sent as a Referrer
+ * CVE-2021-23976 (bmo#1684627)
+ Local spoofing of web manifests for arbitrary pages in
+ Firefox for Android
+ * CVE-2021-23977 (bmo#1684761)
+ Malicious application could read sensitive data from Firefox
+ for Android's application directories
+ * CVE-2021-23972 (bmo#1683536)
+ HTTP Auth phishing warning was omitted when a redirect is
+ cached
+ * CVE-2021-23975 (bmo#1685145)
+ about:memory Measure function caused an incorrect pointer
+ operation
+ * CVE-2021-23973 (bmo#1690976)
+ MediaError message property could have leaked information
+ about cross-origin resources
+ * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, bmo#786797)
+ Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
+ * CVE-2021-23979 (bmo#1663222, bmo#1666607, bmo#1672120, bmo#1678463,
+ bmo#1678927, bmo#1679560, bmo#1681297, bmo#1681684, bmo#1683490,
+ bmo#1684377, bmo#1684902)
+ Memory safety bugs fixed in Firefox 86
+- updated create-tar.sh (bsc#1182357)
+- removed obsolete mozilla-bmo1554971.patch
+- remove buildsymbols subpackage
+ * we haven't done anything with it for years
+ * mozilla is collecting those from our debuginfo packages
+ * would require a local dump_syms tool
+
+-------------------------------------------------------------------
+Wed Feb 17 18:40:41 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 85.0.2
+ * Fixed: Fixed a deadlock during startup (bmo#1679933)
+
+-------------------------------------------------------------------
+Wed Feb 17 11:19:01 UTC 2021 - Michel Normand <normand@linux.vnet.ibm.com>
+
+- Use %limit_build macros for PowerPC to avoid oom build failure
+
+-------------------------------------------------------------------
+Tue Feb 9 09:05:26 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 85.0.1
+ MFSA 2021-06 (bsc#1181848)
+ * MOZ-2021-0001 (bmo#1676636)
+ Buffer overflow in depth pitch calculations for compressed
+ textures
+ * Fixed: Avoid printing an extra blank page at the end of some
+ documents (bmo#1689789).
+ * Fixed: Fixed a browser crash in case of unexpected Cache API
+ state (bmo#1684838).
+
+-------------------------------------------------------------------
+Sun Jan 24 11:53:58 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 85.0
+ * Adobe Flash is completely history
+ * supercookie protection
+ * new bookmark handling and features
+ MFSA 2021-03 (bsc#1181414)
+ * CVE-2021-23953 (bmo#1683940)
+ Cross-origin information leakage via redirected PDF requests
+ * CVE-2021-23954 (bmo#1684020)
+ Type confusion when using logical assignment operators in
+ JavaScript switch statements
+ * CVE-2021-23955 (bmo#1684837)
+ Clickjacking across tabs through misusing requestPointerLock
+ * CVE-2021-23956 (bmo#1338637)
+ File picker dialog could have been used to disclose a
+ complete directory
+ * CVE-2021-23957 (bmo#1584582)
+ Iframe sandbox could have been bypassed on Android via the
+ intent URL scheme
+ * CVE-2021-23958 (bmo#1642747)
+ Screen sharing permission leaked across tabs
+ * CVE-2021-23959 (bmo#1659035)
+ Cross-Site Scripting in error pages on Firefox for Android
+ * CVE-2021-23960 (bmo#1675755)
+ Use-after-poison for incorrectly redeclared JavaScript
+ variables during GC
+ * CVE-2021-23961 (bmo#1677940)
+ More internal network hosts could have been probed by a
+ malicious webpage
+ * CVE-2021-23962 (bmo#1677194)
+ Use-after-poison in
+ <code>nsTreeBodyFrame::RowCountChanged</code>
+ * CVE-2021-23963 (bmo#1680793)
+ Permission prompt inaccessible after asking for additional
+ permissions
+ * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526, bmo#1674278,
+ bmo#1674835, bmo#1675097, bmo#1675844, bmo#1675868, bmo#1677590,
+ bmo#1677888, bmo#1680410, bmo#1681268, bmo#1682068, bmo#1682938,
+ bmo#1683736, bmo#1685260, bmo#1685925)
+ Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
+ * CVE-2021-23965 (bmo#1670378, bmo#1673555, bmo#1676812, bmo#1678582,
+ bmo#1684497)
+ Memory safety bugs fixed in Firefox 85
+- requires NSS 3.60.1
+- requires rust 1.47
+- remove obsolete mozilla-pipewire-0-3.patch
+
+-------------------------------------------------------------------
+Mon Jan 11 18:02:01 UTC 2021 - Matthias Mailänder <mailaender@opensuse.org>
+
+- Fix AppStream screenshot links
+
+-------------------------------------------------------------------
+Thu Jan 7 17:11:43 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 84.0.2
+ MFSA 2021-01 (bsc#1180623)
+ * CVE-2020-16044 (bmo#1683964)
+ Use-after-free write when handling a malicious COOKIE-ECHO
+ SCTP chunk
+
+-------------------------------------------------------------------
+Sun Dec 27 09:52:50 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 84.0.1
+ * Fixed problems loading secure websites and crashes for users
+ with certain third-party PKCS11 modules and smartcards installed
+ (bmo#1682881) (fixed in NSS 3.59.1)
+ * Fixed a bug causing some Unity JS games to not load on Apple
+ Silicon devices due to improper detection of the OS version
+ (bmo#1680516)
+- requires NSS 3.59.1
+
+-------------------------------------------------------------------
+Sun Dec 13 18:18:58 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 84.0
+ * Firefox 84 is the final release to support Adobe Flash
+ * WebRender is enabled by default when run on GNOME-based X11
+ Linux desktops
+ MFSA 2020-54 (bsc#1180039))
+ * CVE-2020-16042 (bmo#1679003)
+ Operations on a BigInt could have caused uninitialized memory
+ to be exposed
+ * CVE-2020-26971 (bmo#1663466)
+ Heap buffer overflow in WebGL
+ * CVE-2020-26972 (bmo#1671382)
+ Use-After-Free in WebGL
+ * CVE-2020-26973 (bmo#1680084)
+ CSS Sanitizer performed incorrect sanitization
+ * CVE-2020-26974 (bmo#1681022)
+ Incorrect cast of StyleGenericFlexBasis resulted in a heap
+ use-after-free
+ * CVE-2020-26975 (bmo#1661071)
+ Malicious applications on Android could have induced Firefox
+ for Android into sending arbitrary attacker-specified headers
+ * CVE-2020-26976 (bmo#1674343)
+ HTTPS pages could have been intercepted by a registered
+ service worker when they should not have been
+ * CVE-2020-26977 (bmo#1676311)
+ URL spoofing via unresponsive port in Firefox for Android
+ * CVE-2020-26978 (bmo#1677047)
+ Internal network hosts could have been probed by a malicious
+ webpage
+ * CVE-2020-26979 (bmo#1641287, bmo#1673299)
+ When entering an address in the address or search bars, a
+ website could have redirected the user before they were
+ navigated to the intended url
+ * CVE-2020-35111 (bmo#1657916)
+ The proxy.onRequest API did not catch view-source URLs
+ * CVE-2020-35112 (bmo#1661365)
+ Opening an extension-less download may have inadvertently
+ launched an executable instead
+ * CVE-2020-35113 (bmo#1664831, bmo#1673589)
+ Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
+ * CVE-2020-35114 (bmo#1607449, bmo#1640416, bmo#1656459,
+ bmo#1669914, bmo#1673567)
+ Memory safety bugs fixed in Firefox 84
+- requires
+ NSS >= 3.59
+ rust >= 1.44
+ rust-cbindgen >= 0.15.0
+- remove revert-795c8762b16b.patch and replace with mozilla-pgo.patch
+
+-------------------------------------------------------------------
+Sat Nov 21 08:12:17 UTC 2020 - Kirill Kirillov <kkirill@opensuse.org>
+
+- Add/Enable GNOME search provider
+
+-------------------------------------------------------------------
+Sun Nov 15 12:16:53 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 83.0
+ * major update for SpiderMonkey improving performance significantly
+ * optional HTTPS-Only mode
+ * more improvements
+ https://www.mozilla.org/en-US/firefox/83.0/releasenotes/
+ MFSA 2020-50 (bsc#1178824))
+ * CVE-2020-26951 (bmo#1667113)
+ Parsing mismatches could confuse and bypass security
+ sanitizer for chrome privileged code
+ * CVE-2020-26952 (bmo#1667685)
+ Out of memory handling of JITed, inlined functions could lead
+ to a memory corruption
+ * CVE-2020-16012 (bmo#1642028)
+ Variable time processing of cross-origin images during
+ drawImage calls
+ * CVE-2020-26953 (bmo#1656741)
+ Fullscreen could be enabled without displaying the security UI
+ * CVE-2020-26954 (bmo#1657026)
+ Local spoofing of web manifests for arbitrary pages in
+ Firefox for Android
+ * CVE-2020-26955 (bmo#1663261)
+ Cookies set during file downloads are shared between normal
+ and Private Browsing Mode in Firefox for Android
+ * CVE-2020-26956 (bmo#1666300)
+ XSS through paste (manual and clipboard API)
+ * CVE-2020-26957 (bmo#1667179)
+ OneCRL was not working in Firefox for Android
+ * CVE-2020-26958 (bmo#1669355)
+ Requests intercepted through ServiceWorkers lacked MIME type
+ restrictions
+ * CVE-2020-26959 (bmo#1669466)
+ Use-after-free in WebRequestService
+ * CVE-2020-26960 (bmo#1670358)
+ Potential use-after-free in uses of nsTArray
+ * CVE-2020-15999 (bmo#1672223)
+ Heap buffer overflow in freetype
+ * CVE-2020-26961 (bmo#1672528)
+ DoH did not filter IPv4 mapped IP Addresses
+ * CVE-2020-26962 (bmo#610997)
+ Cross-origin iframes supported login autofill
+ * CVE-2020-26963 (bmo#1314912)
+ History and Location interfaces could have been used to hang
+ the browser
+ * CVE-2020-26964 (bmo#1658865)
+ Firefox for Android's Remote Debugging via USB could have
+ been abused by untrusted apps on older versions of Android
+ * CVE-2020-26965 (bmo#1661617)
+ Software keyboards may have remembered typed passwords
+ * CVE-2020-26966 (bmo#1663571)
+ Single-word search queries were also broadcast to local
+ network
+ * CVE-2020-26967 (bmo#1665820)
+ Mutation Observers could break or confuse Firefox Screenshots
+ feature
+ * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697,
+ bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479,
+ bmo#1671923)
+ Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
+ * CVE-2020-26969 (bmo#1623920, bmo#1651705, bmo#1667872,
+ bmo#1668876)
+ Memory safety bugs fixed in Firefox 83
+- requires
+ NSS >= 3.58
+ nodejs >= 10.22.1
+- removed obsolete mozilla-ppc-altivec_static_inline.patch
+- disable LTO on TW because of ICEs in gcc
+
+-------------------------------------------------------------------
+Mon Nov 9 10:15:52 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 82.0.3
+ MSFA 2020-49
+ * CVE-2020-26950 (bmo#1675905)
+ Write side effects in MCallGetProperty opcode not accounted for
+
+-------------------------------------------------------------------
+Mon Nov 2 09:00:13 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 82.0.2
+ * few bugfixes for introduced regressions
+
+-------------------------------------------------------------------
+Sun Nov 1 20:15:17 UTC 2020 - Kirill Kirillov <kkirill@opensuse.org>
+
+- Enable GNOME search provider
+
+-------------------------------------------------------------------
+Thu Oct 15 20:44:47 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 82.0
+ * https://www.mozilla.org/en-US/firefox/82.0/releasenotes/
+ MFSA 2020-45 (bsc#1177872)
+ * CVE-2020-15969 (bmo#1666570)
+ Use-after-free in usersctp
+ * CVE-2020-15254 (bmo#1668514)
+ Undefined behavior in bounded channel of crossbeam rust crate
+ * CVE-2020-15680 (bmo#1658881)
+ Presence of external protocol handlers could be determined
+ through image tags
+ * CVE-2020-15681 (bmo#1666568)
+ Multiple WASM threads may have overwritten each others' stub
+ table entries
+ * CVE-2020-15682 (bmo#1636654)
+ The domain associated with the prompt to open an external
+ protocol could be spoofed to display the incorrect origin
+ * CVE-2020-15683 (bmo#1576843, bmo#1656987, bmo#1660954,
+ bmo#1662760, bmo#1663439, bmo#1666140)
+ Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
+ * CVE-2020-15684 (bmo#1653764, bmo#1661402, bmo#1662259,
+ bmo#1664257)
+ Memory safety bugs fixed in Firefox 82
+- requires
+ * NSPR 4.29
+ * NSS 3.57
+
+-------------------------------------------------------------------
+Thu Oct 1 20:00:27 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 81.0.1
+ * https://www.mozilla.org/en-US/firefox/81.0.1/releasenotes/
+- remove obsolete python2 build requires
+
+-------------------------------------------------------------------
+Wed Sep 30 18:49:10 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Increase disk requirements in _constraints to match current needs
+
+-------------------------------------------------------------------
+Fri Sep 18 06:22:40 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 81.0
+ * https://www.mozilla.org/en-US/firefox/81.0/releasenotes
+ MFSA 2020-42 (bsc#1176756)
+ * CVE-2020-15675 (bmo#1654211)
+ Use-After-Free in WebGL
+ * CVE-2020-15677 (bmo#1641487)
+ Download origin spoofing via redirect
+ * CVE-2020-15676 (bmo#1646140)
+ XSS when pasting attacker-controlled data into a
+ contenteditable element
+ * CVE-2020-15678 (bmo#1660211)
+ When recursing through layers while scrolling, an iterator
+ may have become invalid, resulting in a potential use-after-
+ free scenario
+ * CVE-2020-15673 (bmo#1648493, bmo#1660800)
+ Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
+ * CVE-2020-15674 (bmo#1656063, bmo#1656064, bmo#1656067, bmo#1660293)
+ Memory safety bugs fixed in Firefox 81
+- requires
+ NSPR 4.28
+ NSS 3.56
+- removed obsolete patches
+ * mozilla-system-nspr.patch
+ * mozilla-bmo1661715.patch
+ * mozilla-silence-no-return-type.patch
+- skip post-build-checks for 15.0 and 15.1
+- add revert-795c8762b16b.patch to fix LTO builds with gcc
+ (related to bmo#1644409)
+- require python3-curses as workaround to fix i586 build
+
+-------------------------------------------------------------------
+Thu Sep 17 11:45:31 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Use %limit_build macro again for aarch64 and armv7, instead of
+ the new memoryperjob _constraints to use more workers
+
+-------------------------------------------------------------------
+Sat Sep 5 17:43:26 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- add mozilla-bmo1661715.patch to fix Flash plugin
+
+-------------------------------------------------------------------
+Wed Sep 2 17:11:19 UTC 2020 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 80.0.1: Bug fixes:
+ * Fixed a performance regression when encountering new intermediate
+ CA certificates (bmo#1661543)
+ * Fixed crashes possibly related to GPU resets (bmo#1627616)
+ * Fixed rendering on some sites using WebGL (bmo#1659225)
+ * Fixed the zoom-in keyboard shortcut on Japanese language builds
+ (bmo#1661895)
+ * Fixed download issues related to extensions and cookies
+ (bmo#1655190)
+- added mozilla-silence-no-return-type.patch
+
+-------------------------------------------------------------------
+Tue Aug 25 19:30:15 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- more whitelisting (/dev/random) for sandbox in relation to FIPS
+ (bsc#1174284)
+- improve langpack builds to use dedicated objdirs and make it
+ parallel again
+
+-------------------------------------------------------------------
+Sat Aug 22 06:52:01 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 80.0
+ MFSA 2020-36 (bsc#1175686)
+ * CVE-2020-15663 (bmo#1643199)
+ Downgrade attack on the Mozilla Maintenance Service could
+ have resulted in escalation of privilege
+ * CVE-2020-15664 (bmo#1658214)
+ Attacker-induced prompt for extension installation
+ * CVE-2020-12401 (bmo#1631573)
+ Timing-attack on ECDSA signature generation
+ * CVE-2020-6829 (bmo#1631583)
+ P-384 and P-521 vulnerable to an electro-magnetic side
+ channel attack on signature generation
+ * CVE-2020-12400 (bmo#1623116)
+ P-384 and P-521 vulnerable to a side channel attack on
+ modular inversion
+ * CVE-2020-15665 (bmo#1651636)
+ Address bar not reset when choosing to stay on a page after
+ the beforeunload dialog is shown
+ * CVE-2020-15666 (bmo#1450853)
+ MediaError message property leaks cross-origin response
+ status
+ * CVE-2020-15667 (bmo#1653371)
+ Heap overflow when processing an update file
+ * CVE-2020-15668 (bmo#1651520)
+ Data Race when reading certificate information
+ * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626,
+ bmo#1656957)
+ Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
+- requires
+ * NSPR 4.27
+ * NSS 3.55
+- added mozilla-system-nspr.patch (bmo#1661096)
+- exclude ga-IE locale as it's failing to build
+- rollback parallelize locale build because it breaks bookmarks
+ (boo#1167976)
+- preserve original default bookmark file during langpack build
+ (boo#1167976)
+- add some ccache output during build
+
+-------------------------------------------------------------------
+Thu Aug 20 13:07:33 UTC 2020 - Martin Liška <mliska@suse.cz>
+
+- Use new memoryperjob _constraints instead of %limit_build macro.
+
+-------------------------------------------------------------------
+Mon Aug 10 09:19:38 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- use ccache for build
+- replace versioned RPM deps with requires_ge
+- parallelize locale build
+
+-------------------------------------------------------------------
+Thu Aug 6 14:37:16 UTC 2020 - Yunhe Guo <i@guoyunhe.me>
+
+- Change *.appdata.xml location to latest AppStream standard
+
+-------------------------------------------------------------------
+Thu Jul 23 21:00:34 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 79.0
+ MFSA 2020-30 (bsc#1174538)
+ * CVE-2020-15652 (bmo#1634872)
+ Potential leak of redirect targets when loading scripts in a worker
+ * CVE-2020-6514 (bmo#1642792)
+ WebRTC data channel leaks internal address to peer
+ * CVE-2020-15655 (bmo#1645204)
+ Extension APIs could be used to bypass Same-Origin Policy
+ * CVE-2020-15653 (bmo#1521542)
+ Bypassing iframe sandbox when allowing popups
+ * CVE-2020-6463 (bmo#1635293)
+ Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
+ * CVE-2020-15656 (bmo#1647293)
+ Type confusion for special arguments in IonMonkey
+ * CVE-2020-15658 (bmo#1637745)
+ Overriding file type when saving to disk
+ * CVE-2020-15657 (bmo#1644954)
+ DLL hijacking due to incorrect loading path
+ * CVE-2020-15654 (bmo#1648333)
+ Custom cursor can overlay user interface
+ * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
+ bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
+ bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
+ Memory safety bugs fixed in Firefox 79
+- updated dependency requirements:
+ * mozilla-nspr >= 4.26
+ * mozilla-nss >= 3.54
+ * rust >= 1.43
+ * rust-cbindgen >= 0.14.3
+- removed obsolete patch
+ mozilla-bmo1463035.patch
+
+-------------------------------------------------------------------
+Tue Jul 21 21:31:20 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- fixed syntax issue in desktop file (boo#1174360)
+
+-------------------------------------------------------------------
+Fri Jul 17 15:07:45 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Add mozilla-libavcodec58_91.patch to link against updated
+ soversion of libavcodec (58.91) with ffmpeg >= 4.3.
+ (patch provided by Atri Bhattacharya <badshah400@gmail.com>
+- enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320)
+ (Plasma 5.19.3 is now in TW)
+
+-------------------------------------------------------------------
+Sat Jul 11 11:08:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 78.0.2
+ * Fixed an accessibility regression in reader mode (bmo#1650922)
+ * Made the address bar more resilient to data corruption in the
+ user profile (bmo#1649981)
+ * Fixed a regression opening certain external applications (bmo#1650162)
+ MFSA 2020-28
+ * CVE pending (bmo#1644076)
+ X-Frame-Options bypass using object or embed tags
+- added desktop file actions
+- do not use XINPUT2 for the moment until Plasma 5.19.3 has landed
+ (boo#1173993)
+- rework langpack integration (boo#1173991)
+ * ship XPIs instead of directories
+ * allow addon sideloading
+ * mark signatures for langpacks non-mandatory
+ * do not autodisable user profile scopes
+- Google API key is not usable for geolocation service
+- fix pipewire support for TW (boo#1172903)
+
+-------------------------------------------------------------------
+Wed Jul 1 07:15:02 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 78.0.1
+ * Fixed an issue which could cause installed search engines to not
+ be visible when upgrading from a previous release.
+- enable MOZ_USE_XINPUT2 for TW (boo#1173320)
+
+-------------------------------------------------------------------
+Sun Jun 28 07:17:13 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 78.0
+ * startup notifications now using Gtk instead of libnotify
+ * PDF downloads now show an option to open the PDF directly in Firefox
+ * Protections Dashboard (about:protections)
+ * WebRTC not interrupted by screensaver anymore
+ * disabled TLS 1.0 and 1.1 by default
+ MFSA 2020-24 (bsc#1173576)
+ * CVE-2020-12415 (bmo#1586630)
+ AppCache manifest poisoning due to url encoded character processing
+ * CVE-2020-12416 (bmo#1639734)
+ Use-after-free in WebRTC VideoBroadcaster
+ * CVE-2020-12417 (bmo#1640737)
+ Memory corruption due to missing sign-extension for ValueTags
+ on ARM64
+ * CVE-2020-12418 (bmo#1641303)
+ Information disclosure due to manipulated URL object
+ * CVE-2020-12419 (bmo#1643874)
+ Use-after-free in nsGlobalWindowInner
+ * CVE-2020-12420 (bmo#1643437)
+ Use-After-Free when trying to connect to a STUN server
+ * CVE-2020-12402 (bmo#1631597)
+ RSA Key Generation vulnerable to side-channel attack
+ * CVE-2020-12421 (bmo#1308251)
+ Add-On updates did not respect the same certificate trust
+ rules as software updates
+ * CVE-2020-12422 (bmo#1450353)
+ Integer overflow in nsJPEGEncoder::emptyOutputBuffer
+ * CVE-2020-12423 (bmo#1642400)
+ DLL Hijacking due to searching %PATH% for a library
+ * CVE-2020-12424 (bmo#1562600)
+ WebRTC permission prompt could have been bypassed by a
+ compromised content process
+ * CVE-2020-12425 (bmo#1634738)
+ Out of bound read in Date.parse()
+ * CVE-2020-12426 (bmo#1608068, bmo#1609951, bmo#1631187, bmo#1637682)
+ Memory safety bugs fixed in Firefox 78
+- requires
+ * NSS >= 3.53.1
+ * nodejs >= 10.21
+ * Gtk+3 >= 3.14
+- removed obsolete patches
+ * mozilla-s390-bigendian.patch
+ * mozilla-bmo1634646.patch
+- Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build
+ WebRTC with pipewire support to enable screen sharing under
+ Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3)
+ appropriately (boo#1172903).
+- adding SLE12 compatibility in spec file
+- add patches for s390x
+ * mozilla-bmo1602730.patch (bmo#1602730)
+ * mozilla-bmo1626236.patch (bmo#1626236)
+ * mozilla-bmo998749.patch (bmo#998749)
+ * mozilla-s390x-skia-gradient.patch
+- update create-tar.sh
+- Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure
+
+-------------------------------------------------------------------
+Wed Jun 10 07:17:15 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Exclude armv6, since it is unbuildable since about 3 years
+
+-------------------------------------------------------------------
+Wed Jun 3 21:39:11 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 77.0.1
+ * Disable automatic selection of DNS over HTTPS providers during
+ a test to enable wider deployment in a more controlled way
+ (bmo#1642723)
+
+-------------------------------------------------------------------
+Fri May 29 11:49:36 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 77.0
+ * view and manage web certificates more easily on the new
+ about:certificate page
+ * improvements in accessibility
+ * significant improvements to JavaScript debugging
+ MFSA 2020-20 (bsc#1172402)
+ * CVE-2020-12399 (bmo#1631576)
+ Timing attack on DSA signatures in NSS library
+ (fixed with external NSS >= 3.52.1)
+ * CVE-2020-12405 (bmo#1631618)
+ Use-after-free in SharedWorkerService
+ * CVE-2020-12406 (bmo#1639590)
+ JavaScript type confusion with NativeTypes
+ * CVE-2020-12407 (bmo#1637112)
+ WebRender leaking GPU memory when using border-image CSS
+ directive
+ * CVE-2020-12408 (bmo#1623888)
+ URL spoofing when using IP addresses
+ * CVE-2020-12409 (bmo#1619305, bmo#1632717)
+ Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9
+ * CVE-2020-12411 (bmo#1620972, bmo#1625333)
+ Memory safety bugs fixed in Firefox 77
+- requires
+ * NSS >= 3.52.1
+ * rust-cbindgen >= 1.14.1
+ * clang >= 5
+- added mozilla-bmo1634646.patch as part of fixing PGO build
+ (still not working)
+
+-------------------------------------------------------------------
+Wed May 13 12:21:13 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com>
+
+- change again _constraints for ppc64le use <physicalmemory>
+ and increase limit_build in spec file to reduce max_jobs.
+
+-------------------------------------------------------------------
+Sat May 9 11:45:39 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 76.0.1
+ * Fixed a bug causing some add-ons such as Amazon Assistant to see
+ multiple onConnect events, impairing functionality (bmo#1635637)
+
+-------------------------------------------------------------------
+Fri May 1 11:59:58 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 76.0
+ * Lockwise improvements
+ * Improvements in Picture-in-Picture feature
+ * Support Audio Worklets
+ MFSA-2020-16 (bsc#1171186)
+ * CVE-2020-12387 (bmo#1545345)
+ Use-after-free during worker shutdown
+ * CVE-2020-12388 (bmo#1618911)
+ Sandbox escape with improperly guarded Access Tokens
+ * CVE-2020-12389 (bmo#1554110)
+ Sandbox escape with improperly separated process types
+ * CVE-2020-6831 (bmo#1632241)
+ Buffer overflow in SCTP chunk input validation
+ * CVE-2020-12390 (bmo#1141959)
+ Incorrect serialization of nsIPrincipal.origin for IPv6 addresses
+ * CVE-2020-12391 (bmo#1457100)
+ Content-Security-Policy bypass using object elements
+ * CVE-2020-12392 (bmo#1614468)
+ Arbitrary local file access with 'Copy as cURL'
+ * CVE-2020-12393 (bmo#1615471)
+ Devtools' 'Copy as cURL' feature did not fully escape
+ website-controlled data, potentially leading to command injection
+ * CVE-2020-12394 (bmo#1628288)
+ URL spoofing in location bar when unfocussed
+ * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098,
+ bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508)
+ Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8
+ * CVE-2020-12396 (bmo#1339601, bmo#1611938, bmo#1620488,
+ bmo#1622291, bmo#1627644)
+ Memory safety bugs fixed in Firefox 76
+- requires
+ * NSS >= 3.51.1
+ * nasm >= 2.14
+- removed obsolete patch mozilla-bmo1622013.patch
+- fix URI creation for KDE file selector integration (boo#1160331)
+
+-------------------------------------------------------------------
+Tue Apr 7 12:18:27 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 75.0
+ * https://www.mozilla.org/en-US/firefox/75.0/releasenotes
+ MFSA 2020-12 (bsc#1168874)
+ * CVE-2020-6821 (bmo#1625404)
+ Uninitialized memory could be read when using the WebGL
+ copyTexSubImage method
+ * CVE-2020-6822 (bmo#1544181)
+ Out of bounds write in GMPDecodeData when processing large images
+ * CVE-2020-6823 (bmo#1614919)
+ Malicious Extension could obtain auth codes from OAuth login flows
+ * CVE-2020-6824 (bmo#1621853)
+ Generated passwords may be identical on the same site between
+ separate private browsing sessions
+ * CVE-2020-6825 (bmo#1572541,bmo#1620193,bmo#1620203)
+ Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7
+ * CVE-2020-6826 (bmo#1613009,bmo#1613195,bmo#1616734,bmo#1617488,
+ bmo#1619229,bmo#1620719,bmo#1624897)
+ Memory safety bugs fixed in Firefox 75
+- removed obsolete patch
+ mozilla-bmo1609538.patch
+- requires
+ * rust >= 1.41
+ * rust-cbindgen >= 0.13.1
+ * mozilla-nss >= 3.51
+ * nodejs10 >= 10.19
+- fix build issue in libvpx for i586 via mozilla-bmo1622013.patch
+
+-------------------------------------------------------------------
+Mon Apr 6 11:19:24 UTC 2020 - Michel Normand <normand@linux.vnet.ibm.com>
+
+- increase _constraints memory for ppc64le
+
+-------------------------------------------------------------------
+Fri Apr 3 15:23:28 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 74.0.1
+ MFSA 2020-11 (boo#1168630)
+ * CVE-2020-6819 (bmo#1620818)
+ Use-after-free while running the nsDocShell destructor
+ * CVE-2020-6820 (bmo#1626728)
+ Use-after-free when handling a ReadableStream
+
+-------------------------------------------------------------------
+Wed Mar 25 07:30:39 UTC 2020 - Marcus Meissner <meissner@suse.com>
+
+- mozilla-sandbox-fips.patch: allow /proc/sys/crypto/fips_enabled
+ to be read, as openssl 1.1.1 FIPS aborts if it cannot access it
+ (bsc#1167132)
+
+-------------------------------------------------------------------
+Sat Mar 7 08:51:06 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 74.0
+ * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
+ MFSA 2020-08 (bsc#1166238)
+ * CVE-2020-6805 (bmo#1610880)
+ Use-after-free when removing data about origins
+ * CVE-2020-6806 (bmo#1612308)
+ BodyStream::OnInputStreamReady was missing protections against
+ state confusion
+ * CVE-2020-6807 (bmo#1614971)
+ Use-after-free in cubeb during stream destruction
+ * CVE-2020-6808 (bmo#1247968)
+ URL Spoofing via javascript: URL
+ * CVE-2020-6809 (bmo#1420296)
+ Web Extensions with the all-urls permission could access local
+ files
+ * CVE-2020-6810 (bmo#1432856)
+ Focusing a popup while in fullscreen could have obscured the
+ fullscreen notification
+ * CVE-2020-6811 (bmo#1607742)
+ Devtools' 'Copy as cURL' feature did not fully escape
+ website-controlled data, potentially leading to command injection
+ * CVE-2019-20503 (bmo#1613765)
+ Out of bounds reads in sctp_load_addresses_from_init
+ * CVE-2020-6812 (bmo#1616661)
+ The names of AirPods with personally identifiable information
+ were exposed to websites with camera or microphone permission
+ * CVE-2020-6813 (bmo#1605814)
+ @import statements in CSS could bypass the Content Security
+ Policy nonce feature
+ * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,
+ bmo#1614339)
+ Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
+ * CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457,
+ bmo#1612431)
+ Memory and script safety bugs fixed in Firefox 74
+- requires
+ * NSPR 4.25
+ * NSS 3.50
+ * rust-cbindgen 0.13.0
+- removed obsolete patches
+ mozilla-bmo1610814.patch
+ mozilla-cubeb-noreturn.patch
+- add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36
+ (bmo#1609538, boo#1166471)
+
+-------------------------------------------------------------------
+Wed Feb 26 08:12:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- big endian fixes
+
+-------------------------------------------------------------------
+Tue Feb 25 14:17:00 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Fix build on aarch64/armv7 with:
+ * mozilla-bmo1610814.patch (boo#1164845, bmo#1610814)
+
+-------------------------------------------------------------------
+Thu Feb 20 13:40:59 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 73.0.1
+ * Resolved problems connecting to the RBC Royal Bank website
+ (bmo#1613943)
+ * Fixed Firefox unexpectedly exiting when leaving Print Preview mode
+ (bmo#1611133)
+ * Fixed crashes when playing encrypted content on some Linux systems
+ (bmo#1614535, boo#1164646)
+- start in wayland mode when running under wayland session
+
+-------------------------------------------------------------------
+Sun Feb 9 07:45:00 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 73.0
+ * Added support for setting a default zoom level applicable for all
+ web content
+ * High-contrast mode has been updated to allow background images
+ * Improved audio quality when playing back audio at a faster or
+ slower speed
+ * Added NextDNS as alternative option for DNS over HTTPS
+ MFSA 2020-05 (bsc#1163368)
+ * CVE-2020-6796 (bmo#1610426)
+ Missing bounds check on shared memory read in the parent process
+ * CVE-2020-6797 (bmo#1596668) (MacOS X only)
+ Extensions granted downloads.open permission could open arbitrary
+ applications on Mac OSX
+ * CVE-2020-6798 (bmo#1602944)
+ Incorrect parsing of template tag could result in JavaScript injection
+ * CVE-2020-6799 (bmo#1606596) (Windows only)
+ Arbitrary code execution when opening pdf links from other
+ applications, when Firefox is configured as default pdf reader
+ * CVE-2020-6800 (bmo#1595786,bmo#1596706,bmo#1598543,bmo#1604851,
+ bmo#1608580,bmo#1608785,bmo#1605777)
+ Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5
+ * CVE-2020-6801 (bmo#1601024,bmo#1601712,bmo#1604836,bmo#1606492)
+ Memory safety bugs fixed in Firefox 73
+- updated requirements
+ * rust >= 1.39
+ * NSS >= 3.49.2
+ * rust-cbindgen >= 0.12.0
+- rebased patches
+- removed obsolete patch
+ * mozilla-bmo1601707.patch
+- switched to cairo-gtk3-wayland build
+ (to fully enable wayland MOZ_ENABLE_WAYLAND=1 needs to be set)
+- disabled elfhack due to failing packager
+ https://github.com/openSUSE/firefox-maintenance/issues/28
+- disabled PGO due to build failure
+ https://github.com/openSUSE/firefox-maintenance/issues/29
+
+-------------------------------------------------------------------
+Tue Jan 28 07:30:16 UTC 2020 - Stasiek Michalski <stasiek@michalski.cc>
+
+- Use a symbolic icon from branding internals
+- Pixmaps no longer required for the desktops
+
+-------------------------------------------------------------------
+Wed Jan 22 10:30:21 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 72.0.2
+ * Various stability fixes
+ * Fixed issues opening files with spaces in their path (bmo#1601905)
+ * Fixed a hang opening about:logins when a master password is set
+ (bmo#1606992)
+ * Fixed a web compatibility issue with CSS Shadow Parts which
+ shipped in Firefox 72 (bmo#1604989)
+ * Fixed inconsistent playback performance for fullscreen 1080p
+ videos on some systems (bmo#1608485)
+
+-------------------------------------------------------------------
+Tue Jan 21 12:59:54 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Fix build for aarch64/ppc64le (do not update config.sub file
+ for libbacktrace)
+
+-------------------------------------------------------------------
+Wed Jan 8 08:19:12 UTC 2020 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 72.0.1
+ MFSA 2020-03 (bsc#1160498)
+ * CVE-2019-17026 (bmo#1607443)
+ IonMonkey type confusion with StoreElementHole and FallibleStoreElement
+- Mozilla Firefox 72.0
+ * block fingerprinting scripts by default
+ * new notification pop-ups
+ * Picture-in-picture video
+ MFSA 2020-01 (bsc#1160305)
+ * CVE-2019-17016 (bmo#1599181)
+ Bypass of @namespace CSS sanitization during pasting
+ * CVE-2019-17017 (bmo#1603055)
+ Type Confusion in XPCVariant.cpp
+ * CVE-2019-17020 (bmo#1597645)
+ Content Security Policy not applied to XSL stylesheets applied
+ to XML documents
+ * CVE-2019-17022 (bmo#1602843)
+ CSS sanitization does not escape HTML tags
+ * CVE-2019-17023 (bmo#1590001) (fixed in NSS FIXME)
+ NSS may negotiate TLS 1.2 or below after a TLS 1.3
+ HelloRetryRequest had been sent
+ * CVE-2019-17024 (bmo#1507180,bmo#1595470,bmo#1598605,bmo#1601826)
+ Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
+ * CVE-2019-17025 (bmo#1328295,bmo#1328300,bmo#1590447,bmo#1590965
+ bmo#1595692,bmo#1597321,bmo#1597481)
+ Memory safety bugs fixed in Firefox 72
+- update create-tar.sh to skip compare-locales
+- requires NSPR 4.24 and NSS 3.48
+- removed usage of browser-plugins convention for NPAPI plugins
+ from start wrapper and changed the RPM macro to the
+ /usr/$LIB/mozilla/plugins location (boo#1160302)
+
+-------------------------------------------------------------------
+Mon Dec 2 08:24:05 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 71.0
+ * Improvements to Lockwise, our integrated password manager
+ * More information about Enhanced Tracking Protection in action
+ * Native MP3 decoding on Windows, Linux, and macOS
+ * Configuration page (about:config) reimplemented in HTML
+ * New kiosk mode functionality, which allows maximum screen space
+ for customer-facing displays
+ MFSA 2019-36
+ * CVE-2019-11756 (bmo#1508776)
+ Use-after-free of SFTKSession object
+ * CVE-2019-17008 (bmo#1546331)
+ Use-after-free in worker destruction
+ * CVE-2019-13722 (bmo#1580156) (Windows only)
+ Stack corruption due to incorrect number of arguments in WebRTC code
+ * CVE-2019-17014 (bmo#1322864)
+ Dragging and dropping a cross-origin resource, incorrectly loaded
+ as an image, could result in information disclosure
+ * CVE-2019-17010 (bmo#1581084)
+ Use-after-free when performing device orientation checks
+ * CVE-2019-17005 (bmo#1584170)
+ Buffer overflow in plain text serializer
+ * CVE-2019-17011 (bmo#1591334)
+ Use-after-free when retrieving a document in antitracking
+ * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209
+ bmo#1580288, bmo#1585760, bmo#1592502)
+ Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
+ * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937
+ bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865
+ bmo#1594181)
+ Memory safety bugs fixed in Firefox 71
+- requires
+ NSPR >= 4.23
+ NSS >= 3.47.1
+ rust/cargo >= 1.37
+- reactivate webrtc for platforms where it was disabled
+- updated create-tar.sh to cover buildid and origin repo information
+ -> removed obsolete source-stamp.txt
+- removed obsolete patches
+ mozilla-bmo1511604.patch
+ mozilla-openaes-decl.patch
+- changed locale building procedure
+ * removed obsolete compare-locales.tar.xz
+- added mozilla-bmo1601707.patch to fix gcc/LTO builds
+ (bmo#1601707, boo#1158466)
+- added mozilla-bmo849632.patch to fix big endian issues in skia
+ used for WebGL
+
+-------------------------------------------------------------------
+Fri Nov 1 14:16:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 70.0.1
+ * Fix for an issue that caused some websites or page elements using
+ dynamic JavaScript to fail to load. (bmo#1592136)
+ * Title bar no longer shows in full screen view (bmo#1588747)
+- added mozilla-bmo1504834-part4.patch to fix some visual issues on
+ big endian platforms
+
+-------------------------------------------------------------------
+Sun Oct 20 20:19:31 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 70.0
+ * more privacy protections from Enhanced Tracking Protection
+ * Firefox Lockwise passwordmanager
+ * Improvements to core engine components, for better browsing on more sites
+ * Improved privacy and security indicators
+ MFSA 2019-34
+ * CVE-2018-6156 (bmo#1480088)
+ Heap buffer overflow in FEC processing in WebRTC
+ * CVE-2019-15903 (bmo#1584907)
+ Heap overflow in expat library in XML_GetCurrentLineNumber
+ * CVE-2019-11757 (bmo#1577107)
+ Use-after-free when creating index updates in IndexedDB
+ * CVE-2019-11759 (bmo#1577953)
+ Stack buffer overflow in HKDF output
+ * CVE-2019-11760 (bmo#1577719)
+ Stack buffer overflow in WebRTC networking
+ * CVE-2019-11761 (bmo#1561502)
+ Unintended access to a privileged JSONView object
+ * CVE-2019-11762 (bmo#1582857)
+ document.domain-based origin isolation has same-origin-property violation
+ * CVE-2019-11763 (bmo#1584216)
+ Incorrect HTML parsing results in XSS bypass technique
+ * CVE-2019-11765 (bmo#1562582)
+ Incorrect permissions could be granted to a website
+ * CVE-2019-17000 (bmo#1441468)
+ CSP bypass using object tag with data: URI
+ * CVE-2019-17001 (bmo#1587976)
+ CSP bypass using object tag when script-src 'none' is specified
+ * CVE-2019-17002 (bmo#1561056)
+ upgrade-insecure-requests was not being honored for links dragged and dropped
+ * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
+ bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845, bmo#1581950,
+ bmo#1583463, bmo#1586599)
+ Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
+- requires
+ rust/cargo >= 1.36
+ NSPR >= 4.22
+ NSS >= 3.46.1
+ rust-cbindgen >= 0.9.1
+- removed obsolete patches
+ mozilla-bmo1573381.patch
+ mozilla-nestegg-big-endian.patch
+
+-------------------------------------------------------------------
+Sun Oct 13 08:58:12 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 69.0.3
+ * Fixed Yahoo mail users being prompted to download files when
+ clicking on emails (bmo#1582848)
+- devel package build can easily be disabled now
+
+-------------------------------------------------------------------
+Thu Oct 3 08:40:05 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 69.0.2
+ * Fixed a crash when editing files on Office 365 websites (bmo#1579858)
+ * Fixed a Linux-only crash when changing the playback speed while
+ watching YouTube videos (bmo#1582222)
+- updated supported locale list
+- Allow to build without profile guided optimizations (boo#1040589)
+ (contributed by Bernhard Wiedemann)
+- Make build verbose (contributed by Martin Liška)
+- remove obsolete kde.js setting (boo#1151186) and related patch
+ firefox-add-kde.js-in-order-to-survive-PGO-build.patch
+- update create-tar.sh to latest revision and adjusted tar_stamps
+- add mozilla-fix-top-level-asm.patch to fix LTO build (w/o PGO)
+- extension preferences moved from branding package to core package
+ (packaging but not branding specific)
+
+-------------------------------------------------------------------
+Thu Sep 19 13:31:16 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 69.0.1
+ * Fixed external programs launching in the background when clicking
+ a link from inside Firefox to launch them (bmo#1570845)
+ * Usability improvements to the Add-ons Manager for users with
+ screen readers (bmo#1567600)
+ * Fixed the Captive Portal notification bar not being dismissable
+ in some situations after login is complete (bmo#1578633)
+ * Fixed the maximum size of fonts in Reader Mode when zoomed (bmo#1578454)
+ * Fixed missing stacks in the Developer Tools Performance section
+ (bmo#1578354)
+ MFSA 2019-31
+ * CVE-2019-11754 (bmo#1580506)
+ Pointer Lock is enabled with no user notification
+- disable DOH by default
+
+-------------------------------------------------------------------
+Thu Sep 5 13:02:39 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 69.0
+ * Enhanced Tracking Protection (ETP) for stronger privacy protections
+ * Block Autoplay feature is enhanced to give users the option to block
+ any video
+ * Users in the US or using the en-US browser, can get a new “New Tab”
+ page experience connecting to the best of Pocket's content.
+ * Support for the Web Authentication HmacSecret extension via
+ Windows Hello introduced.
+ * Support for receiving multiple video codecs with this release makes
+ it easier for WebRTC conferencing services to mix video from
+ different clients.
+ MFSA 2019-25 (boo#1149324)
+ * CVE-2019-11741 (bmo#1539595)
+ Isolate addons.mozilla.org and accounts.firefox.com
+ * CVE-2019-5849 (bmo#1555838)
+ Out-of-bounds read in Skia
+ * CVE-2019-11737 (bmo#1388015)
+ Content security policy directives ignore port and path if host is a wildcard
+ * CVE-2019-11734 (bmo#1352875,bmo#1536227,bmo#1557208,bmo#1560641)
+ Memory safety bugs fixed in Firefox 69
+ * CVE-2019-11735 (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
+ bmo#1565744,bmo#1568858,bmo#1570358)
+ Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ * CVE-2019-11740 (bmo#1563133,bmo#1573160)
+ Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
+- requires
+ * rust/cargo >= 1.35
+ * rust-cbindgen >= 0.9.0
+ * mozilla-nss >= 3.45
+- rebased patches
+
+-------------------------------------------------------------------
+Wed Sep 4 15:38:40 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- added a bunch of patches mainly for big endian platforms
+ * mozilla-bmo1504834-part1.patch
+ * mozilla-bmo1504834-part2.patch
+ * mozilla-bmo1504834-part3.patch
+ * mozilla-bmo1511604.patch
+ * mozilla-bmo1554971.patch
+ * mozilla-bmo1573381.patch
+ * mozilla-nestegg-big-endian.patch
+ * mozilla-bmo1512162.patch
+
+-------------------------------------------------------------------
+Fri Aug 30 20:49:11 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 68.1.0
+ MFSA 2019-26
+ * CVE-2019-11751 (bmo#1572838; Windows only)
+ Malicious code execution through command line parameters
+ * CVE-2019-11746 (bmo#1564449)
+ Use-after-free while manipulating video
+ * CVE-2019-11744 (bmo#1562033)
+ XSS by breaking out of title and textarea elements using innerHTML
+ * CVE-2019-11742 (bmo#1559715)
+ Same-origin policy violation with SVG filters and canvas to steal
+ cross-origin images
+ * CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
+ File manipulation and privilege escalation in Mozilla Maintenance Service
+ * CVE-2019-11753 (bmo#1574980; Windows only)
+ Privilege escalation with Mozilla Maintenance Service in custom
+ Firefox installation location
+ * CVE-2019-11752 (bmo#1501152)
+ Use-after-free while extracting a key value in IndexedDB
+ * CVE-2019-9812 (bmo#1538008, bmo#1538015)
+ Sandbox escape through Firefox Sync
+ * CVE-2019-11743 (bmo#1560495)
+ Cross-origin access to unload event attributes
+ * CVE-2019-11748 (bmo#1564588)
+ Persistence of WebRTC permissions in a third party context
+ * CVE-2019-11749 (bmo#1565374)
+ Camera information available without prompting using getUserMedia
+ * CVE-2019-11750 (bmo#1568397)
+ Type confusion in Spidermonkey
+ * CVE-2019-11738 (bmo#1452037)
+ Content security policy bypass through hash-based sources in directives
+ * CVE-2019-11747 (bmo#1564481)
+ 'Forget about this site' removes sites from pre-loaded HSTS list
+ * CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
+ bmo#1565744,bmo#1568858,bmo#1570358)
+ Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
+ * CVE-2019-11740 (bmo#1563133,bmo#1573160)
+ Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
+- switched package to ESR branch
+- added mozilla-bmo1568145.patch to make builds reproducible
+- removed upstreamed patch mozilla-gcc-internal-compiler-error.patch
+
+-------------------------------------------------------------------
+Sun Aug 18 17:29:25 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Mozilla Firefox 68.0.2:
+ * Fixed a bug causing some special characters to be cut off from
+ the end of the search terms when searching from the URL bar
+ (bmo#1560228)
+ * Allow fonts to be loaded via file:// URLs when opening a page
+ locally (bmo#1565942)
+ * Printing emails from the Outlook web app no longer prints only
+ the header and footer (bmo#1567105)
+ * Fixed a bug causing some images not to be displayed on reload,
+ including on Google Maps (bmo# 1565542)
+ * Fixed an error when starting external applications configured
+ as URI handlers (bmo#1567614)
+ MFSA 2019-24 (boo#1145665)
+ * CVE-2019-11733: Stored passwords in 'Saved Logins' can be
+ copied without master password entry (bmo#1565780)
+- drop fix-build-after-y2038-changes-in-glibc.patch, upstream
+
+-------------------------------------------------------------------
+Fri Aug 16 16:49:24 UTC 2019 - Jonathan Brielmaier <jbrielmaier@suse.de>
+
+- Fix crash when typing in the URL bar on ppc64le (bmo#1512162).
+ The upstream patch doesn't resolve the issue on TW, but compiling
+ with -O1 does. Do this until we have a proper fix.
+
+-------------------------------------------------------------------
+Thu Aug 1 14:25:02 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Update build constraints to fix arm builds
+
+-------------------------------------------------------------------
+Fri Jul 19 08:11:27 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 68.0.1
+ * Fixed missing Full Screen button when watching videos in full
+ screen mode on HBO GO (bmo#1562837)
+ * Fixed a bug causing incorrect messages to appear for some
+ locales when sites try to request the use of the Storage
+ Access API (bmo#1558503)
+ * Users in Russian regions may have their default search engine
+ changed (bmo#1565315)
+ * Built-in search engines in some locales do not function
+ correctly (bmo#1565779)
+ * SupportMenu policy doesn't always work (bmo#1553290)
+ * Allow the privacy.file_unique_origin pref to be controlled by
+ policy (bmo#1563759)
+
+-------------------------------------------------------------------
+Thu Jul 11 10:51:39 UTC 2019 - Jiri Slaby <jslaby@suse.com>
+
+- add fix-build-after-y2038-changes-in-glibc.patch
+
+-------------------------------------------------------------------
+Wed Jul 10 13:47:41 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
+
+- Generate langpacks sequentially to avoid file corruption
+ from racy file writes (boo#1137970)
+
+-------------------------------------------------------------------
+Mon Jul 8 13:30:35 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 68.0
+ * Dark mode in reader view
+ * Improved extension security and discovery
+ * Cryptomining and fingerprinting protections are added to strict
+ content blocking settings in Privacy & Security preferences
+ * Camera and microphone access now require an HTTPS connection
+ MFSA 2019-21 (bsc#1140868)
+ * CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
+ Sandbox escape via installation of malicious languagepack
+ * CVE-2019-11711 (bmo#1552541)
+ Script injection within domain through inner window reuse
+ * CVE-2019-11712 (bmo#1543804)
+ Cross-origin POST requests can be made with NPAPI plugins by
+ following 308 redirects
+ * CVE-2019-11713 (bmo#1528481)
+ Use-after-free with HTTP/2 cached stream
+ * CVE-2019-11714 (bmo#1542593)
+ NeckoChild can trigger crash when accessed off of main thread
+ * CVE-2019-11729 (bmo#1515342)
+ Empty or malformed p256-ECDH public keys may trigger a segmentation fault
+ * CVE-2019-11715 (bmo#1555523)
+ HTML parsing error can contribute to content XSS
+ * CVE-2019-11716 (bmo#1552632)
+ globalThis not enumerable until accessed
+ * CVE-2019-11717 (bmo#1548306)
+ Caret character improperly escaped in origins
+ * CVE-2019-11718 (bmo#1408349)
+ Activity Stream writes unsanitized content to innerHTML
+ * CVE-2019-11719 (bmo#1540541)
+ Out-of-bounds read when importing curve25519 private key
+ * CVE-2019-11720 (bmo#1556230)
+ Character encoding XSS vulnerability
+ * CVE-2019-11721 (bmo#1256009)
+ Domain spoofing through unicode latin 'kra' character
+ * CVE-2019-11730 (bmo#1558299)
+ Same-origin policy treats all files in a directory as having the
+ same-origin
+ * CVE-2019-11723 (bmo#1528335)
+ Cookie leakage during add-on fetching across private browsing boundaries
+ * CVE-2019-11724 (bmo#1512511)
+ Retired site input.mozilla.org has remote troubleshooting permissions
+ * CVE-2019-11725 (bmo#1483510)
+ Websocket resources bypass safebrowsing protections
+ * CVE-2019-11727 (bmo#1552208)
+ PKCS#1 v1.5 signatures can be used for TLS 1.3
+ * CVE-2019-11728 (bmo#1552993)
+ Port scanning through Alt-Svc header
+ * CVE-2019-11710 (bmo#1549768, bmo#1548611, bmo#1533842, bmo#1537692,
+ bmo#1540590, bmo#1551907, bmo#1510345, bmo#1535482, bmo#1535848,
+ bmo#1547472, bmo#1547760, bmo#1507696, bmo#1544180)
+ Memory safety bugs fixed in Firefox 68
+ * CVE-2019-11709 (bmo#1547266, bmo#1540759, bmo#1548822, bmo#1550498
+ bmo#1515052, bmo#1539219, bmo#1547757, bmo#1550498, bmo#1533522)
+ Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
+- requires
+ * NSS 3.44.1
+ * rust/cargo 1.34
+ * rust-cbindgen 0.8.7
+- rebased patches
+ * mozilla-aarch64-startup-crash.patch
+ * mozilla-kde.patch
+ * mozilla-nongnome-proxies.patch
+ * firefox-kde.patch
+- use new create-tar.sh and add tar_stamps for package definitions
+- added patches imported from SLE flavour
+ * mozilla-gcc-internal-compiler-error.patch
+ * mozilla-bmo1005535.patch
+ * mozilla-ppc-altivec_static_inline.patch
+ * mozilla-reduce-rust-debuginfo.patch
+ * mozilla-s390-bigendian.patch
+ * mozilla-s390-context.patch
+
+-------------------------------------------------------------------
+Mon Jul 2 14:15:17 UTC 2019 - Martin Liška <mliska@suse.cz>
+
+- Enable PGO for x86_64.
+ * added firefox-add-kde.js-in-order-to-survive-PGO-build.patch
+
+-------------------------------------------------------------------
+Thu Jun 20 06:20:59 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 67.0.4
+ MFSA 2019-19 (boo#1138872)
+ * CVE-2019-11708 (bmo#1559858)
+ sandbox escape using Prompt:Open
+
+-------------------------------------------------------------------
+Tue Jun 18 18:36:15 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 67.0.3
+ MFSA 2019-18 (boo#1138614)
+ * CVE-2019-11707 (bmo#1544386)
+ Type confusion in Array.pop
+
+-------------------------------------------------------------------
+Thu Jun 12 14:56:32 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 67.0.2
+ * Fixed: Fix JavaScript error ("TypeError: data is null in
+ PrivacyFilter.jsm") in console which may significantly degrade
+ sessionstore reliability and performance (bmo#1553413)
+ * Fixed: Proxy authentication dialog box repeatedly pops up
+ asking to authenticate after upgrading to Firefox 67 (bmo#1548804)
+ * Fixed: Pearson MyCloud breaks if FIDO U2F is not Chrome's
+ implementation (bmo#1551282)
+ * Fixed: Starting in safe mode on Linux or macOS causes Firefox
+ to think on the subsequent launch that the profile is too
+ recent to be used with this version of Firefox (bmo#1556612)
+ * Fixed: Linux distribution users can't easily install/use
+ additional/different languages using the built-in preferences
+ UI (bmo#1554744)
+ * Fixed: Developer tools users can't copy the href/src content
+ from various HTML tags via the context menu in the Inspector
+ markup view (bmo#1552275)
+ * Fixed: Custom home page is broken with clearing data on shutdown
+ settings applied (bmo#1554167)
+ * Fixed: Performance-regression for eclipse RAP based applications
+ (bmo#1555962)
+ * Fixed: macOS 10.15 crash fix (bmo#1556076)
+ * Fixed: Can't start two downloads in parallel via <a download>
+ anymore (bmo#1542912)
+
+-------------------------------------------------------------------
+Thu Jun 6 06:49:51 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 67.0.1
+ * enable enhanced tracking protection by default for new users
+ * upgrade of Facebook container to version 2.0
+ * new version of Firefox Lockwise (password management)
+ * new version of Firefox Monitor
+ * Firefox Send improvements
+
+-------------------------------------------------------------------
+Sun May 19 20:40:30 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 67.0
+ * Firefox 67 will be able to run different Firefox installs side by side
+ https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
+ * Tabs can now be pinned from the Page Actions menu in the address bar
+ * Users can block known cryptominers and fingerprinters in the
+ Custom settings or their Content Blocking preferences
+ * The Import Data from Another Browser feature is now also available
+ from the File menu
+ * Firefox will now protect you against running older versions which
+ can lead to data corruption and stability issues
+ * Easier access to your list of saved logins from the main menu and
+ login autocomplete
+ * We’ve added a toolbar menu for your Firefox Account to provide more
+ transparency for when you are synced, sharing data across devices
+ and with Firefox. Personalize the appearance of the menu with your
+ own avatar
+ * Enable FIDO U2F API, and permit registrations for Google Accounts
+ * Enabled AV1 support on Linux
+ MFSA 2019-13 (boo#1135824)
+ * CVE-2019-9815 (bmo#1546544)
+ Disable hyperthreading on content JavaScript threads on macOS
+ * CVE-2019-9816 (bmo#1536768)
+ Type confusion with object groups and UnboxedObjects
+ * CVE-2019-9817 (bmo#1540221)
+ Stealing of cross-domain images using canvas
+ * CVE-2019-9818 (bmo#1542581) (Windows only)
+ Use-after-free in crash generation server
+ * CVE-2019-9819 (bmo#1532553)
+ Compartment mismatch with fetch API
+ * CVE-2019-9820 (bmo#1536405)
+ Use-after-free of ChromeEventHandler by DocShell
+ * CVE-2019-9821 (bmo#1539125)
+ Use-after-free in AssertWorkerThread
+ * CVE-2019-11691 (bmo#1542465)
+ Use-after-free in XMLHttpRequest
+ * CVE-2019-11692 (bmo#1544670)
+ Use-after-free removing listeners in the event listener manager
+ * CVE-2019-11693 (bmo#1532525)
+ Buffer overflow in WebGL bufferdata on Linux
+ * CVE-2019-7317 (bmo#1542829)
+ Use-after-free in png_image_free of libpng library
+ * CVE-2019-11694 (bmo#1534196) (Windows only)
+ Uninitialized memory memory leakage in Windows sandbox
+ * CVE-2019-11695 (bmo#1445844)
+ Custom cursor can render over user interface outside of web content
+ * CVE-2019-11696 (bmo#1392955)
+ Java web start .JNLP files are not recognized as executable files
+ for download prompts
+ * CVE-2019-11697 (bmo#1440079)
+ Pressing key combinations can bypass installation prompt delays and
+ install extensions
+ * CVE-2019-11698 (bmo#1543191)
+ Theft of user history data through drag and drop of hyperlinks
+ to and from bookmarks
+ * CVE-2019-11700 (bmo#1549833) (Windows only)
+ res: protocol can be used to open known local files
+ * CVE-2019-11699 (bmo#1528939)
+ Incorrect domain name highlighting during page navigation
+ * CVE-2019-11701 (bmo#1518627)
+ webcal: protocol default handler loads vulnerable web page
+ * CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
+ bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425)
+ Memory safety bugs fixed in Firefox 67
+ * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
+ bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
+ bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
+ bmo#1532465, bmo#1533554, bmo#1541580)
+ Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
+- requires
+ * rust/cargo >= 1.32
+ * mozilla-nspr >= 4.21
+ * mozilla-nss >= 3.43
+ * rust-cbindgen >= 0.8.2
+- rebased patches
+- KDE integration for default browser detection is broken in this revision
+
+-------------------------------------------------------------------
+Fri May 17 12:04:49 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Fix armv7 build with:
+ * mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch
+
+-------------------------------------------------------------------
+Fri May 10 10:30:05 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 66.0.5
+ * Fixed: Further improvements to re-enable web extensions which
+ had been disabled for users with a master password set (bmo#1549249)
+
+-------------------------------------------------------------------
+Sun May 5 20:21:02 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 66.0.4 (boo#1134126)
+ * fix extension certificate chain
+ https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/
+
+-------------------------------------------------------------------
+Thu Apr 11 09:16:17 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 66.0.3
+ * Fixed: Address bar on tablets running Windows 10 now behaves
+ correctly (bmo#1498973)
+ * Fixed: Performance issues with some HTML5 games (bmo#1537609)
+ * Fixed a bug with keypress events in IBM cloud applications
+ (bmo#1538970)
+ * Fix for keypress events in some Microsoft cloud applications
+ (bmo#1539618)
+ * Changed: Updated Baidu search plugin
+
+-------------------------------------------------------------------
+Thu Mar 28 19:01:41 UTC 2019 - Manfred Hollstein <manfred.h@gmx.net>
+
+- Mozilla Firefox 66.0.2
+ * Fixed Web compatibility issues with Office 365, iCloud and
+ IBM WebMail caused by recent changes to the handling of
+ keyboard events (bmo#1538966)
+ * Crash fixes (bmo#1521370, bmo#1539118)
+
+-------------------------------------------------------------------
+Thu Mar 28 09:58:36 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Add patch to fix aarch64 build:
+ * mozilla-fix-aarch64-libopus.patch (bmo#1539737)
+
+-------------------------------------------------------------------
+Fri Mar 22 22:22:08 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 66.0.1
+ MFSA 2019-09 (bsc#1130262)
+ * CVE-2019-9810 (bmo#1537924)
+ IonMonkey MArraySlice has incorrect alias information
+ * CVE-2019-9813 (bmo#1538006)
+ Ionmonkey type confusion with __proto__ mutations
+
+-------------------------------------------------------------------
+Sun Mar 17 10:08:51 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 66.0
+ * Increased content processes to 8
+ * Added capability to search through open tabs from the tab overflow menu
+ * New backend for the storage.local WebExtensions API, providing
+ I/O performance improvements when the extension updates a small
+ subset of the stored data
+ * WebExtension keyboard shortcuts can now be managed or overridden
+ from about:addons
+ * Improved scrolling behavior: Firefox will now attempt to keep content
+ from jumping around while a page is loading by supporting scroll
+ anchoring
+ * New about:privatebrowsing with search
+ * A certificate error page now notifies the user of the name of the
+ certificate issuer that breaks HTTPs connections on intercepted
+ connections to help troubleshooting possible anti-virus software
+ issues.
+ * Fixed an performance issue some Linux users experienced with the
+ Downloads panel (bmo#1517101)
+ * Firefox now blocks all autoplay media with sound by default. Users
+ can add individual sites to an exceptions list or turn the blocking
+ off.
+ * System title bar is hidden by default to match Gnome guideline
+ MFSA 2019-07 (bsc#1129821)
+ * CVE-2019-9790 (bmo#1525145)
+ Use-after-free when removing in-use DOM elements
+ * CVE-2019-9791 (bmo#1530958)
+ Type inference is incorrect for constructors entered through on-stack
+ replacement with IonMonkey
+ * CVE-2019-9792 (bmo#1532599)
+ IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
+ * CVE-2019-9793 (bmo#1528829)
+ Improper bounds checks when Spectre mitigations are disabled
+ * CVE-2019-9794 (bmo#1530103) (Windows only)
+ Command line arguments not discarded during execution
+ * CVE-2019-9795 (bmo#1514682)
+ Type-confusion in IonMonkey JIT compiler
+ * CVE-2019-9796 (bmo#1531277)
+ Use-after-free with SMIL animation controller
+ * CVE-2019-9797 (bmo#1528909)
+ Cross-origin theft of images with createImageBitmap
+ * CVE-2019-9798 (bmo#1527534) (Android only)
+ Library is loaded from world writable APITRACE_LIB location
+ * CVE-2019-9799 (bmo#1505678)
+ Information disclosure via IPC channel messages
+ * CVE-2019-9801 (bmo#1527717) (Windows only)
+ Windows programs that are not 'URL Handlers' are exposed to web content
+ * CVE-2019-9802 (bmo#1415508)
+ Chrome process information leak
+ * CVE-2019-9803 (bmo#1515863, bmo#1437009)
+ Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
+ * CVE-2019-9804 (bmo#1518026) (MacOS only)
+ Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS
+ * CVE-2019-9805 (bmo#1521360)
+ Potential use of uninitialized memory in Prio
+ * CVE-2019-9806 (bmo#1525267)
+ Denial of service through successive FTP authorization prompts
+ * CVE-2019-9807 (bmo#1362050)
+ Text sent through FTP connection can be incorporated into alert messages
+ * CVE-2019-9809 (bmo#1282430, bmo#1523249)
+ Denial of service through FTP modal alert error messages
+ * CVE-2019-9808 (bmo#1434634)
+ WebRTC permissions can display incorrect origin with data: and blob: URLs
+ * CVE-2019-9789 bmo#1520483, bmo#1522987, bmo#1528199, bmo#1519337,
+ bmo#1525549, bmo#1516179, bmo#1518524, bmo#1518331, bmo#1526579,
+ bmo#1512567, bmo#1524335, bmo#1448505, bmo#1518821
+ Memory safety bugs fixed in Firefox 66
+ * CVE-2019-9788 bmo#1518001, bmo#1521304, bmo#1521214, bmo#1506665,
+ bmo#1516834, bmo#1518774, bmo#1524755, bmo#1523362, bmo#1524214, bmo#1529203
+ Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
+- updated build/runtime requirements
+ * mozilla-nss >= 3.42.1
+ * cargo/rust >= 1.31
+ * rust-cbindgen >= 0.6.8
+ * nasm >= 2.13 (new)
+- removed obsolete patch
+ * mozilla-bmo256180.patch
+
+-------------------------------------------------------------------
+Tue Mar 5 10:17:01 UTC 2019 - Stephan Kulow <coolo@suse.com>
+
+- Do not hardcode nodejs8 but leave the prefer to the distribution
+ (Tumbleweed staging wants to switch to nodejs10)
+
+-------------------------------------------------------------------
+Fri Feb 15 13:45:57 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Update _constraints to avoid 'no space left' error seen on aarch64
+
+-------------------------------------------------------------------
+Wed Feb 13 07:17:28 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 65.0.1
+ * Fixed accidental requests to addons.mozilla.org when an addon
+ recommendation doorhanger is shown (bmo#1526387)
+ * Improved playback of interactive Netflix videos (bmo#1524500)
+ * Fixed incorrect sizing of the "Clear Recent History" window in
+ some situations (bmo#1523696)
+ * Fixed audio & video delays while making WebRTC calls
+ (bmo#1521577, bmo#1523817)
+ * Fixed video sizing problems during some WebRTC calls (bmo#1520200)
+ * Fixed looping CONNECT requests when using WebSockets over HTTP/2
+ from behind a proxy server (bmo#1523427)
+ * Fixed the "Enter" key not working on password entry fields for
+ certain Linux distributions (bmo#1523635)
+ MFSA 2019-04 (bsc#1125330)
+ * CVE-2018-18356 bmo#1525817
+ Use-after-free in Skia
+ * CVE-2019-5785 bmo#1525433
+ Integer overflow in Skia
+ * CVE-2018-18511 bmo#1526218
+ Cross-origin theft of images with ImageBitmapRenderingContext
+
+-------------------------------------------------------------------
+Wed Feb 13 06:12:43 UTC 2019 - Martin Liška <mliska@suse.cz>
+
+- Enable LTO only for latest new toolchain (boo#1125038) for x86_64
+ (with increased memory constraints)
+
+-------------------------------------------------------------------
+Sat Jan 26 22:37:01 UTC 2019 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- Mozilla Firefox 65.0
+ * Enhanced tracking protection
+ * allow switching of UI locales within preferences
+ * support for the WebP image format
+ * "top"-like about:performance
+ MFSA 2019-01 (bsc#1122983)
+ * CVE-2018-18500 bmo#1510114
+ Use-after-free parsing HTML5 stream
+ * CVE-2018-18503 bmo#1509442
+ Memory corruption with Audio Buffer
+ * CVE-2018-18504 bmo#1496413
+ Memory corruption and out-of-bounds read of texture client
+ * CVE-2018-18505 bmo#1497749
+ Privilege escalation through IPC channel messages
+ * CVE-2018-18506 bmo#1503393
+ Proxy Auto-Configuration file can define localhost access to be proxied
+ * CVE-2018-18502 bmo#1499426 bmo#1480090 bmo#1472990 bmo#1514762
+ bmo#1501482 bmo#1505887 bmo#1508102 bmo#1508618 bmo#1511580
+ bmo#1493497 bmo#1510145 bmo#1516289 bmo#1506798 bmo#1512758
+ Memory safety bugs fixed in Firefox 65
+ * CVE-2018-18501 bmo#1512450 bmo#1517542 bmo#1513201 bmo#1460619
+ bmo#1502871 bmo#1516738 bmo#1516514
+ Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
+- requires
+ NSS 3.41
+ rust/carge 1.30
+ rust-cbindgen 0.6.7
+- rebased patches
+- remove workaround for build memory consumption on i586; other
+ mitigations meanwhile introduced (mainly parallelity) will be
+ sufficient
+ mozilla-reduce-files-per-UnifiedBindings.patch
+
+-------------------------------------------------------------------
+Tue Jan 15 14:32:03 UTC 2019 - Martin Liška <mliska@suse.cz>
+
+- Increase disk constraint.
+
+-------------------------------------------------------------------
+Mon Jan 14 12:12:12 UTC 2019 - Martin Liška <mliska@suse.cz>
+
+- Remove -v from mach build in order to work-around bmo#1500436.
+
+-------------------------------------------------------------------
+Fri Jan 11 15:07:14 UTC 2019 - Martin Liška <mliska@suse.cz>
+
+- Set %clang_build to false on all architectures
+- Do not use -fno-delete-null-pointer-checks and -fno-strict-aliasing:
+ it should not be needed anymore
+- Do not overwrite enable-optimize and when possible
+ enable --enable-debug-symbols.
+- Add -v to mach in order to make build verbose.
+
+-------------------------------------------------------------------
+Wed Jan 9 22:40:14 UTC 2019 - astieger@suse.com
+
+- Mozilla Firefox 64.0.2:
+ * Update the Japanese translation for missing strings (bmo#1513259)
+ * Properly restore column sizes in developer tools inspector (bmo#1503175)
+ * Fixed video stuttering on Youtube (bmo#1513511)
+ * Fix updates for some lightweight themes (bmo#1508777)
+
+-------------------------------------------------------------------
+Tue Dec 18 14:46:41 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Enable build_hardened for all architectures
+- Switch back aarch64 to clang as '-fPIC' fixes bmo#1513605
+- Remove obolete '--enable-pie' as -pie is always enabled for
+ gcc and clang
+
+-------------------------------------------------------------------
+Wed Dec 12 17:33:29 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Switch aarch64 builds back to gcc, not clang (bmo#1513605)
+- Switch %arm builds back to gcc, not clang to avoid OOM
+- Fix build flags when clang is not used
+- Fix flags for clang ppc64 builds
+
+-------------------------------------------------------------------
+Tue Dec 11 08:45:56 UTC 2018 - Wolfgang Rosenauer <wr@rosenauer.org>
+
+- update to Firefox 64.0
+ * Better recommendations: You may see suggestions in regular browsing
+ mode for new and relevant Firefox features, services, and extensions
+ based on how you use the web (for US users only)
+ * Enhanced tab management: You can now select multiple tabs from the
+ tab bar and close, move, bookmark, or pin them quickly and easily
+ * Easier performance management: The new Task Manager page found at
+ about:performance lets you see how much energy each open tab consumes
+ and provides access to close tabs to conserve power
+ * Improved performance for Mac and Linux users, by enabling link time
+ optimization (Clang LTO).
+ * Added option to remove add-ons using the context menu on their
+ toolbar buttons
+ * RSS feed preview and live bookmarks are available only via add-ons
+ * TLS certificates issued by Symantec are no longer trusted by Firefox.
+ Website operators are strongly encouraged to replace any remaining
+ Symantec TLS certificates as soon as possible
+ MFSA 2018-29 (bsc#1119105)
+ * CVE-2018-12407 bmo#1505973
+ Buffer overflow with ANGLE library when using VertexBuffer11 module
+ * CVE-2018-17466 bmo#1488295
+ Buffer overflow and out-of-bounds read in ANGLE library with
+ TextureStorage11
+ * CVE-2018-18492 bmo#1499861
+ Use-after-free with select element
+ * CVE-2018-18493 bmo#1504452
+ Buffer overflow in accelerated 2D canvas with Skia
+ * CVE-2018-18494 bmo#1487964
+ Same-origin policy violation using location attribute and
+ performance.getEntries to steal cross-origin URLs
+ * CVE-2018-18495 bmo#1427585
+ WebExtension content scripts can be loaded in about: pages
+ * CVE-2018-18496 bmo#1422231 (Windows only)
+ Embedded feed preview page can be abused for clickjacking
+ * CVE-2018-18497 bmo#1488180
+ WebExtensions can load arbitrary URLs through pipe separators
+ * CVE-2018-18498 bmo#1500011
+ Integer overflow when calculating buffer sizes for images
+ * CVE-2018-12406 bmo#1456947 bmo#1475669 bmo#1504816 bmo#1502886
+ bmo#1500064 bmo#1500310 bmo#1500696 bmo#1498765 bmo#1499198 bmo#1434490
+ bmo#1481745 bmo#1458129
+ Memory safety bugs fixed in Firefox 64
+ * CVE-2018-12405 bmo#1494752 bmo#1503326 bmo#1505181 bmo#1500759
+ bmo#1504365 bmo#1506640 bmo#1503082 bmo#1502013 bmo#1510471
+ Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
+- requires
+ * rust/cargo >= 1.29
+ * mozilla-nss >= 3.40.1
+ * rust-cbindgen >= 0.6.4
+- rebased patches
+- removed obsolete patch
+ * mozilla-bmo1491289.patch
+- now uses clang primarily for compilation
+
+-------------------------------------------------------------------
+Wed Nov 28 11:07:18 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Remove --disable-elf-hack when not available: on aarch64 and ppc64*
+
+-------------------------------------------------------------------
+Mon Nov 26 09:46:02 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Clean-up %arm build
+
+-------------------------------------------------------------------
+Sun Nov 18 11:01:21 UTC 2018 - manfred.h@gmx.net
+
+- update to Firefox 63.0.3
+ * Games using WebGL (created in Unity) get stuck after very short
+ time of gameplay (bmo#1502748)
+ * Slow page loading for some users with specific proxy configurations
+ (bmo#1495024)
+ * Disable HTTP response throttling by default for causing bugs with
+ videos in background tabs (bmo#1503354)
+ * Opening magnet links no longer works (bmo#1498934)
+ * Crash fixes (bmo#1498510, bmo#1503424)
+- removed mozilla-newer-cbindgen.patch; no longer needed
+
+-------------------------------------------------------------------
+Thu Nov 8 14:59:13 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 63.0.1
+ * Snippets are not loaded due to missing element (bmo#1503047)
+ * Print preview always shows 30& scale when it is actually
+ Shrink To Fit (bmo#1501952)
+ * Dialog displayed when closing multiple windows shows unreplaced
+ %1$S placeholder in Japanese and potentially other locales
+ (bmo#1500823)
+
+-------------------------------------------------------------------
+Mon Oct 29 14:07:51 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 63.0
+ * WebExtensions now run in their own process on Linux
+ * The Ctrl+Tab shortcut now displays thumbnail previews of your
+ tabs and cycles through tabs in recently used order. This new
+ default behavior is activated only in new profiles and can be
+ changed in preferences.
+ * Added support for Web Components custom elements and shadow DOM
+ MFSA 2018-26 (bsc#1112852)
+ * CVE-2018-12391 (bmo#1478843) (Android-only)
+ HTTP Live Stream audio data is accessible cross-origin
+ * CVE-2018-12392 (bmo#1492823)
+ Crash with nested event loops
+ * CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs)
+ Integer overflow during Unicode conversion while loading JavaScript
+ * CVE-2018-12395 (bmo#1467523)
+ WebExtension bypass of domain restrictions through header rewriting
+ * CVE-2018-12396 (bmo#1483602)
+ WebExtension content scripts can execute in disallowed contexts
+ * CVE-2018-12397 (bmo#1487478)
+ Missing warning prompt when WebExtension requests local file access
+ * CVE-2018-12398 (bmo#1460538, bmo#1488061)
+ CSP bypass through stylesheet injection in resource URIs
+ * CVE-2018-12399 (bmo#1490276)
+ Spoofing of protocol registration notification bar
+ * CVE-2018-12400 (bmo#1448305) (Android only)
+ Favicons are cached in private browsing mode on Firefox for Android
+ * CVE-2018-12401 (bmo#1422456)
+ DOS attack through special resource URI parsing
+ * CVE-2018-12402 (bmo#1469916)
+ SameSite cookies leak when pages are explicitly saved
+ * CVE-2018-12403 (bmo#1484753)
+ Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
+ * CVE-2018-12388 (bmo#1472639, bmo#1485698, bmo#1301547, bmo#1471427,
+ bmo#1379411, bmo#1482122, bmo#1486314, bmo#1487167)
+ Memory safety bugs fixed in Firefox 63
+ * CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
+ bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
+ bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
+ bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
+ Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
+- requires NSPR 4.20, NSS 3.39 and Rust 1.28
+- latest rust does not provide rust-std so stop requiring it
+- requires rust-cbindgen >= 0.6.2 to build
+- requires nodejs >= 8.11 to build
+- added mozilla-bmo1491289.patch to fix system NSS build (bmo#1491289)
+- added mozilla-cubeb-noreturn.patch to fix non-return function
+- added mozilla-newer-cbindgen.patch to fix build with cbindgen 0.6.7
+- disable elfhack for TW and newer due to build errors
+- removed obsolete patches
+ * mozilla-no-return.patch
+ * mozilla-no-stdcxx-check.patch
+
+-------------------------------------------------------------------
+Thu Oct 25 14:39:04 UTC 2018 - guillaume.gardet@opensuse.org
+
+- Update _constraints for armv6/7
+
+-------------------------------------------------------------------
+Thu Oct 25 08:50:24 UTC 2018 - guillaume.gardet@opensuse.org
+
+- Add patch to fix build on armv7:
+ * mozilla-bmo1463035.patch
+
+-------------------------------------------------------------------
+Tue Oct 2 21:28:31 UTC 2018 - astieger@suse.com
+
+- Mozilla Firefox 62.0.3:
+ MFSA 2018-24
+ * CVE-2018-12386 (bsc#1110506, bmo#1493900)
+ Type confusion in JavaScript allowed remote code execution
+ * CVE-2018-12387 (bsc#1110507, bmo#1493903)
+ Array.prototype.push stack pointer vulnerability may enable
+ exploits in the sandboxed content process
+
+-------------------------------------------------------------------
+Sat Sep 22 09:03:53 UTC 2018 - astieger@suse.com
+
+- Mozilla Firefox 62.0.2:
+ MFSA 2018-22
+ * CVE-2018-12385 (boo#1109363, bmo#1490585)
+ Crash in TransportSecurityInfo due to cached data
+ * Unvisited bookmarks can once again be autofilled in the address
+ bar
+ * Fix WebGL rendering issues
+ * Fix fallback on startup when a language pack is missing
+ * Avoid crash when sharing a profile with newer (as yet
+ unreleased) versions of Firefox
+ * Do not undo removal of search engines when using a language
+ pack
+ * Fixed rendering of some web sites
+ * Restored compatibility with some sites using deprecated TLS
+ settings
+- disable rust debug symbols to fix build on %ix86
+
+-------------------------------------------------------------------
+Mon Sep 3 10:47:43 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 62.0
+ * Firefox Home (the default New Tab) now allows users to display
+ up to 4 rows of top sites, Pocket stories, and highlights
+ * "Reopen in Container" tab menu option appears for users with
+ Containers that lets them choose to reopen a tab in a different
+ container
+ * In advance of removing all trust for Symantec-issued certificates
+ in Firefox 63, a preference was added that allows users to distrust
+ certificates issued by Symantec. To use this preference, go to
+ about:config in the address bar and set the preference
+ "security.pki.distrust_ca_policy" to 2.
+ * Support for CSS Shapes, allowing for richer web page layouts.
+ This goes hand in hand with a brand new Shape Path Editor in the
+ CSS inspector.
+ * CSS Variable Fonts (OpenType Font Variations) support, which makes
+ it possible to create beautiful typography with a single font file
+ * Added Canadian English (en-CA) locale
+ MFSA 2018-20 (bsc#1107343)
+ * CVE-2018-12377 (bmo#1470260)
+ Use-after-free in refresh driver timers
+ * CVE-2018-12378 (bmo#1459383)
+ Use-after-free in IndexedDB
+ * CVE-2018-12379 (bmo#1473113) (updater is disabled for us)
+ Out-of-bounds write with malicious MAR file
+ * CVE-2017-16541 (bmo#1412081)
+ Proxy bypass using automount and autofs
+ * CVE-2018-12381 (bmo#1435319)
+ Dragging and dropping Outlook email message results in page navigation
+ * CVE-2018-12382 (bmo#1479311) (Android only)
+ Addressbar spoofing with javascript URI on Firefox for Android
+ * CVE-2018-12383 (bmo#1475775)
+ Setting a master password post-Firefox 58 does not delete
+ unencrypted previously stored passwords
+ * CVE-2018-12375
+ Memory safety bugs fixed in Firefox 62
+ * CVE-2018-12376
+ Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
+- requires NSS >= 3.38
+- removed obsolete patch
+ mozilla-bmo1464766.patch
+
+-------------------------------------------------------------------
+Thu Aug 9 14:22:00 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 61.0.2
+ * Improved website rendering with the Retained Display List feature
+ enabled (bmo#1474402)
+ * Fixed broken DevTools panels with certain extensions installed
+ (bmo#1474379)
+ * Fixed a crash for users with some accessibility tools enabled
+ (bmo#1474007)
+
+-------------------------------------------------------------------
+Mon Jul 9 07:22:09 UTC 2018 - astieger@suse.com
+
+- Mozilla Firefox 61.0.1:
+ * Fix missing content on the New Tab Page and the Home section of
+ the Preferences page (bmo#1471375)
+ * Fixed loss of bookmarks under rare circumstances when upgrading
+ from Firefox 60 (bmo#1472127)
+ * Improved playback of Twitch 1080p video streams (bmo#1469257)
+ * Web pages no longer lose focus when a browser popup window is
+ opened (bmo#1471415)
+ * Re-allowed downloading files from FTP sites via the "Save Link
+ As" option when linked from HTTP pages (bmo#1470295)
+ * Fixed extensions being unable to override the default homepage
+ in certain situations (bmo#1466846)
+
+-------------------------------------------------------------------
+Sat Jun 23 07:25:51 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 61.0
+ * Performance enhancements
+ * Various improvements for dark theme support will provide a more
+ consistent experience across the entire Firefox UI
+ * OpenSearch plugins offered by web pages can now be added from the
+ page action menu for easier installation
+ * Improved support for allowing WebExtensions to manage and hide tabs
+ MFSA 2018-15 (bsc#1098998)
+ * CVE-2018-12359 (bmo#1459162)
+ Buffer overflow using computed size of canvas element
+ * CVE-2018-12360 (bmo#1459693)
+ Use-after-free when using focus()
+ * CVE-2018-12361 (bmo#1463244)
+ Integer overflow in SwizzleData
+ * CVE-2018-12358 (bmo#1467852)
+ Same-origin bypass using service worker and redirection
+ * CVE-2018-12362 (bmo#1452375)
+ Integer overflow in SSSE3 scaler
+ * CVE-2018-5156 (bmo#1453127)
+ Media recorder segmentation fault when track type is changed during capture
+ * CVE-2018-12363 (bmo#1464784)
+ Use-after-free when appending DOM nodes
+ * CVE-2018-12364 (bmo#1436241)
+ CSRF attacks through 307 redirects and NPAPI plugins
+ * CVE-2018-12365 (bmo#1459206)
+ Compromised IPC child process can list local filenames
+ * CVE-2018-12371 (bmo#1465686)
+ Integer overflow in Skia library during edge builder allocation
+ * CVE-2018-12366 (bmo#1464039)
+ Invalid data handling during QCMS transformations
+ * CVE-2018-12367 (bmo#1462891)
+ Timing attack mitigation of PerformanceNavigationTiming
+ * CVE-2018-12369 (bmo#1454909)
+ WebExtension security permission checks bypassed by embedded experiments
+ * CVE-2018-12370 (bmo#1456652)
+ SameSite cookie protections bypassed when exiting Reader View
+ * CVE-2018-5186 (bmo#1464872,bmo#1463329,bmo#1419373,bmo#1412882,
+ bmo#1413033,bmo#1444673,bmo#1454448,bmo#1453505,bmo#1438671)
+ Memory safety bugs fixed in Firefox 61
+ * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
+ bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
+ bmo#1463884)
+ Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
+ * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
+ bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
+ bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
+ bmo#1464079,bmo#1463494,bmo#1458048)
+ Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
+- requires NSS 3.37.3
+- requires python >= 3.5 to build
+- removed obsolete patches
+ mozilla-i586-DecoderDoctorLogger.patch
+ mozilla-i586-domPrefs.patch
+ mozilla-fix-skia-aarch64.patch
+ mozilla-bmo1375074.patch
+ mozilla-enable-csd.patch
+- patch for new no-return warnings (mozilla-no-return.patch)
+- do not disable system installed locales (mozilla-bmo1464766.patch)
+
+-------------------------------------------------------------------
+Fri Jun 8 10:52:13 UTC 2018 - bjorn.lie@gmail.com
+
+- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
+ conditional --disable-gconf to configure: no longer pull in
+ obsolete gconf2 for Tumbleweed.
+
+-------------------------------------------------------------------
+Thu Jun 7 12:11:06 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 60.0.2
+ * requires NSS 3.36.4
+ MFSA 2018-14 (bsc#1096449)
+ * CVE-2018-6126 (bmo#1462682)
+ Heap buffer overflow rasterizing paths in SVG with Skia
+
+-------------------------------------------------------------------
+Wed Jun 6 18:57:52 UTC 2018 - guillaume.gardet@opensuse.org
+
+- Add upstream patch to fix boo#1093059 instead of '-ffixed-x28'
+ workaround:
+ * mozilla-bmo1375074.patch
+
+-------------------------------------------------------------------
+Sat May 26 15:53:25 UTC 2018 - wr@rosenauer.org
+
+- fixed "open with" option under KDE (boo#1094747)
+- workaround crash on startup on aarch64 (boo#1093059)
+ (contributed by guillaume.gardet@arm.com)
+
+-------------------------------------------------------------------
+Wed May 23 08:49:09 UTC 2018 - guillaume.gardet@opensuse.org
+
+- Disable webrtc for aarch64 due to bmo#1434589
+- Add patch to fix skia build on AArch64:
+ * mozilla-fix-skia-aarch64.patch
+
+-------------------------------------------------------------------
+Thu May 17 14:01:18 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 60.0.1
+ * Avoid overly long cycle collector pauses with some add-ons installed
+ (bmo#1449033)
+ * After unckecking the "Sponsored Stories" option, the New Tab page
+ now immediately stops displaying "Sponsored content" cards (bmo#1458906)
+ * On touchscreen devices, fixed momentum scrolling on non-zoomable pages
+ (bmo#1457743)
+ * Use the right default background when opening tabs or windows in
+ high contrast mode (bmo#1458956)
+ * Restored translations of the Preferences panels when using a
+ language pack (bmo#1461590)
+
+-------------------------------------------------------------------
+Mon May 14 13:37:38 UTC 2018 - pcerny@suse.com
+
+- parellelise locales building
+
+-------------------------------------------------------------------
+Mon May 7 08:32:28 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 60.0
+ * Added a policy engine that allows customized Firefox deployments
+ in enterprise environments, using Windows Group Policy or a
+ cross-platform JSON file
+ * Applied Quantum CSS to render browser UI
+ * Added support for Web Authentication, allowing the use of USB
+ tokens for authentication to web sites
+ * Locale added: Occitan (oc)
+ MFSA 2018-11 (bsc#1092548)
+ * CVE-2018-5154 (bmo#1443092)
+ Use-after-free with SVG animations and clip paths
+ * CVE-2018-5155 (bmo#1448774)
+ Use-after-free with SVG animations and text paths
+ * CVE-2018-5157 (bmo#1449898)
+ Same-origin bypass of PDF Viewer to view protected PDF files
+ * CVE-2018-5158 (bmo#1452075)
+ Malicious PDF can inject JavaScript into PDF Viewer
+ * CVE-2018-5159 (bmo#1441941)
+ Integer overflow and out-of-bounds write in Skia
+ * CVE-2018-5160 (bmo#1436117)
+ Uninitialized memory use by WebRTC encoder
+ * CVE-2018-5152 (bmo#1415644, bmo#1427289)
+ WebExtensions information leak through webRequest API
+ * CVE-2018-5153 (bmo#1436809)
+ Out-of-bounds read in mixed content websocket messages
+ * CVE-2018-5163 (bmo#1426353)
+ Replacing cached data in JavaScript Start-up Bytecode Cache
+ * CVE-2018-5164 (bmo#1416045)
+ CSP not applied to all multipart content sent with
+ multipart/x-mixed-replace
+ * CVE-2018-5166 (bmo#1437325)
+ WebExtension host permission bypass through filterReponseData
+ * CVE-2018-5167 (bmo#1447969)
+ Improper linkification of chrome: and javascript: content in
+ web console and JavaScript debugger
+ * CVE-2018-5168 (bmo#1449548)
+ Lightweight themes can be installed without user interaction
+ * CVE-2018-5169 (bmo#1319157)
+ Dragging and dropping link text onto home button can set home page
+ to include chrome pages
+ * CVE-2018-5172 (bmo#1436482)
+ Pasted script from clipboard can run in the Live Bookmarks page
+ or PDF viewer
+ * CVE-2018-5173 (bmo#1438025)
+ File name spoofing of Downloads panel with Unicode characters
+ * CVE-2018-5174 (bmo#1447080) (Windows-only)
+ Windows Defender SmartScreen UI runs with less secure behavior
+ for downloaded files in Windows 10 April 2018 Update
+ * CVE-2018-5175 (bmo#1432358)
+ Universal CSP bypass on sites using strict-dynamic in their policies
+ * CVE-2018-5176 (bmo#1442840)
+ JSON Viewer script injection
+ * CVE-2018-5177 (bmo#1451908)
+ Buffer overflow in XSLT during number formatting
+ * CVE-2018-5165 (bmo#1451452)
+ Checkbox for enabling Flash protected mode is inverted in 32-bit
+ Firefox
+ * CVE-2018-5180 (bmo#1444086)
+ heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
+ * CVE-2018-5181 (bmo#1424107)
+ Local file can be displayed in noopener tab through drag and
+ drop of hyperlink
+ * CVE-2018-5182 (bmo#1435908)
+ Local file can be displayed from hyperlink dragged and dropped
+ on addressbar
+ * CVE-2018-5151
+ Memory safety bugs fixed in Firefox 60
+ * CVE-2018-5150
+ Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
+- removed obsolete patches
+ 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
+ mozilla-bmo1005535.patch
+- requires NSPR 4.19 and NSS 3.36.1
+- requires rust 1.24 or higher
+- use upstream source archive and detached signature for
+ source verification
+
+-------------------------------------------------------------------
+Thu May 3 14:33:37 UTC 2018 - guillaume.gardet@opensuse.org
+
+- Fix armv7 build by:
+ * adding RUSTFLAGS="-Cdebuginfo=0"
+ * updating _constraints for %arm
+
+-------------------------------------------------------------------
+Wed May 2 20:46:37 UTC 2018 - wr@rosenauer.org
+
+- do not try CSD on kwin (boo#1091592)
+- fix build in openSUSE:Leap:42.3:Update, use gcc7
+
+-------------------------------------------------------------------
+Tue May 1 14:26:24 UTC 2018 - astieger@suse.com
+
+- Mozilla Firefox 59.0.3:
+ * fixes for platforms other than GNU/Linux
+
+-------------------------------------------------------------------
+Fri Apr 20 12:31:52 UTC 2018 - mliska@suse.cz
+
+- Add 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
+ in order to fix boo#1090362.
+
+-------------------------------------------------------------------
+Mon Apr 2 00:55:45 UTC 2018 - badshah400@gmail.com
+
+- Add back mozilla-enable-csd.patch: New rebased version from
+ Fedora for version 59.0.x.
+
+-------------------------------------------------------------------
+Tue Mar 27 14:07:11 UTC 2018 - schwab@suse.de
+
+- Reduce constraints on aarch64
+
+-------------------------------------------------------------------
+Tue Mar 27 06:40:25 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 59.0.2
+ * Invalid page rendering with hardware acceleration enabled (bmo#1435472)
+ * Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites
+ that use those keys with resistFingerprinting enabled (bmo#1433592)
+ * High CPU / memory churn caused by third-party software on some
+ computers (bmo#1446280)
+ * Users who have configured an "automatic proxy configuration URL"
+ and want to reload their proxy settings from the URL will find
+ the Reload button disabled in the Connection Settings dialog when
+ they select Preferences/Options>Network Proxy>Settings... (bmo#1445991)
+ * URL Fragment Identifiers Break Service Worker Responses (bmo#1443850)
+ * User's trying to cancel a print around the time it completes will
+ continue to get intermittent crashes (bmo#1441598)
+ MFSA 2018-10 (bsc#1087059)
+ * CVE-2018-5148 (bmo#1440717)
+ Use-after-free in compositor
+- removed obsolete patch mozilla-bmo1446062.patch
+
+-------------------------------------------------------------------
+Wed Mar 21 17:14:24 UTC 2018 - cgrobertson@suse.com
+
+- Added patches:
+ * mozilla-i586-DecoderDoctorLogger.patch - bmo#1447070
+ fixes non-unified build error
+ * mozilla-i586-domPrefs.patch - DOMPrefs.h
+ fixes 32bit build error
+
+-------------------------------------------------------------------
+Fri Mar 16 06:40:11 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 59.0.1 (bsc#1085671)
+ MFSA 2018-08
+ * CVE-2018-5146 (bmo#1446062)
+ Vorbis audio processing out of bounds write
+ * CVE-2018-5147 (bmo#1446365)
+ Out of bounds memory write in libtremor
+ (mozilla-bmo1446062.patch)
+
+-------------------------------------------------------------------
+Wed Mar 14 19:27:07 UTC 2018 - cgrobertson@suse.com
+
+- Added patch:
+ * mozilla-bmo1005535.patch:
+ Enable skia_gpu on big endian platforms.
+
+-------------------------------------------------------------------
+Sun Mar 11 22:12:12 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 59.0
+ * Performance enhancements
+ * Drag-and-drop to rearrange Top Sites on the Firefox Home page
+ * added features for Firefox Screenshots
+ * Enhanced WebExtensions API
+ * Improved RTC capabilities
+ MFSA 2018-06 (bsc#1085130)
+ * CVE-2018-5127 (bmo#1430557)
+ Buffer overflow manipulating SVG animatedPathSegList
+ * CVE-2018-5128 (bmo#1431336)
+ Use-after-free manipulating editor selection ranges
+ * CVE-2018-5129 (bmo#1428947)
+ Out-of-bounds write with malformed IPC messages
+ * CVE-2018-5130 (bmo#1433005)
+ Mismatched RTP payload type can trigger memory corruption
+ * CVE-2018-5131 (bmo#1440775)
+ Fetch API improperly returns cached copies of no-store/no-cache resources
+ * CVE-2018-5132 (bmo#1408194)
+ WebExtension Find API can search privileged pages
+ * CVE-2018-5133 (bmo#1430511, bmo#1430974)
+ Value of the app.support.baseURL preference is not properly sanitized
+ * CVE-2018-5134 (bmo#1429379)
+ WebExtensions may use view-source: URLs to bypass content restrictions
+ * CVE-2018-5135 (bmo#1431371)
+ WebExtension browserAction can inject scripts into unintended contexts
+ * CVE-2018-5136 (bmo#1419166)
+ Same-origin policy violation with data: URL shared workers
+ * CVE-2018-5137 (bmo#1432870)
+ Script content can access legacy extension non-contentaccessible resources
+ * CVE-2018-5138 (bmo#1432624) (Android only)
+ Android Custom Tab address spoofing through long domain names
+ * CVE-2018-5140 (bmo#1424261)
+ Moz-icon images accessible to web content through moz-icon: protocol
+ * CVE-2018-5141 (bmo#1429093)
+ DOS attack through notifications Push API
+ * CVE-2018-5142 (bmo#1366357)
+ Media Capture and Streams API permissions display incorrect origin
+ with data: and blob: URLs
+ * CVE-2018-5143 (bmo#1422643)
+ Self-XSS pasting javascript: URL with embedded tab into addressbar
+ * CVE-2018-5126
+ Memory safety bugs fixed in Firefox 59
+ * CVE-2018-5125
+ Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
+- requires NSPR 4.18 and NSS 3.35
+- requires rust >= 1.22.1
+- removed obsolete patches:
+ mozilla-alsa-sandbox.patch
+ mozilla-enable-csd.patch
+ firefox-no-default-ualocale.patch
+- removed l10n_changesets.txt since same information is now in
+ Firefox source tree (updated create-tar.sh now requires jq)
+
+-------------------------------------------------------------------
+Fri Feb 9 13:37:46 UTC 2018 - astieger@suse.com
+
+- Mozilla Firefox 58.0.2:
+ * Blocklisted graphics drivers related to off main thread painting
+ crashes
+ * Fix tab crash during printing
+ * Fix clicking links and scrolling emails on Microsoft Hotmail
+ and Outlook (OWA) webmail
+
+-------------------------------------------------------------------
+Fri Feb 9 12:06:31 UTC 2018 - wr@rosenauer.org
+
+- correct requires and provides handling (boo#1076907)
+
+-------------------------------------------------------------------
+Tue Feb 6 07:03:42 UTC 2018 - fstrba@suse.com
+
+- Added patch:
+ * mozilla-alsa-sandbox.patch: Fix bmo#1430274, ALSA sound (still
+ or again?) not working in Firefox 58 due to sandboxing.
+
+-------------------------------------------------------------------
+Mon Jan 29 22:32:21 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 58.0.1
+ MFSA 2018-05
+ * Arbitrary code execution through unsanitized browser UI (bmo#1432966)
+- use correct language packs
+- readd mozilla-enable-csd.patch as it only lands for FF59 upstream
+- allow larger number of nested elements (mozilla-bmo256180.patch)
+
+-------------------------------------------------------------------
+Tue Jan 23 20:40:57 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 58.0 (bsc#1077291)
+ * Added Nepali (ne-NP) locale
+ * Added support for form autofill for credit card
+ * Optimize page load by caching JavaScript internal representation
+ MFSA 2018-02
+ * CVE-2018-5091 (bmo#1423086)
+ Use-after-free with DTMF timers
+ * CVE-2018-5092 (bmo#1418074)
+ Use-after-free in Web Workers
+ * CVE-2018-5093 (bmo#1415291)
+ Buffer overflow in WebAssembly during Memory/Table resizing
+ * CVE-2018-5094 (bmo#1415883)
+ Buffer overflow in WebAssembly with garbage collection on
+ uninitialized memory
+ * CVE-2018-5095 (bmo#1418447)
+ Integer overflow in Skia library during edge builder allocation
+ * CVE-2018-5097 (bmo#1387427)
+ Use-after-free when source document is manipulated during XSLT
+ * CVE-2018-5098 (bmo#1399400)
+ Use-after-free while manipulating form input elements
+ * CVE-2018-5099 (bmo#1416878)
+ Use-after-free with widget listener
+ * CVE-2018-5100 (bmo#1417405)
+ Use-after-free when IsPotentiallyScrollable arguments are freed
+ from memory
+ * CVE-2018-5101 (bmo#1417661)
+ Use-after-free with floating first-letter style elements
+ * CVE-2018-5102 (bmo#1419363)
+ Use-after-free in HTML media elements
+ * CVE-2018-5103 (bmo#1423159)
+ Use-after-free during mouse event handling
+ * CVE-2018-5104 (bmo#1425000)
+ Use-after-free during font face manipulation
+ * CVE-2018-5105 (bmo#1390882)
+ WebExtensions can save and execute files on local file system
+ without user prompts
+ * CVE-2018-5106 (bmo#1408708)
+ Developer Tools can expose style editor information cross-origin
+ through service worker
+ * CVE-2018-5107 (bmo#1379276)
+ Printing process will follow symlinks for local file access
+ * CVE-2018-5108 (bmo#1421099)
+ Manually entered blob URL can be accessed by subsequent private browsing tabs
+ * CVE-2018-5109 (bmo#1405599)
+ Audio capture prompts and starts with incorrect origin attribution
+ * CVE-2018-5110 (bmo#1423275) (affects only OS X)
+ Cursor can be made invisible on OS X
+ * CVE-2018-5111 (bmo#1321619)
+ URL spoofing in addressbar through drag and drop
+ * CVE-2018-5112 (bmo#1425224)
+ Extension development tools panel can open a non-relative URL in the panel
+ * CVE-2018-5113 (bmo#1425267)
+ WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow
+ * CVE-2018-5114 (bmo#1421324)
+ The old value of a cookie changed to HttpOnly remains accessible to scripts
+ * CVE-2018-5115 (bmo#1409449)
+ Background network requests can open HTTP authentication in unrelated foreground tabs
+ * CVE-2018-5116 (bmo#1396399)
+ WebExtension ActiveTab permission allows cross-origin frame content access
+ * CVE-2018-5117 (bmo#1395508)
+ URL spoofing with right-to-left text aligned left-to-right
+ * CVE-2018-5118 (bmo#1420049)
+ Activity Stream images can attempt to load local content through file:
+ * CVE-2018-5119 (bmo#1420507)
+ Reader view will load cross-origin content in violation of CORS headers
+ * CVE-2018-5121 (bmo#1402368) (affects only OS X)
+ OS X Tibetan characters render incompletely in the addressbar
+ * CVE-2018-5122 (bmo#1413841)
+ Potential integer overflow in DoCrypt
+ * CVE-2018-5090
+ Memory safety bugs fixed in Firefox 58
+ * CVE-2018-5089
+ Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
+- requires NSS 3.34.1
+- requires rust 1.21
+- removed obsolete patches:
+ mozilla-bindgen-systemlibs.patch
+ mozilla-bmo1360278.patch
+ mozilla-bmo1399611-csd.patch
+ mozilla-rust-1.23.patch
+- rebased patches
+- updated man-page
+
+-------------------------------------------------------------------
+Tue Jan 9 18:48:02 UTC 2018 - wr@rosenauer.org
+
+- fixed build with latest rust (mozilla-rust-1.23.patch)
+
+-------------------------------------------------------------------
+Thu Jan 4 12:23:41 UTC 2018 - wr@rosenauer.org
+
+- update to Firefox 57.0.4
+ MFSA 2018-1: Speculative execution side-channel attack ("Spectre")
+ (boo#1074723)
+
+-------------------------------------------------------------------
+Wed Jan 3 08:29:38 UTC 2018 - wr@rosenauer.org
+
+- fixed regression introduced Oct 10th which made Firefox crash
+ when cancelling the KDE file dialog (boo#1069962)
+
+-------------------------------------------------------------------
+Fri Dec 29 19:52:34 UTC 2017 - astieger@suse.com
+
+- Mozilla Firefox 57.0.3:
+ * Fix a crash reporting issue that inadvertently sends background
+ tab crash reports to Mozilla without user opt-in (bmo#1427111,
+ bsc#1074235)
+- Includes changes from 57.0.2:
+ * fixes for platforms other than GNU/Linux
+
+-------------------------------------------------------------------
+Fri Dec 8 15:52:17 UTC 2017 - dimstar@opensuse.org
+
+- Explicitly buildrequires python2-xml: The build system relies on
+ it. We wrongly relied on other packages pulling it in for us.
+
+-------------------------------------------------------------------
+Thu Dec 7 11:12:31 UTC 2017 - dimstar@opensuse.org
+
+- Escape the usage of %{VERSION} when calling out to rpm.
+ RPM 4.14 has %{VERSION} defined as 'the main packages version'.
+
+-------------------------------------------------------------------
+Wed Nov 29 23:45:03 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 57.0.1
+ * CVE-2017-7843: Web worker in Private Browsing mode can write
+ IndexedDB data (bsc#1072034, bmo#1410106)
+ * CVE-2017-7844: Visited history information leak through SVG
+ image (bsc#1072036, bmo#1420001)
+ * Fix a video color distortion issue on YouTube and other video
+ sites with some AMD devices (bmo#1417442)
+ * Fix an issue with prefs.js when the profile path has non-ascii
+ characters (bmo#1420427)
+
+-------------------------------------------------------------------
+Tue Nov 21 09:00:48 UTC 2017 - christophe@krop.fr
+
+- Add mozilla-bmo1360278.patch
+ Starting with Firefox 57, the context menu appears on key press.
+ This patch creates a config entry to restore the
+ old behaviour. Without the patch, the mouse gesture extensions
+ require 2 clicks to work (bmo#1360278).
+ The new config entry is named ui.context_menus.after_mouseup
+ (default : false).
+
+-------------------------------------------------------------------
+Sat Nov 18 08:35:21 UTC 2017 - wr@rosenauer.org
+
+- Allow experimental CSD for Gtk3 (bmo#1399611) if available and enabled
+ widget.allow-client-side-decoration=true
+ (mozilla-bmo1399611-csd.patch)
+
+-------------------------------------------------------------------
+Wed Nov 15 06:46:06 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 57.0 (boo#1068101)
+ * Firefox Quantum
+ * Photon UI
+ * Unified address and search bar
+ * AMD VP9 hardware video decoder support
+ * Added support for Date/Time input
+ * stricter security sandbox blocking filesystem reading and
+ writing on Linux systems
+ * middle mouse paste in the content area no longer navigates to
+ URLs by default on Unix systems
+ MFSA 2017-24
+ * CVE-2017-7828 (bmo#1406750. bmo#1412252)
+ Use-after-free of PressShell while restyling layout
+ * CVE-2017-7830 (bmo#1408990)
+ Cross-origin URL information leak through Resource Timing API
+ * CVE-2017-7831 (bmo#1392026)
+ Information disclosure of exposed properties on JavaScript proxy
+ objects
+ * CVE-2017-7832 (bmo#1408782)
+ Domain spoofing through use of dotless 'i' character followed
+ by accent markers
+ * CVE-2017-7833 (bmo#1370497)
+ Domain spoofing with Arabic and Indic vowel marker characters
+ * CVE-2017-7834 (bmo#1358009)
+ data: URLs opened in new tabs bypass CSP protections
+ * CVE-2017-7835 (bmo#1402363)
+ Mixed content blocking incorrectly applies with redirects
+ * CVE-2017-7836 (bmo#1401339)
+ Pingsender dynamically loads libcurl on Linux and OS X
+ * CVE-2017-7837 (bmo#1325923)
+ SVG loaded as <img> can use meta tags to set cookies
+ * CVE-2017-7838 (bmo#1399540)
+ Failure of individual decoding of labels in international domain
+ names triggers punycode display of entire IDN
+ * CVE-2017-7839 (bmo#1402896)
+ Control characters before javascript: URLs defeats self-XSS
+ prevention mechanism
+ * CVE-2017-7840 (bmo#1366420)
+ Exported bookmarks do not strip script elements from user-supplied
+ tags
+ * CVE-2017-7842 (bmo#1397064)
+ Referrer Policy is not always respected for <link> elements
+ * CVE-2017-7827
+ Memory safety bugs fixed in Firefox 57
+ * CVE-2017-7826
+ Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
+- requires NSPR 4.17, NSS 3.33 and rustc 1.19
+- rebased patches
+- added mozilla-bindgen-systemlibs.patch to allow stylo build
+ with system libs (bmo#1341234)
+- removed mozilla-language.patch since the whole locale code
+ changed in Firefox and is relying on ICU now
+- removed obsolete mozilla-ucontext.patch
+
+-------------------------------------------------------------------
+Sat Oct 28 06:30:37 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 56.0.2
+ * Disable Form Autofill completely on user request (bmo#1404531)
+ * Fix for video-related crashes on Windows 7 (bmo#1409141)
+ * Correct detection for 64-bit GSSAPI authentication (bmo#1409275)
+ * Fix for shutdown crash (bmo#1404105)
+
+-------------------------------------------------------------------
+Tue Oct 10 11:47:49 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 56.0.1
+ * Block D3D11 when using Intel drivers on Windows 7 systems with
+ partial AVX support (bmo#1403353)
+ -> just to sync the version number
+- enable stylo for TW (requires LLVM >= 3.9)
+- queue KDE filepicker requests to avoid non-opening file dialogs
+ happening in certain situations (contributed by Ignaz Forster)
+- the placeholder dot in KDE file dialog in case of empty filenames
+ was removed, apparently not required (anymore)
+ (contributed by Ignaz Forster)
+
+-------------------------------------------------------------------
+Sun Oct 1 18:25:16 UTC 2017 - stefan.bruens@rwth-aachen.de
+
+- Correct plugin directory for aarch64 (boo#1061207). The wrapper
+ script was not detecting aarch64 as a 64 bit architecture, thus
+ used /usr/lib/browser-plugins/.
+
+-------------------------------------------------------------------
+Sat Sep 30 20:10:50 UTC 2017 - zaitor@opensuse.org
+
+- Drop libgnomeui-devel, and replace it with pkgconfig(gconf-2.0),
+ pkgconfig(gtk+-2.0), pkgconfig(gtk+-unix-print-2.0),
+ pkgconfig(glib-2.0), pkgconfig(gobject-2.0) and
+ pkgconfig(gdk-x11-2.0) BuildRequires, align with what configure
+ looks for.
+
+-------------------------------------------------------------------
+Thu Sep 28 08:28:29 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 56.0 (boo#1060445)
+ * Firefox Screenshots
+ * Find Options/Preferences more quickly with new search function
+ * Media is no longer auto-played when opened in a background tab
+ * Enable CSS Grid Layout View
+ MFSA 2017-21
+ * CVE-2017-7793 (bmo#1371889)
+ Use-after-free with Fetch API
+ * CVE-2017-7817 (bmo#1356596) (Android-only)
+ Firefox for Android address bar spoofing through fullscreen mode
+ * CVE-2017-7818 (bmo#1363723)
+ Use-after-free during ARIA array manipulation
+ * CVE-2017-7819 (bmo#1380292)
+ Use-after-free while resizing images in design mode
+ * CVE-2017-7824 (bmo#1398381)
+ Buffer overflow when drawing and validating elements with ANGLE
+ * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement)
+ Use-after-free in TLS 1.2 generating handshake hashes
+ * CVE-2017-7812 (bmo#1379842)
+ Drag and drop of malicious page content to the tab bar can open locally stored files
+ * CVE-2017-7814 (bmo#1376036)
+ Blob and data URLs bypass phishing and malware protection warnings
+ * CVE-2017-7813 (bmo#1383951)
+ Integer truncation in the JavaScript parser
+ * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only)
+ OS X fonts render some Tibetan and Arabic unicode characters as spaces
+ * CVE-2017-7815 (bmo#1368981)
+ Spoofing attack with modal dialogs on non-e10s installations
+ * CVE-2017-7816 (bmo#1380597)
+ WebExtensions can load about: URLs in extension UI
+ * CVE-2017-7821 (bmo#1346515)
+ WebExtensions can download and open non-executable files without user interaction
+ * CVE-2017-7823 (bmo#1396320)
+ CSP sandbox directive did not create a unique origin
+ * CVE-2017-7822 (bmo#1368859)
+ WebCrypto allows AES-GCM with 0-length IV
+ * CVE-2017-7820 (bmo#1378207)
+ Xray wrapper bypass with new tab and web console
+ * CVE-2017-7811
+ Memory safety bugs fixed in Firefox 56
+ * CVE-2017-7810
+ Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
+- requires NSPR 4.16 and NSS 3.32.1
+- rebased patches
+
+-------------------------------------------------------------------
+Thu Sep 28 07:53:13 UTC 2017 - dimstar@opensuse.org
+
+- Add alsa-devel BuildRequires: we care for ALSA support to be
+ built and thus need to ensure we get the dependencies in place.
+ In the past, alsa-devel was pulled in by accident: we
+ buildrequire libgnome-devel. This required esound-devel and that
+ in turn pulled in alsa-devel for us. libgnome is being fixed to
+ no longer require esound-devel.
+
+-------------------------------------------------------------------
+Mon Sep 4 18:27:44 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 55.0.3
+ * Fix an issue with addons when using a path containing non-ascii
+ characters (bmo#1389160)
+ * Fix file uploads to some websites, including YouTube (bmo#1383518)
+- fix Google API key build integration
+- add mozilla-ucontext.patch to fix Tumbleweed build
+- do not enable XINPUT2 for now (boo#1053959)
+
+-------------------------------------------------------------------
+Fri Aug 11 08:32:30 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 55.0.1
+ * Fix a regression the tab restoration process (bmo#1388160)
+ * Fix a problem causing What's new pages not to be displayed (bmo#1386224)
+ * Fix a rendering issue with some PKCS#11 libraries (bmo#1388370)
+ * Disable the predictor prefetch (bmo#1388160)
+
+-------------------------------------------------------------------
+Sat Aug 5 13:22:16 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 55.0 (boo#1052829)
+ * Browsing sessions with a high number of tabs are now restored
+ in an instant
+ * Sidebar (bookmarks, history, synced tabs) can now be moved to
+ the right edge of the window
+ * Fine-tune your browser performance from the Preferences/Options page.
+ * Make screenshots of webpages, and save them locally or upload
+ them to the cloud. This feature will undergo A/B testing and
+ will not be visible for some users.
+ * Added Belarusian (be) locale
+ * Simplify print jobs from within print preview
+ * Use virtual reality devices with the web with the introduction
+ of WebVR
+ * Search suggestions are now enabled by default for users who
+ haven't explicitly opted-out
+ * Search with any installed search engine directly from the
+ location bar
+ * IMPORTANT: Breaking profile changes - do not downgrade Firefox
+ and use a profile that has been opened with Firefox 55+.
+ * The Adobe Flash plugin is now click-to-activate by default and
+ only allowed on http:// and https:// URL schemes. This change
+ will be rolled out progressively and so will not be visible to
+ all users immediately. For more information see the Firefox
+ plugin roadmap
+ * Modernized application update UI to be less intrusive and more
+ aligned with the rest of the browser. Only users who have not
+ restarted their browser 8 days after downloading an update or
+ users who opted out of automatic updates will see this change.
+ * Insecure sites can no longer access the Geolocation APIs to get
+ access to your physical location
+ * requires NSPR 4.15 and NSS 3.31
+ MFSA 2017-18
+ * CVE-2017-7798 (bmo#1371586, bmo#1372112)
+ XUL injection in the style editor in devtools
+ * CVE-2017-7800 (bmo#1374047)
+ Use-after-free in WebSockets during disconnection
+ * CVE-2017-7801 (bmo#1371259)
+ Use-after-free with marquee during window resizing
+ * CVE-2017-7809 (bmo#1380284)
+ Use-after-free while deleting attached editor DOM node
+ * CVE-2017-7784 (bmo#1376087)
+ Use-after-free with image observers
+ * CVE-2017-7802 (bmo#1378147)
+ Use-after-free resizing image elements
+ * CVE-2017-7785 (bmo#1356985)
+ Buffer overflow manipulating ARIA attributes in DOM
+ * CVE-2017-7786 (bmo#1365189)
+ Buffer overflow while painting non-displayable SVG
+ * CVE-2017-7806 (bmo#1378113)
+ Use-after-free in layer manager with SVG
+ * CVE-2017-7753 (bmo#1353312)
+ Out-of-bounds read with cached style data and pseudo-elements#
+ * CVE-2017-7787 (bmo#1322896)
+ Same-origin policy bypass with iframes through page reloads
+ * CVE-2017-7807 (bmo#1376459)
+ Domain hijacking through AppCache fallback
+ * CVE-2017-7792 (bmo#1368652)
+ Buffer overflow viewing certificates with an extremely long OID
+ * CVE-2017-7804 (bmo#1372849)
+ Memory protection bypass through WindowsDllDetourPatcher
+ * CVE-2017-7791 (bmo#1365875)
+ Spoofing following page navigation with data: protocol and modal alerts
+ * CVE-2017-7808 (bmo#1367531)
+ CSP information leak with frame-ancestors containing paths
+ * CVE-2017-7782 (bmo#1344034)
+ WindowsDllDetourPatcher allocates memory without DEP protections
+ * CVE-2017-7781 (bmo#1352039)
+ Elliptic curve point addition error when using mixed Jacobian-affine coordinates
+ * CVE-2017-7794 (bmo#1374281)
+ Linux file truncation via sandbox broker
+ * CVE-2017-7803 (bmo#1377426)
+ CSP containing 'sandbox' improperly applied
+ * CVE-2017-7799 (bmo#1372509)
+ Self-XSS XUL injection in about:webrtc
+ * CVE-2017-7783 (bmo#1360842)
+ DOS attack through long username in URL
+ * CVE-2017-7788 (bmo#1073952)
+ Sandboxed about:srcdoc iframes do not inherit CSP directives
+ * CVE-2017-7789 (bmo#1074642)
+ Failure to enable HSTS when two STS headers are sent for a connection
+ * CVE-2017-7790 (bmo#1350460) (Windows-only)
+ Windows crash reporter reads extra memory for some non-null-terminated registry values
+ * CVE-2017-7796 (bmo#1234401) (Windows-only)
+ Windows updater can delete any file named update.log
+ * CVE-2017-7797 (bmo#1334776)
+ Response header name interning leaks across origins
+ * CVE-2017-7780
+ Memory safety bugs fixed in Firefox 55
+ * CVE-2017-7779
+ Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
+- updated mozilla-kde.patch:
+ * removed "downloadfinished" alert as Firefox reimplemented the
+ whole thing (TODO: check if there is another function we should
+ hook in)
+
+-------------------------------------------------------------------
+Tue Jul 4 20:08:47 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 54.0.1
+ * Fix a display issue of tab title (bmo#1357656)
+ * Fix a display issue of opening new tab (bmo#1371995)
+ * Fix a display issue when opening multiple tabs (bmo#1371962)
+ * Fix a tab display issue when downloading files (bmo#1373109)
+ * Fix a PDF printing issue (bmo#1366744)
+ * Fix a Netflix issue on Linux (bmo#1375708)
+
+-------------------------------------------------------------------
+Thu Jun 15 13:56:05 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 54.0
+ * Clearer and more detailed information for download items in the
+ download panel
+ * Added Burmese (my) locale
+ * Bookmarks created on mobile devices are now shown in
+ "Mobile Bookmarks” folder in the drop down list from the toolbar
+ and Bookmarks option in the menu bar in Desktop Firefox
+ * added support for multiple content processes (e10s-multi)
+- requires NSPR 4.14 and NSS 3.30.2
+- requires rust 1.15.1
+- removed mozilla-shared-nss-db.patch as it seems to be a rather
+ unused feature
+
+-------------------------------------------------------------------
+Thu Jun 1 04:25:05 UTC 2017 - kah0922@gmail.com
+
+- remove -fno-inline-small-functions and explicitely optimize with
+ -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105)
+
+-------------------------------------------------------------------
+Wed Apr 26 12:37:38 UTC 2017 - wr@rosenauer.org
+
+- switch to Mozilla's geolocation service (boo#1026989)
+- removed mozilla-preferences.patch obsoleted by overriding via
+ firefox.js
+- fixed KDE integration to avoid crash caused by filepicker
+ (boo#1015998)
+
+-------------------------------------------------------------------
+Mon Apr 17 12:52:10 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 53.0
+ * requires NSS 3.29.5
+ * Lightweight themes are now applied in private browsing windows
+ * Reader Mode now displays estimated reading time for the page
+ * Two new 'compact' themes available in Firefox, dark and light,
+ based on the Firefox Developer Edition theme
+ * Ended Firefox Linux support for processors older than Pentium 4
+ and AMD Opteron
+ * Refresh of the media controls user interface
+ * Shortened titles on tabs are faded out instead of using ellipsis
+ for improved readability
+ * Media playback on new tabs is blocked until the tab is visible
+ * Permission notifications have a cleaner design and cannot be
+ easily missed
+ MFSA 2017-10
+ * CVE-2017-5456 (bmo#1344415)
+ Sandbox escape allowing local file system access
+ * CVE-2017-5442 (bmo#1347979)
+ Use-after-free during style changes
+ * CVE-2017-5443 (bmo#1342661)
+ Out-of-bounds write during BinHex decoding
+ * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894,
+ bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088)
+ Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
+ Firefox ESR 52.1
+ * CVE-2017-5464 (bmo#1347075)
+ Memory corruption with accessibility and DOM manipulation
+ * CVE-2017-5465 (bmo#1347617)
+ Out-of-bounds read in ConvolvePixel
+ * CVE-2017-5466 (bmo#1353975)
+ Origin confusion when reloading isolated data:text/html URL
+ * CVE-2017-5467 (bmo#1347262)
+ Memory corruption when drawing Skia content
+ * CVE-2017-5460 (bmo#1343642)
+ Use-after-free in frame selection
+ * CVE-2017-5461 (bmo#1344380)
+ Out-of-bounds write in Base64 encoding in NSS
+ * CVE-2017-5448 (bmo#1346648)
+ Out-of-bounds write in ClearKeyDecryptor
+ * CVE-2017-5449 (bmo#1340127)
+ Crash during bidirectional unicode manipulation with animation
+ * CVE-2017-5446 (bmo#1343505)
+ Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
+ * CVE-2017-5447 (bmo#1343552)
+ Out-of-bounds read during glyph processing
+ * CVE-2017-5444 (bmo#1344461)
+ Buffer overflow while parsing application/http-index-format content
+ * CVE-2017-5445 (bmo#1344467)
+ Uninitialized values used while parsing application/http-index-format
+ content
+ * CVE-2017-5468 (bmo#1329521)
+ Incorrect ownership model for Private Browsing information
+ * CVE-2017-5469 (bmo#1292534)
+ Potential Buffer overflow in flex-generated code
+ * CVE-2017-5440 (bmo#1336832)
+ Use-after-free in txExecutionState destructor during XSLT processing
+ * CVE-2017-5441 (bmo#1343795)
+ Use-after-free with selection during scroll events
+ * CVE-2017-5439 (bmo#1336830)
+ Use-after-free in nsTArray Length() during XSLT processing
+ * CVE-2017-5438 (bmo#1336828)
+ Use-after-free in nsAutoPtr during XSLT processing
+ * CVE-2017-5437 (bmo#1343453)
+ Vulnerabilities in Libevent library
+ * CVE-2017-5436 (bmo#1345461)
+ Out-of-bounds write with malicious font in Graphite 2
+ * CVE-2017-5435 (bmo#1350683)
+ Use-after-free during transaction processing in the editor
+ * CVE-2017-5434 (bmo#1349946)
+ Use-after-free during focus handling
+ * CVE-2017-5433 (bmo#1347168)
+ Use-after-free in SMIL animation functions
+ * CVE-2017-5432 (bmo#1346654)
+ Use-after-free in text input selection
+ * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482,
+ bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686,
+ bmo#1346140, bmo#1346419, bmo#1348143, bmo#1349621,
+ bmo#1349719, bmo#1353476)
+ Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
+ * CVE-2017-5459 (bmo#1333858)
+ Buffer overflow in WebGL
+ * CVE-2017-5458 (bmo#1229426)
+ Drag and drop of javascript: URLs can allow for self-XSS
+ * CVE-2017-5455 (bmo#1341191)
+ Sandbox escape through internal feed reader APIs
+ * CVE-2017-5454 (bmo#1349276)
+ Sandbox escape allowing file system read access through file picker
+ * CVE-2017-5451 (bmo#1273537)
+ Addressbar spoofing with onblur event
+ * CVE-2017-5453 (bmo#1321247)
+ HTML injection into RSS Reader feed preview page through
+ TITLE element
+ * CVE-2017-5462 (bmo#1345089)
+ DRBG flaw in NSS
+- removed browser(npapi) provides as these plugins are deprecated
+- switch used compiler to gcc5 (FF requires gcc >= 4.9 now) for
+ Leap 42
+- Gtk2 is not longer an option; switched to Gtk3
+- apply MOZ_USE_XINPUT2=1 for better touchpad and touchscreen support
+ (boo#1032003)
+
+-------------------------------------------------------------------
+Mon Apr 3 06:16:26 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 52.0.2
+ * Use Nirmala UI as fallback font for additional Indic languages (bmo#1342787)
+ * Fix loading tab icons on session restore (bmo#1338009)
+ * Fix a crash on startup on Linux (bmo#1345413)
+ * Fix new installs erroneously not prompting to change the default
+ browser setting (bmo#1343938)
+
+-------------------------------------------------------------------
+Mon Mar 20 15:35:57 UTC 2017 - wr@rosenauer.org
+
+- disable rust usage for everything but x86(-64)
+- explicitely add libffi build requirement
+
+-------------------------------------------------------------------
+Fri Mar 17 15:43:29 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 52.0.1 (boo#1029822)
+ MFSA 2017-08
+ CVE-2017-5428: integer overflow in createImageBitmap() (bmo#1348168)
+
+-------------------------------------------------------------------
+Thu Mar 9 12:30:14 UTC 2017 - wr@rosenauer.org
+
+- reenable ALSA support which was removed by default upstream
+
+-------------------------------------------------------------------
+Sat Mar 4 16:57:45 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 52.0 (boo#1028391)
+ * requires NSS >= 3.28.3
+ * Pages containing insecure password fields now display a warning
+ directly within username and password fields.
+ * Send and open a tab from one device to another with Sync
+ * Removed NPAPI support for plugins other than Flash. Silverlight,
+ Java, Acrobat and the like are no longer supported.
+ * Removed Battery Status API to reduce fingerprinting of users by
+ trackers
+ * MFSA 2017-05
+ CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
+ (bmo#1334933)
+ CVE-2017-5401: Memory Corruption when handling ErrorResult
+ (bmo#1328861)
+ CVE-2017-5402: Use-after-free working with events in FontFace
+ objects (bmo#1334876)
+ CVE-2017-5403: Use-after-free using addRange to add range to an
+ incorrect root object (bmo#1340186)
+ CVE-2017-5404: Use-after-free working with ranges in selections
+ (bmo#1340138)
+ CVE-2017-5406: Segmentation fault in Skia with canvas operations
+ (bmo#1306890)
+ CVE-2017-5407: Pixel and history stealing via floating-point
+ timing side channel with SVG filters (bmo#1336622)
+ CVE-2017-5410: Memory corruption during JavaScript garbage
+ collection incremental sweeping (bmo#1330687)
+ CVE-2017-5408: Cross-origin reading of video captions in violation
+ of CORS (bmo#1313711)
+ CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
+ CVE-2017-5413: Segmentation fault during bidirectional operations
+ (bmo#1337504)
+ CVE-2017-5414: File picker can choose incorrect default directory
+ (bmo#1319370)
+ CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719)
+ CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
+ CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
+ (bmo#791597)
+ CVE-2017-5426: Gecko Media Plugin sandbox is not started if
+ seccomp-bpf filter is running (bmo#1257361)
+ CVE-2017-5427: Non-existent chrome.manifest file loaded during
+ startup (bmo#1295542)
+ CVE-2017-5418: Out of bounds read when parsing HTTP digest
+ authorization responses (bmo#1338876)
+ CVE-2017-5419: Repeated authentication prompts lead to DOS
+ attack (bmo#1312243)
+ CVE-2017-5420: Javascript: URLs can obfuscate addressbar
+ location (bmo#1284395)
+ CVE-2017-5405: FTP response codes can cause use of
+ uninitialized values for ports (bmo#1336699)
+ CVE-2017-5421: Print preview spoofing (bmo#1301876)
+ CVE-2017-5422: DOS attack by using view-source: protocol
+ repeatedly in one hyperlink (bmo#1295002)
+ CVE-2017-5399: Memory safety bugs fixed in Firefox 52
+ CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
+ Firefox ESR 45.8
+- removed obsolete patches
+ * mozilla-binutils-visibility.patch
+ * mozilla-check_return.patch
+ * mozilla-disable-skia-be.patch
+ * mozilla-skia-overflow.patch
+ * mozilla-skia-ppc-endianess.patch
+- rebased patches
+- enable rust usage for Tumbleweed
+
+-------------------------------------------------------------------
+Fri Jan 27 20:25:59 UTC 2017 - astieger@suse.com
+
+- Mozilla Firefox 51.0.1:
+ - Multiprocess incompatibility did not correctly register with
+ some add-ons (bmo#1333423)
+
+-------------------------------------------------------------------
+Fri Jan 20 13:57:56 UTC 2017 - wr@rosenauer.org
+
+- update to Firefox 51.0
+ * requires NSPR >= 4.13.1, NSS >= 3.28.1
+ * Added support for FLAC (Free Lossless Audio Codec) playback
+ * Added support for WebGL 2
+ * Added Georgian (ka) and Kabyle (kab) locales
+ * Support saving passwords for forms without 'submit' events
+ * Improved video performance for users without GPU acceleration
+ * Zoom indicator is shown in the URL bar if the zoom level is not
+ at default level
+ * View passwords from the prompt before saving them
+ * Remove Belarusian (be) locale
+ * Use Skia for content rendering (Linux)
+ * MFSA 2017-01
+ CVE-2017-5375: Excessive JIT code allocation allows bypass of
+ ASLR and DEP (bmo#1325200, boo#1021814)
+ CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
+ CVE-2017-5377: Memory corruption with transforms to create
+ gradients in Skia (bmo#1306883, boo#1021826)
+ CVE-2017-5378: Pointer and frame data leakage of Javascript objects
+ (bmo#1312001, bmo#1330769, boo#1021818)
+ CVE-2017-5379: Use-after-free in Web Animations
+ (bmo#1309198,boo#1021827)
+ CVE-2017-5380: Potential use-after-free during DOM manipulations
+ (bmo#1322107, boo#1021819)
+ CVE-2017-5390: Insecure communication methods in Developer Tools
+ JSON viewer (bmo#1297361, boo#1021820)
+ CVE-2017-5389: WebExtensions can install additional add-ons via
+ modified host requests (bmo#1308688, boo#1021828)
+ CVE-2017-5396: Use-after-free with Media Decoder
+ (bmo#1329403, boo#1021821)
+ CVE-2017-5381: Certificate Viewer exporting can be used to navigate
+ and save to arbitrary filesystem locations
+ (bmo#1017616, boo#1021830)
+ CVE-2017-5382: Feed preview can expose privileged content errors
+ and exceptions (bmo#1295322, boo#1021831)
+ CVE-2017-5383: Location bar spoofing with unicode characters
+ (bmo#1323338, bmo#1324716, boo#1021822)
+ CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
+ (bmo#1255474, boo#1021832)
+ CVE-2017-5385: Data sent in multipart channels ignores referrer-policy
+ response headers (bmo#1295945, boo#1021833)
+ CVE-2017-5386: WebExtensions can use data: protocol to affect other
+ extensions (bmo#1319070, boo#1021823)
+ CVE-2017-5394: Android location bar spoofing using fullscreen and
+ JavaScript events (bmo#1222798)
+ CVE-2017-5391: Content about: pages can load privileged about: pages
+ (bmo#1309310, boo#1021835)
+ CVE-2017-5392: Weak references using multiple threads on weak proxy
+ objects lead to unsafe memory usage (bmo#1293709)
+ (Android only)
+ CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for
+ mozAddonManager (bmo#1309282, boo#1021837)
+ CVE-2017-5395: Android location bar spoofing during scrolling
+ (bmo#1293463) (Android only)
+ CVE-2017-5387: Disclosure of local file existence through TRACK
+ tag error messages (bmo#1295023, boo#1021839)
+ CVE-2017-5388: WebRTC can be used to generate a large amount of
+ UDP traffic for DDOS attacks
+ (bmo#1281482, boo#1021840)
+ CVE-2017-5374: Memory safety bugs fixed in Firefox 51 (boo#1021841)
+ CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and
+ Firefox ESR 45.7 (boo#1021824)
+- switch Firefox to Gtk3 for Tumbleweed
+- removed obsolete patches
+ * mozilla-flex_buffer_overrun.patch
+- updated RPM locale support tag
+- improve recognition of LANGUAGE env variable (boo#1017174)
+- add upstream patch to fix PPC64LE (bmo#1319389)
+ (mozilla-skia-ppc-endianess.patch)
+- fix build without skia (big endian archs) (bmo#1319374)
+ (mozilla-disable-skia-be.patch)
+
+-------------------------------------------------------------------
+Mon Dec 12 21:18:41 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 50.1.0 (boo#1015422)
+ * MFSA 2016-94
+ CVE-2016-9894: Buffer overflow in SkiaGL (bmo#1306628)
+ CVE-2016-9899: Use-after-free while manipulating DOM events and
+ audio elements (bmo#1317409)
+ CVE-2016-9895: CSP bypass using marquee tag (bmo#1312272)
+ CVE-2016-9896: Use-after-free with WebVR (bmo#1315543)
+ CVE-2016-9897: Memory corruption in libGLES (bmo#1301381)
+ CVE-2016-9898: Use-after-free in Editor while manipulating
+ DOM subtrees (bmo#1314442)
+ CVE-2016-9900: Restricted external resources can be loaded by
+ SVG images through data URLs (bmo#1319122)
+ CVE-2016-9904: Cross-origin information leak in shared atoms
+ (bmo#1317936)
+ CVE-2016-9901: Data from Pocket server improperly sanitized
+ before execution (bmo#1320057)
+ CVE-2016-9902: Pocket extension does not validate the origin
+ of events (bmo#1320039)
+ CVE-2016-9903: XSS injection vulnerability in add-ons SDK
+ (bmo#1315435)
+ CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1
+ CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and
+ Firefox ESR 45.6
+
+-------------------------------------------------------------------
+Fri Dec 9 17:57:22 UTC 2016 - cgrobertson@novell.com
+
+- added patch mozilla-aarch64-startup-crash.patch (bsc#1011922)
+
+-------------------------------------------------------------------
+Thu Dec 1 02:49:45 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 50.0.2
+ * Firefox crashes with 3rd party Chinese IME when using IME text
+ (50.0.1)
+ security fixes (in 50.0.1): (boo#1012807)
+ * MFSA 2016-91
+ CVE-2016-9078: data: URL can inherit wrong origin after an
+ HTTP redirect (bmo#1317641)
+ security fixes (in 50.0.2) (boo#1012964)
+ * MFSA 2016-92
+ CVE-2016-9079: Use-after-free in SVG Animation (bmo#1321066)
+
+-------------------------------------------------------------------
+Mon Nov 14 21:07:03 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 50.0 (boo#1009026)
+ * requires NSS 3.26.2
+ new features
+ * Updates to keyboard shortcuts
+ Set a preference to have Ctrl+Tab cycle through tabs in recently
+ used order
+ View a page in Reader Mode by using Ctrl+Alt+R
+ * Added option to Find in page that allows users to limit search to
+ whole words only
+ * Added download protection for a large number of executable file
+ types on Windows, Mac and Linux
+ * Fixed rendering of dashed and dotted borders with rounded corners
+ (border-radius)
+ * Added a built-in Emoji set for operating systems without native
+ Emoji fonts (Windows 8.0 and lower and Linux)
+ * Blocked versions of libavcodec older than 54.35.1
+ * additional locale
+ security fixes:
+ * MFSA 2016-89
+ CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
+ (bmo#1292443)
+ CVE-2016-5292: URL parsing causes crash (bmo#1288482)
+ CVE-2016-5293: Write to arbitrary file with updater and moz
+ maintenance service using updater.log hardlink
+ (Windows only) (bmo#1246945)
+ CVE-2016-5294: Arbitrary target directory for result files of
+ update process (Windows only) (bmo#1246972)
+ CVE-2016-5297: Incorrect argument length checking in Javascript
+ (bmo#1303678)
+ CVE-2016-9064: Addons update must verify IDs match between
+ current and new versions (bmo#1303418)
+ CVE-2016-9065: Firefox for Android location bar spoofing usingfullscreen
+ (Android only) (bmo#1306696)
+ CVE-2016-9066: Integer overflow leading to a buffer overflow in
+ nsScriptLoadHandler (bmo#1299686)
+ CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
+ (bmo#1301777, bmo#1308922 (CVE-2016-9069))
+ CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)
+ CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
+ (bmo#1300083) (Windows only)
+ CVE-2016-9075: WebExtensions can access the mozAddonManager API
+ and use it to gain elevated privileges (bmo#1295324)
+ CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied
+ to cross-origin images, allowing timing attacks on them
+ (bmo#1298552)
+ CVE-2016-5291: Same-origin policy violation using local HTML file
+ and saved shortcut file (bmo#1292159)
+ CVE-2016-5295: Mozilla Maintenance Service: Ability to read
+ arbitrary files as SYSTEM (Windows only) (bmo#1247239)
+ CVE-2016-5298: SSL indicator can mislead the user about the real
+ URL visited (bmo#1227538) (Android only)
+ CVE-2016-5299: Firefox AuthToken in broadcast protected with
+ signature-level permission can be accessed by an
+ application installed beforehand that defines the
+ same permissions (bmo#1245791) (Android only)
+ CVE-2016-9061: API Key (glocation) in broadcast protected with
+ signature-level permission can be accessed by an
+ application installed beforehand that defines the
+ same permissions (Android only) (bmo#1245795)
+ CVE-2016-9062: Private browsing browser traces (android) in
+ browser.db and wal file (Android only) (bmo#1294438)
+ CVE-2016-9070: Sidebar bookmark can have reference to chrome window
+ (bmo#1281071)
+ CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
+ (bmo#1289273)
+ CVE-2016-9074: Insufficient timing side-channel resistance in
+ divSpoiler (bmo#1293334) (fixed via NSS 3.26.1)
+ CVE-2016-9076: select dropdown menu can be used for URL bar
+ spoofing on e10s (bmo#1276976)
+ CVE-2016-9063: Possible integer overflow to fix inside XML_Parse
+ in expat (bmo#1274777)
+ CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
+ (bmo#1285003)
+ CVE-2016-5289: Memory safety bugs fixed in Firefox 50
+ CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
+- make aarch64 build more similar to x86_64 build (remove conditionals
+ that don't seem to be necessary anymore)
+
+-------------------------------------------------------------------
+Mon Oct 24 09:41:17 UTC 2016 - astieger@suse.com
+
+- Mozilla Firefox 49.0.2:
+ * CVE-2016-5287: Crash in nsTArray_base (bsc#1006475)
+ * CVE-2016-5288: Web content can read cache entries (bsc#1006476)
+ * Asynchronous rendering of the Flash plugins is now enabled by
+ default
+ * Change D3D9 default fallback preference to prevent graphical
+ artifacts
+ * Network issue prevents some users from seeing the Firefox UI on
+ startup
+ * Web compatibility issue with file uploads
+ * Web compatibility issue with Array.prototype.values
+ * Diagnostic information on timing for tab switching
+ * Fix a Canvas filters graphics issue affecting HTML5 apps
+
+-------------------------------------------------------------------
+Wed Oct 12 20:42:28 UTC 2016 - badshah400@gmail.com
+
+- Drop mozilla-gtk3_20.patch; obsoleted by Firefox version 49.0
+ and fixes have been incorporated by upstream.
+
+-------------------------------------------------------------------
+Fri Sep 23 20:36:39 UTC 2016 - astieger@suse.com
+
+- Mozilla Firefox 49.0.1:
+ * Mitigate a startup crash issue caused by Websense - bmo#1304783
+
+-------------------------------------------------------------------
+Tue Sep 20 07:09:52 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 49.0 (boo#999701)
+ new features
+ * Updated Firefox Login Manager to allow HTTPS pages to use saved
+ HTTP logins.
+ * Added features to Reader Mode that make it easier on the eyes and
+ the ears
+ * Improved video performance for users on systems that support
+ SSE3 without hardware acceleration
+ * Added context menu controls to HTML5 audio and video that let users
+ loops files or play files at 1.25x speed
+ * Improvements in about:memory reports for tracking font memory usage
+ security related
+ * MFSA 2016-85
+ CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
+ mozilla::net::IsValidReferrerPolicy
+ CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
+ nsCaseTransformTextRunFactory::TransformString
+ CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
+ PropertyProvider::GetSpacingInternal
+ CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
+ CVE-2016-5273 (bmo#1280387) - crash in
+ mozilla::a11y::HyperTextAccessible::GetChildOffset
+ CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
+ mozilla::a11y::DocAccessible::ProcessInvalidationList
+ CVE-2016-5274 (bmo#1282076) - use-after-free in
+ nsFrameManager::CaptureFrameState
+ CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
+ CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
+ mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
+ CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
+ nsBMPEncoder::AddImageFrame
+ CVE-2016-5279 (bmo#1249522) - Full local path of files is available
+ to web pages after drag and drop
+ CVE-2016-5280 (bmo#1289970) - Use-after-free in
+ mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
+ CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength
+ CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons
+ from non-whitelisted schemes
+ CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can
+ reveal cross-origin data
+ CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration
+ CVE-2016-5256 - Memory safety bugs fixed in Firefox 49
+ CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
+- removed obsolete patches:
+ * mozilla-aarch64-48bit-va.patch
+ * mozilla-exclude-nametablecpp.patch
+ * mozilla-old_configure-bmo1282843.patch
+- added patch mozilla-skia-overflow.patch (bmo#1304114)
+- requires NSS 3.25
+
+-------------------------------------------------------------------
+Tue Aug 30 20:25:38 UTC 2016 - astieger@suse.com
+
+- Mozilla Firefox 48.0.2:
+ * Mitigate a startup crash issue caused on Windows (bmo#1291738)
+
+-------------------------------------------------------------------
+Sat Aug 20 10:58:26 UTC 2016 - astieger@suse.com
+
+- Mozilla Firefox 48.0.1:
+ * Fix an audio regression impacting some major websites
+ (bmo#1295296)
+ * Fix a top crash in the JavaScript engine (bmo#1290469)
+ * Fix a startup crash issue caused by Websense (bmo#1291738)
+ * Fix a different behavior with e10s / non-e10s on <select> and
+ mouse events (bmo#1291078)
+ * Fix a top crash caused by plugin issues (bmo#1264530)
+ * Fix a shutdown issue (bmo#1276920)
+ * Fix a crash in WebRTC
+
+-------------------------------------------------------------------
+Mon Aug 15 11:24:00 UTC 2016 - wr@rosenauer.org
+
+- added upstream patch so system plugins/extensions are correctly
+ loaded again on x86-64 (bmo#1282843)
+ (mozilla-old_configure-bmo1282843.patch)
+
+-------------------------------------------------------------------
+Fri Aug 5 13:47:12 UTC 2016 - pcerny@suse.com
+
+- Fix for possible buffer overrun (bsc#990856)
+ CVE-2016-6354 (bmo#1292534)
+ [mozilla-flex_buffer_overrun.patch]
+
+-------------------------------------------------------------------
+Wed Aug 3 03:38:47 UTC 2016 - badshah400@gmail.com
+
+- Update mozilla-gtk3_20.patch to latest version from Fedora.
+
+-------------------------------------------------------------------
+Mon Aug 1 12:37:05 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 48.0 (boo#991809)
+ * requires NSS 3.24
+ * Process separation (e10s) is enabled for some of you
+ * Add-ons that have not been verified and signed by Mozilla will not load
+ * WebRTC embetterments
+ * The media parser has been redeveloped using the Rust programming
+ language
+ * better Canvas performance with speedy Skia support
+ security fixes:
+ * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836
+ Miscellaneous memory safety hazards
+ * MFSA 2016-63/CVE-2016-2830 (bmo#1255270)
+ Favicon network connection can persist when page is closed
+ * MFSA 2016-64/CVE-2016-2838 (bmo#1279814)
+ Buffer overflow rendering SVG with bidirectional content
+ * MFSA 2016-65/CVE-2016-2839 (bmo#1275339)
+ Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
+ * MFSA 2016-66/CVE-2016-5251 (bmo#1255570)
+ Location bar spoofing via data URLs with malformed/invalid mediatypes
+ * MFSA 2016-67/CVE-2016-5252 (bmo#1268854)
+ Stack underflow during 2D graphics rendering
+ * MFSA 2016-68/CVE-2016-0718 (bmo#1236923)
+ Out-of-bounds read during XML parsing in Expat library
+ * MFSA 2016-69/CVE-2016-5253 (bmo#1246944)
+ Arbitrary file manipulation by local user through Mozilla updater
+ and callback application path parameter (Windows-only)
+ * MFSA 2016-70/CVE-2016-5254 (bmo#1266963)
+ Use-after-free when using alt key and toplevel menus
+ * MFSA 2016-71/CVE-2016-5255 (bmo#1212356)
+ Crash in incremental garbage collection in JavaScript
+ * MFSA 2016-72/CVE-2016-5258 (bmo#1279146)
+ Use-after-free in DTLS during WebRTC session shutdown
+ * MFSA 2016-73/CVE-2016-5259 (bmo#1282992)
+ Use-after-free in service workers with nested sync events
+ * MFSA 2016-74/CVE-2016-5260 (bmo#1280294)
+ Form input type change from password to text can store plain
+ text password in session restore file
+ * MFSA 2016-75/CVE-2016-5261 (bmo#1287266)
+ Integer overflow in WebSockets during data buffering
+ * MFSA 2016-76/CVE-2016-5262 (bmo#1277475)
+ Scripts on marquee tag can execute in sandboxed iframes
+ * MFSA 2016-77/CVE-2016-2837 (bmo#1274637)
+ Buffer overflow in ClearKey Content Decryption Module (CDM)
+ during video playback
+ * MFSA 2016-78/CVE-2016-5263 (bmo#1276897)
+ Type confusion in display transformation
+ * MFSA 2016-79/CVE-2016-5264 (bmo#1286183)
+ Use-after-free when applying SVG effects
+ * MFSA 2016-80/CVE-2016-5265 (bmo#1278013)
+ Same-origin policy violation using local HTML file and saved shortcut file
+ * MFSA 2016-81/CVE-2016-5266 (bmo#1226977)
+ Information disclosure and local file manipulation through drag and drop
+ * MFSA 2016-82/CVE-2016-5267 (bmo#1284372)
+ Addressbar spoofing with right-to-left characters on Firefox for Android
+ (Android only)
+ * MFSA 2016-83/CVE-2016-5268 (bmo#1253673)
+ Spoofing attack through text injection into internal error pages
+ * MFSA 2016-84/CVE-2016-5250 (bmo#1254688)
+ Information disclosure through Resource Timing API during page navigation
+- removed obsolete mozilla-gcc6.patch
+
+-------------------------------------------------------------------
+Fri Jul 29 01:26:13 UTC 2016 - badshah400@gmail.com
+
+- Update description and screenshots in appdata.xml file.
+
+-------------------------------------------------------------------
+Sat Jul 23 20:13:08 UTC 2016 - antoine.belvire@laposte.net
+
+- Fix Firefox crash on startup on i586 (boo#986541):
+ * Add -fno-delete-null-pointer-checks and
+ -fno-inline-small-functions to CFLAGS
+
+-------------------------------------------------------------------
+Tue Jul 19 20:12:11 UTC 2016 - mailaender@opensuse.org
+
+- Update the appdata.xml file (replace Windows XP screenshot)
+
+-------------------------------------------------------------------
+Wed Jun 29 09:25:41 UTC 2016 - astieger@suse.com
+
+- Mozilla Firefox 47.0.1:
+ * Selenium WebDriver may cause Firefox to crash at startup
+ (bmo#1280854)
+
+-------------------------------------------------------------------
+Wed Jun 15 07:52:18 UTC 2016 - wr@rosenauer.org
+
+- mozilla-binutils-visibility.patch to fix build issues with
+ gcc/binutils combination used in Leap 42.2 (boo#984637)
+
+-------------------------------------------------------------------
+Tue Jun 14 08:35:03 UTC 2016 - badshah400@gmail.com
+
+- Update mozilla-gtk3_20.patch to latest version from Fedora.
+
+-------------------------------------------------------------------
+Mon Jun 13 20:28:01 UTC 2016 - agraf@suse.com
+
+- Fix running on 48bit va aarch64 (bsc#984126)
+ * add patch mozilla-aarch64-48bit-va.patch
+
+-------------------------------------------------------------------
+Mon Jun 13 15:27:13 UTC 2016 - wr@rosenauer.org
+
+- fix XUL dialog button order under KDE session (boo#984403)
+
+-------------------------------------------------------------------
+Tue Jun 7 19:47:25 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 47.0 (boo#983549)
+ * Enable VP9 video codec for users with fast machines
+ * Embedded YouTube videos now play with HTML5 video if Flash is
+ not installed
+ * View and search open tabs from your smartphone or another
+ computer in a sidebar
+ * Allow no-cache on back/forward navigations for https resources
+ security fixes:
+ * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818
+ (boo#983638)
+ (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743,
+ bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493,
+ bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752,
+ bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130,
+ bmo#1269729, bmo#1273202, bmo#1273701)
+ Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
+ * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381)
+ Buffer overflow parsing HTML5 fragments
+ * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460)
+ Use-after-free deleting tables from a contenteditable document
+ * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129)
+ Addressbar spoofing though the SELECT element
+ * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580)
+ Out-of-bounds write with WebGL shader
+ * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093)
+ Partial same-origin-policy through setting location.host
+ through data URI
+ * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810)
+ Use-after-free when textures are used in WebGL operations
+ after recycle pool destruction
+ * MFSA 2016-57/CVE-2016-2829 (boo#983644) (bmo#1248329)
+ Incorrect icon displayed on permissions notifications
+ * MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933)
+ Entering fullscreen and persistent pointerlock without user
+ permission
+ * MFSA 2016-59/CVE-2016-2832 (boo#983632) (bmo#1025267)
+ Information disclosure of disabled plugins through CSS
+ pseudo-classes
+ * MFSA 2016-60/CVE-2016-2833 (boo#983640) (bmo#908933)
+ Java applets bypass CSP protections
+ * MFSA 2016-62/CVE-2016-2834 (boo#983639) (bmo#1206283,
+ bmo#1221620, bmo#1241034, bmo#1241037)
+ Network Security Services (NSS) vulnerabilities
+ fixed by requiring NSS 3.23
+ packaging changes:
+ * cleanup configure options (boo#981695):
+ - notably remove GStreamer support which is gone from FF
+ * remove obsolete patches
+ - mozilla-libproxy.patch
+ - mozilla-repo.patch
+
+-------------------------------------------------------------------
+Wed May 25 16:36:23 UTC 2016 - badshah400@gmail.com
+
+- The conditional testing for gcc was failing for different
+ openSUSE versions, drop it and apply patches unconditionally.
+
+-------------------------------------------------------------------
+Mon May 23 15:30:27 UTC 2016 - badshah400@gmail.com
+
+- Add patches to fix building with gcc6:
+ + mozilla-gcc6.patch: fix building with gcc >= 6.1; patch
+ taken from upstream:
+ https://hg.mozilla.org/mozilla-central/rev/55212130f19d.
+ + mozilla-exclude-nametablecpp.patch: Exclude NameTable.cpp
+ from unified compilation because #include <cmath> in other
+ source files causes gcc6 compilation failure; patch taken from
+ upstream:
+ https://hg.mozilla.org/mozilla-central/rev/9c57b7cacffc.
+
+-------------------------------------------------------------------
+Fri May 13 00:00:00 CEST 2016 - dsterba@suse.cz
+
+- enable build with PIE and full relro on x86_64 (boo#980384)
+
+-------------------------------------------------------------------
+Wed May 4 10:27:43 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 46.0.1
+ Fixed:
+ * Search plugin issue for various locales
+ * Add-on signing certificate expiration
+ * Service worker update issue
+ * Build issue when jit is disabled
+ * Limit Sync registration updates
+- removed now obsolete mozilla-jit_branch64.patch
+
+-------------------------------------------------------------------
+Tue May 3 15:47:18 UTC 2016 - normand@linux.vnet.ibm.com
+
+- add mozilla-jit_branch64.patch to avoid PowerPC build failure
+ (from bmo#1266366)
+
+-------------------------------------------------------------------
+Wed Apr 27 08:39:28 UTC 2016 - badshah400@gmail.com
+
+- Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest
+ version from Fedora).
+
+-------------------------------------------------------------------
+Wed Apr 27 06:09:30 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 46.0 (boo#977333)
+ * Improved security of the JavaScript Just In Time (JIT) Compiler
+ * WebRTC fixes to improve performance and stability
+ * Added support for document.elementsFromPoint
+ * Added HKDF support for Web Crypto API
+ * requires NSPR 4.12 and NSS 3.22.3
+ * added patch to fix unchecked return value
+ mozilla-check_return.patch
+ * Gtk3 builds not supported at the moment
+ security fixes:
+ * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807
+ (boo#977373, boo#977375, boo#977376)
+ Miscellaneous memory safety hazards
+ * MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377)
+ Privilege escalation through file deletion by Maintenance Service updater
+ (Windows only)
+ * MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378)
+ Content provider permission bypass allows malicious application
+ to access data (Android only)
+ * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812
+ (bmo#1252330, bmo#1261776, boo#977379)
+ Use-after-free and buffer overflow in Service Workers
+ * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380)
+ Disclosure of user actions through JavaScript with motion and
+ orientation sensors (only affects mobile variants)
+ * MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381)
+ Buffer overflow in libstagefright with CENC offsets
+ * MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382)
+ CSP not applied to pages sent with multipart/x-mixed-replace
+ * MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384)
+ Elevation of privilege with chrome.tabs.update API in web extensions
+ * MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386)
+ Write to invalid HashMap entry through JavaScript.watch()
+ * MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388)
+ Firefox Health Reports could accept events from untrusted domains
+
+-------------------------------------------------------------------
+Thu Apr 21 12:00:28 UTC 2016 - badshah400@gmail.com
+
+- Update mozilla-gtk3_20.patch to fix scrollbar appearance under
+ gtk >= 3.20 (patch synced to Fedora's version).
+
+-------------------------------------------------------------------
+Tue Apr 12 19:11:30 UTC 2016 - badshah400@gmail.com
+
+- Compile against gtk3 depending on whether the macro
+ %firefox_use_gtk3 is defined or not (e.g., at the prjconf
+ level); macro is undefined by default and so gtk2 is used as the
+ default toolkit.
+- Add BuildRequires for additional packages needed when building
+ against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0),
+ pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0).
+- Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20;
+ patch taken from Fedora (bmo#1230955).
+
+-------------------------------------------------------------------
+Mon Apr 11 22:49:24 UTC 2016 - astieger@suse.com
+
+- Mozilla Firefox 45.0.2:
+ * Fix an issue impacting the cookie header when third-party
+ cookies are blocked (bmo#1257861)
+ * Fix a web compatibility regression impacting the srcset
+ attribute of the image tag (bmo#1259482)
+ * Fix a crash impacting the video playback with Media Source
+ Extension (bmo#1258562)
+ * Fix a regression impacting some specific uploads (bmo#1255735)
+ * Fix a regression with the copy and paste with some old versions
+ of some Gecko applications like Thunderbird (bmo#1254980)
+
+-------------------------------------------------------------------
+Fri Mar 18 08:52:58 UTC 2016 - astieger@suse.com
+
+- Mozilla Firefox 45.0.1:
+ * Fix a regression causing search engine settings to be lost in
+ some context (bmo#1254694)
+ * Bring back non-standard jar: URIs to fix a regression in IBM
+ iNotes (bmo#1255139)
+ * XSLTProcessor.importStylesheet was failing when <import> was
+ used (bmo#1249572)
+ * Fix an issue which could cause the list of search provider to
+ be empty (bmo#1255605)
+ * Fix a regression when using the location bar (bmo#1254503)
+ * Fix some loading issues when Accept third-party cookies: was
+ set to Never (bmo#1254856)
+ * Disabled Graphite font shaping library
+
+-------------------------------------------------------------------
+Sun Mar 6 19:52:13 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 45.0 (boo#969894)
+ * requires NSPR 4.12 / NSS 3.21.1
+ * Instant browser tab sharing through Hello
+ * Synced Tabs button in button bar
+ * Tabs synced via Firefox Accounts from other devices are now shown
+ in dropdown area of Awesome Bar when searching
+ * Introduce a new preference (network.dns.blockDotOnion) to allow
+ blocking .onion at the DNS level
+ * Tab Groups (Panorama) feature removed
+ * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
+ Miscellaneous memory safety hazards
+ * MFSA 2016-17/CVE-2016-1954 (bmo#1243178)
+ Local file overwriting and potential privilege escalation through
+ CSP reports
+ * MFSA 2016-18/CVE-2016-1955 (bmo#1208946)
+ CSP reports fail to strip location information for embedded iframe pages
+ * MFSA 2016-19/CVE-2016-1956 (bmo#1199923)
+ Linux video memory DOS with Intel drivers
+ * MFSA 2016-20/CVE-2016-1957 (bmo#1227052)
+ Memory leak in libstagefright when deleting an array during MP4
+ processing
+ * MFSA 2016-21/CVE-2016-1958 (bmo#1228754)
+ Displayed page address can be overridden
+ * MFSA 2016-22/CVE-2016-1959 (bmo#1234949)
+ Service Worker Manager out-of-bounds read in Service Worker Manager
+ * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014)
+ Use-after-free in HTML5 string parser
+ * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377)
+ Use-after-free in SetBody
+ * MFSA 2016-25/CVE-2016-1962 (bmo#1240760)
+ Use-after-free when using multiple WebRTC data channels
+ * MFSA 2016-26/CVE-2016-1963 (bmo#1238440)
+ Memory corruption when modifying a file being read by FileReader
+ * MFSA 2016-27/CVE-2016-1964 (bmo#1243335)
+ Use-after-free during XML transformations
+ * MFSA 2016-28/CVE-2016-1965 (bmo#1245264)
+ Addressbar spoofing though history navigation and Location protocol
+ property
+ * MFSA 2016-29/CVE-2016-1967 (bmo#1246956)
+ Same-origin policy violation using perfomance.getEntries and
+ history navigation with session restore
+ * MFSA 2016-30/CVE-2016-1968 (bmo#1246742)
+ Buffer overflow in Brotli decompression
+ * MFSA 2016-31/CVE-2016-1966 (bmo#1246054)
+ Memory corruption with malicious NPAPI plugin
+ * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/
+ CVE-2016-1976/CVE-2016-1972
+ WebRTC and LibVPX vulnerabilities found through code inspection
+ * MFSA 2016-33/CVE-2016-1973 (bmo#1219339)
+ Use-after-free in GetStaticInstance in WebRTC
+ * MFSA 2016-34/CVE-2016-1974 (bmo#1228103)
+ Out-of-bounds read in HTML parser following a failed allocation
+ * MFSA 2016-35/CVE-2016-1950 (bmo#1245528)
+ Buffer overflow during ASN.1 decoding in NSS
+ (fixed by requiring 3.21.1)
+ * MFSA 2016-36/CVE-2016-1979 (bmo#1185033)
+ Use-after-free during processing of DER encoded keys in NSS
+ (fixed by requiring 3.21.1)
+ * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
+ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
+ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
+ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
+ Font vulnerabilities in the Graphite 2 library
+
+-------------------------------------------------------------------
+Sat Mar 5 15:27:00 UTC 2016 - olaf@aepfle.de
+
+- Remove B_CNT from symbols.zip filename to reduce build-compare noise
+
+-------------------------------------------------------------------
+Fri Feb 26 16:22:52 UTC 2016 - astieger@suse.com
+
+- fix build problems on i586, caused by too large unified compile
+ units - adding mozilla-reduce-files-per-UnifiedBindings.patch
+
+-------------------------------------------------------------------
+Thu Feb 11 07:51:34 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 44.0.2
+ * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438)
+ Same-origin-policy violation using Service Workers with plugins
+ * Fix issue which could lead to the removal of stored passwords
+ under certain circumstances (bmo#1242176)
+ * Allows spaces in cookie names (bmo#1244505)
+ * Disable opus/vorbis audio with H.264 (bmo#1245696)
+ * Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
+ * Fix a crash in cache networking (bmo#1244076)
+ * Fix using WebSockets in service worker controlled pages (bmo#1243942)
+
+-------------------------------------------------------------------
+Sat Jan 30 08:28:17 UTC 2016 - dmueller@suse.com
+
+- build fixes for arm/aarch64:
+ * disable webrtc for arm/aarch64
+ * switch away from openGL-ES backend to default for arm/aarch64
+ since it almost never builds
+ * reenable neon
+- reenable webrtc for powerpc as it seems to build
+
+-------------------------------------------------------------------
+Sun Jan 24 09:33:15 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 44.0
+ * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633
+ Miscellaneous memory safety hazards
+ * MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634
+ Out of Memory crash when parsing GIF format images
+ * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635
+ Buffer overflow in WebGL after out of memory allocation
+ * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637
+ Firefox allows for control characters to be set in cookie names
+ * MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641
+ Missing delay following user click events in protocol handler dialog
+ * MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731
+ Errors in mp_div and mp_exptmod cryptographic functions in NSS
+ (fixed by requiring NSS 3.21)
+ * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590)
+ Addressbar spoofing attacks boo#963643
+ * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946
+ (bmo#1186621, bmo#1214782, bmo#1232096) boo#963644
+ Unsafe memory manipulation found through code inspection
+ * MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645
+ Application Reputation service disabled in Firefox 43
+ * requires NSPR 4.11
+ * requires NSS 3.21
+- prepare mozilla-kde.patch for Gtk3 builds
+- rebased patches
+
+-------------------------------------------------------------------
+Mon Jan 11 08:04:24 UTC 2016 - astieger@suse.com
+
+- Mozilla Firefox 43.0.4:
+ * Re-enable SHA-1 certificates to prevent outdated
+ man-in-the-middle security devices from interfering with
+ properly secured SSL/TLS connections (bmo#1236975)
+ * Fix for startup crash for users of a third party antivirus tool
+ (bmo#1235537)
+- The following change was previously in the package as a patch:
+ * Multi-user GNU/Linux download folders can be created
+ (bmo#1233434), removed mozilla-bmo1233434.patch
+
+-------------------------------------------------------------------
+Tue Dec 29 20:29:35 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 43.0.3
+ * requires NSS 3.20.2 to fix
+ MFSA 2015-150/CVE-2015-7575 (bmo#1158489)
+ MD5 signatures accepted within TLS 1.2 ServerKeyExchange in
+ server signature
+ * various changes to support Windows update (SHA-1 vs. SHA-2)
+ * workaround Youtube user agent detection issue (bmo#1233970)
+- fix file download regression for multi user systems
+ (bmo#1233434) (mozilla-bmo1233434.patch)
+- explicitely requires libXcomposite-devel
+
+-------------------------------------------------------------------
+Sun Dec 13 23:07:56 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 43.0 (bnc#959277)
+ * Improved API support for m4v video playback
+ * Users can opt-in to receive search suggestions from the Awesome Bar
+ * WebRTC streaming on multiple monitors
+ * User selectable second block list for Private Browsing's Tracking
+ Protection
+ security fixes:
+ * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202
+ Miscellaneous memory safety hazards
+ * MFSA 2015-135/CVE-2015-7204 (bmo#1216130)
+ Crash with JavaScript variable assignment with unboxed objects
+ * MFSA 2015-136/CVE-2015-7207 (bmo#1185256)
+ Same-origin policy violation using perfomance.getEntries and
+ history navigation
+ * MFSA 2015-137/CVE-2015-7208 (bmo#1191423)
+ Firefox allows for control characters to be set in cookies
+ * MFSA 2015-138/CVE-2015-7210 (bmo#1218326)
+ Use-after-free in WebRTC when datachannel is used after being
+ destroyed
+ * MFSA 2015-139/CVE-2015-7212 (bmo#1222809)
+ Integer overflow allocating extremely large textures
+ * MFSA 2015-140/CVE-2015-7215 (bmo#1160890)
+ Cross-origin information leak through web workers error events
+ * MFSA 2015-141/CVE-2015-7211 (bmo#1221444)
+ Hash in data URI is incorrectly parsed
+ * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820)
+ DOS due to malformed frames in HTTP/2
+ * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078)
+ Linux file chooser crashes on malformed images due to flaws in
+ Jasper library
+ * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221
+ (bmo#1201183, bmo#1178033, bmo#1199400)
+ Buffer overflows found through code inspection
+ * MFSA 2015-145/CVE-2015-7205 (bmo#1220493)
+ Underflow through code inspection
+ * MFSA 2015-146/CVE-2015-7213 (bmo#1206211)
+ Integer overflow in MP4 playback in 64-bit versions
+ * MFSA 2015-147/CVE-2015-7222 (bmo#1216748)
+ Integer underflow and buffer overflow processing MP4 metadata in
+ libstagefright
+ * MFSA 2015-148/CVE-2015-7223 (bmo#1226423)
+ Privilege escalation vulnerabilities in WebExtension APIs
+ * MFSA 2015-149/CVE-2015-7214 (bmo#1228950)
+ Cross-site reading attack through data and view-source URIs
+- rebased patches
+
+-------------------------------------------------------------------
+Sun Nov 15 19:52:20 UTC 2015 - wr@rosenauer.org
+
+- Add desktop menu action for private browsing window to desktop
+ file (boo#954747)
+- remove obsolete patch mozilla-bmo1005535.patch completely from
+ source package to avoid automatic check failures
+
+-------------------------------------------------------------------
+Sat Oct 31 19:50:03 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 42.0 (bnc#952810)
+ * Private Browsing with Tracking Protection blocks certain Web
+ elements that could be used to record your behavior across sites
+ * Control Center that contains site security and privacy controls
+ * Login Manager improvements
+ * WebRTC improvements
+ * Indicator added to tabs that play audio with one-click muting
+ * Media Source Extension for HTML5 video available for all sites
+ security fixes:
+ * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514
+ Miscellaneous memory safety hazards
+ * MFSA 2015-117/CVE-2015-4515 (bmo#1046421)
+ Information disclosure through NTLM authentication
+ * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692)
+ CSP bypass due to permissive Reader mode whitelist
+ * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only)
+ Firefox for Android addressbar can be removed after fullscreen mode
+ * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only)
+ Reading sensitive profile files through local HTML file on Android
+ * MFSA 2015-121/CVE-2015-7187 (bmo#1195735)
+ disabling scripts in Add-on SDK panels has no effect
+ * MFSA 2015-122/CVE-2015-7188 (bmo#1199430)
+ Trailing whitespace in IP address hostnames can bypass same-origin policy
+ * MFSA 2015-123/CVE-2015-7189 (bmo#1205900)
+ Buffer overflow during image interactions in canvas
+ * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only)
+ Android intents can be used on Firefox for Android to open privileged files
+ * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only)
+ XSS attack through intents on Firefox for Android
+ * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only)
+ Crash when accessing HTML tables with accessibility tools on OS X
+ * MFSA 2015-127/CVE-2015-7193 (bmo#1210302)
+ CORS preflight is bypassed when non-standard Content-Type headers
+ are received
+ * MFSA 2015-128/CVE-2015-7194 (bmo#1211262)
+ Memory corruption in libjar through zip files
+ * MFSA 2015-129/CVE-2015-7195 (bmo#1211871)
+ Certain escaped characters in host of Location-header are being
+ treated as non-escaped
+ * MFSA 2015-130/CVE-2015-7196 (bmo#1140616)
+ JavaScript garbage collection crash with Java applet
+ * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
+ (bmo#1188010, bmo#1204061, bmo#1204155)
+ Vulnerabilities found through code inspection
+ * MFSA 2015-132/CVE-2015-7197 (bmo#1204269)
+ Mixed content WebSocket policy bypass through workers
+ * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
+ (bmo#1202868, bmo#1205157)
+ NSS and NSPR memory corruption issues
+ (fixed in mozilla-nspr and mozilla-nss packages)
+- requires NSPR >= 4.10.10 and NSS >= 3.19.4
+- removed obsolete patches
+ * mozilla-arm-disable-edsp.patch
+ * mozilla-icu-strncat.patch
+ * mozilla-skia-be-le.patch
+ * toolkit-download-folder.patch
+- fixed build with enable-libproxy (bmo#1220399)
+ * mozilla-libproxy.patch
+
+-------------------------------------------------------------------
+Thu Oct 15 08:25:54 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 41.0.2 (bnc#950686)
+ * MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669)
+ Cross-origin restriction bypass using Fetch
+- added explicit appdata provides (bnc#949983)
+
+-------------------------------------------------------------------
+Sun Oct 4 09:20:56 UTC 2015 - wr@rosenauer.org
+
+- do not build with --enable-stdcxx-compat
+ (this starts to fail build on various toolchain combinations
+ and is not required for openSUSE builds in general
+
+-------------------------------------------------------------------
+Thu Oct 1 09:49:57 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 41.0.1
+ * Fix a startup crash related to Yandex toolbar and Adblock Plus
+ (bmo#1209124)
+ * Fix potential hangs with Flash plugins (bmo#1185639)
+ * Fix a regression in the bookmark creation (bmo#1206376)
+ * Fix a startup crash with some Intel Media Accelerator 3150
+ graphic cards (bmo#1207665)
+ * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601)
+
+-------------------------------------------------------------------
+Sat Sep 19 20:23:29 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 41.0 (bnc#947003)
+ * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
+ Miscellaneous memory safety hazards
+ * MFSA 2015-97/CVE-2015-4503 (bmo#994337)
+ Memory leak in mozTCPSocket to servers
+ * MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
+ Out of bounds read in QCMS library with ICC V4 profile attributes
+ * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
+ Site attribute spoofing on Android by pasting URL with unknown scheme
+ * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
+ Arbitrary file manipulation by local user through Mozilla updater
+ * MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
+ Buffer overflow in libvpx while parsing vp9 format video
+ * MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
+ Crash when using debugger with SavedStacks in JavaScript
+ * MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
+ URL spoofing in reader mode
+ * MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
+ Use-after-free with shared workers and IndexedDB
+ * MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
+ Buffer overflow while decoding WebM video
+ * MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
+ Use-after-free while manipulating HTML media content
+ * MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
+ Out-of-bounds read during 2D canvas display on Linux 16-bit
+ color depth systems
+ * MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
+ Scripted proxies can access inner window
+ * MFSA 2015-109/CVE-2015-4516 (bmo#904886)
+ JavaScript immutable property enforcement can be bypassed
+ * MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
+ Dragging and dropping images exposes final URL after redirects
+ * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
+ Errors in the handling of CORS preflight request headers
+ * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
+ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
+ CVE-2015-7180
+ Vulnerabilities found through code inspection
+ * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
+ bmo#1190526) (Windows only)
+ Memory safety errors in libGLES in the ANGLE graphics library
+ * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
+ Information disclosure via the High Resolution Time API
+- rebased patches
+- removed obsolete patches
+ * mozilla-arm64-libjpeg-turbo.patch
+
+------------------------------------------------------------------
+Thu Aug 27 06:03:51 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 40.0.3 (bnc#943550)
+ * Disable the asynchronous plugin initialization (bmo#1198590)
+ * Fix a segmentation fault in the GStreamer support (bmo#1145230)
+ * Fix a regression with some Japanese fonts used in the <input>
+ field (bmo#1194055)
+ * On some sites, the selection in a select combox box using the
+ mouse could be broken (bmo#1194733)
+ security fixes
+ * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
+ Use-after-free when resizing canvas element during restyling
+ * MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
+ Add-on notification bypass through data URLs
+
+-------------------------------------------------------------------
+Fri Aug 7 07:49:49 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 40.0 (bnc#940806)
+ * Added protection against unwanted software downloads
+ * Suggested Tiles show sites of interest, based on categories
+ from your recent browsing history
+ * Hello allows adding a link to conversations to provide context
+ on what the conversation will be about
+ * New style for add-on manager based on the in-content
+ preferences style
+ * Improved scrolling, graphics, and video playback performance
+ with off main thread compositing (GNU/Linux only)
+ * Graphic blocklist mechanism improved: Firefox version ranges
+ can be specified, limiting the number of devices blocked
+ security fixes:
+ * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474
+ Miscellaneous memory safety hazards
+ * MFSA 2015-80/CVE-2015-4475 (bmo#1175396)
+ Out-of-bounds read with malformed MP3 file
+ * MFSA 2015-81/CVE-2015-4477 (bmo#1179484)
+ Use-after-free in MediaStream playback
+ * MFSA 2015-82/CVE-2015-4478 (bmo#1105914)
+ Redefinition of non-configurable JavaScript object properties
+ * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
+ Overflow issues in libstagefright
+ * MFSA 2015-84/CVE-2015-4481 (bmo1171518)
+ Arbitrary file overwriting through Mozilla Maintenance Service
+ with hard links (only affected Windows)
+ * MFSA 2015-85/CVE-2015-4482 (bmo#1184500)
+ Out-of-bounds write with Updater and malicious MAR file
+ (does not affect openSUSE RPM packages which do not ship the
+ updater)
+ * MFSA 2015-86/CVE-2015-4483 (bmo#1148732)
+ Feed protocol with POST bypasses mixed content protections
+ * MFSA 2015-87/CVE-2015-4484 (bmo#1171540)
+ Crash when using shared memory in JavaScript
+ * MFSA 2015-88/CVE-2015-4491 (bmo#1184009)
+ Heap overflow in gdk-pixbuf when scaling bitmap images
+ * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
+ Buffer overflows on Libvpx when decoding WebM video
+ * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
+ Vulnerabilities found through code inspection
+ * MFSA 2015-91/CVE-2015-4490 (bmo#1086999)
+ Mozilla Content Security Policy allows for asterisk wildcards
+ in violation of CSP specification
+ * MFSA 2015-92/CVE-2015-4492 (bmo#1185820)
+ Use-after-free in XMLHttpRequest with shared workers
+- added mozilla-no-stdcxx-check.patch
+- removed obsolete patches
+ * mozilla-add-glibcxx_use_cxx11_abi.patch
+ * firefox-multilocale-chrome.patch
+- rebased patches
+- requires version 40 of the branding package
+- removed browser/searchplugins/ location as it's not valid anymore
+
+-------------------------------------------------------------------
+Fri Aug 7 07:09:39 UTC 2015 - wr@rosenauer.org
+
+- security update to Firefox 39.0.3 (bnc#940918)
+ * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058)
+ Same origin violation and local file stealing via PDF reader
+
+-------------------------------------------------------------------
+Wed Jul 1 06:43:02 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 39.0 (bnc#935979)
+ * Share Hello URLs with social networks
+ * Support for 'switch' role in ARIA 1.1 (web accessibility)
+ * SafeBrowsing malware detection lookups enabled for downloads
+ (Mac OS X and Linux)
+ * Support for new Unicode 8.0 skin tone emoji
+ * Removed support for insecure SSLv3 for network communications
+ * Disable use of RC4 except for temporarily whitelisted hosts
+ * NPAPI Plug-in performance improved via asynchronous initialization
+ security fixes:
+ * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726
+ Miscellaneous memory safety hazards
+ * MFSA 2015-60/CVE-2015-2727 (bmo#1163422)
+ Local files or privileged URLs in pages can be opened into new tabs
+ * MFSA 2015-61/CVE-2015-2728 (bmo#1142210)
+ Type confusion in Indexed Database Manager
+ * MFSA 2015-62/CVE-2015-2729 (bmo#1122218)
+ Out-of-bound read while computing an oscillator rendering range in Web Audio
+ * MFSA 2015-63/CVE-2015-2731 (bmo#1149891)
+ Use-after-free in Content Policy due to microtask execution error
+ * MFSA 2015-64/CVE-2015-2730 (bmo#1125025)
+ ECDSA signature validation fails to handle some signatures correctly
+ (this fix is shipped by NSS 3.19.1 externally)
+ * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867)
+ Use-after-free in workers while using XMLHttpRequest
+ * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737
+ CVE-2015-2738/CVE-2015-2739/CVE-2015-2740
+ Vulnerabilities found through code inspection
+ * MFSA 2015-67/CVE-2015-2741 (bmo#1147497)
+ Key pinning is ignored when overridable errors are encountered
+ * MFSA 2015-68/CVE-2015-2742 (bmo#1138669)
+ OS X crash reports may contain entered key press information
+ (not relevant under Linux)
+ * MFSA 2015-69/CVE-2015-2743 (bmo#1163109)
+ Privilege escalation in PDF.js
+ * MFSA 2015-70/CVE-2015-4000 (bmo#1138554)
+ NSS accepts export-length DHE keys with regular DHE cipher suites
+ (this fix is shipped by NSS 3.19.1 externally)
+ * MFSA 2015-71/CVE-2015-2721 (bmo#1086145)
+ NSS incorrectly permits skipping of ServerKeyExchange
+ (this fix is shipped by NSS 3.19.1 externally)
+- dropped mozilla-prefer_plugin_pref.patch as this feature is
+ likely not worth maintaining further
+- rebased patches
+- require NSS 3.19.2
+
+-------------------------------------------------------------------
+Thu Jun 18 10:30:18 UTC 2015 - schwab@suse.de
+
+- mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration
+
+-------------------------------------------------------------------
+Sun Jun 7 07:09:12 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.0.6
+ * fixes bmo#1171730 which is not really relevant to oS builds
+- fix KDE regression from 38.0.5 builds (bsc#933439)
+
+-------------------------------------------------------------------
+Sat May 23 21:13:49 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.0.5
+ * Keep track of articles and videos with Pocket
+ * Clean formatting for articles and blog posts with Reader View
+ * Share the active tab or window in a Hello conversation
+- add changes file as source for SRPM (bsc#932142)
+
+-------------------------------------------------------------------
+Fri May 15 10:40:19 UTC 2015 - normand@linux.vnet.ibm.com
+
+- add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1153109
+
+-------------------------------------------------------------------
+Fri May 15 07:37:46 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.0.1
+ stability and regression fixes
+ * Systems with first generation NVidia Optimus graphics cards
+ may crash on start-up
+ * Users who import cookies from Google Chrome can end up with
+ broken websites
+ * Large animated images may fail to play and may stop other
+ images from loading
+
+-------------------------------------------------------------------
+Sun May 10 07:07:49 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 38.0 (bnc#930622)
+ * New tab-based preferences
+ * Ruby annotation support
+ * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/
+ security fixes:
+ * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709
+ Miscellaneous memory safety hazards
+ * MFSA 2015-47/VE-2015-0797 (bmo#1080995)
+ Buffer overflow parsing H.264 video with Linux Gstreamer
+ * MFSA 2015-48/CVE-2015-2710 (bmo#1149542)
+ Buffer overflow with SVG content and CSS
+ * MFSA 2015-49/CVE-2015-2711 (bmo#1113431)
+ Referrer policy ignored when links opened by middle-click and
+ context menu
+ * MFSA 2015-50/CVE-2015-2712 (bmo#1152280)
+ Out-of-bounds read and write in asm.js validation
+ * MFSA 2015-51/CVE-2015-2713 (bmo#1153478)
+ Use-after-free during text processing with vertical text enabled
+ * MFSA 2015-53/CVE-2015-2715 (bmo#988698)
+ Use-after-free due to Media Decoder Thread creation during shutdown
+ * MFSA 2015-54/CVE-2015-2716 (bmo#1140537)
+ Buffer overflow when parsing compressed XML
+ * MFSA 2015-55/CVE-2015-2717 (bmo#1154683)
+ Buffer overflow and out-of-bounds read while parsing MP4 video
+ metadata
+ * MFSA 2015-56/CVE-2015-2718 (bmo#1146724)
+ Untrusted site hosting trusted page can intercept webchannel
+ responses
+ * MFSA 2015-57/CVE-2011-3079 (bmo#1087565)
+ Privilege escalation through IPC channel messages
+- requires NSS 3.18.1
+- removed obsolete patches:
+ * mozilla-skia-bmo1136958.patch
+- remove gnomevfs build options as it is removed from sources
+- rebased patches
+
+-------------------------------------------------------------------
+Fri Apr 17 16:39:20 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 37.0.2 (bnc#928116)
+ * MFSA 2015-45/CVE-2015-2706 (bmo#1141081)
+ Memory corruption during failed plugin initialization
+
+-------------------------------------------------------------------
+Fri Apr 3 08:27:24 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 37.0.1 (bnc#926166)
+ * MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only)
+ Loading privileged content through Reader mode
+ * MFSA 2015-44/CVE-2015-0799 (bmo#1148328)
+ Certificate verification bypass through the HTTP/2 Alt-Svc header
+
+-------------------------------------------------------------------
+Sat Mar 28 09:46:48 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 37.0 (bnc#925368)
+ * Heartbeat user rating system
+ * Yandex set as default search provider for the Turkish locale
+ * Bing search now uses HTTPS for secure searching
+ * Improved protection against site impersonation via OneCRL
+ centralized certificate revocation
+ * Opportunistically encrypt HTTP traffic where the server supports
+ HTTP/2 AltSvc
+ * some more behaviour changes for TLS
+ security fixes:
+ * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
+ Miscellaneous memory safety hazards
+ * MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
+ Use-after-free when using the Fluendo MP3 GStreamer plugin
+ * MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
+ Add-on lightweight theme installation approval bypassed through
+ MITM attack
+ * MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
+ resource:// documents can load privileged pages
+ * MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
+ Out of bounds read in QCMS library
+ * MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
+ Cursor clickjacking with flash and images (OS X only)
+ * MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
+ Incorrect memory management for simple-type arrays in WebRTC
+ * MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
+ CORS requests should not follow 30x redirections after preflight
+ * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
+ Memory corruption crashes in Off Main Thread Compositing
+ * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)
+ Use-after-free due to type confusion flaws
+ * MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
+ Same-origin bypass through anchor navigation
+ * MFSA-2015-41/CVE-2015-0800/CVE-2012-2808
+ PRNG weakness allows for DNS poisoning on Android (only)
+ * MFSA-2015-42/CVE-2015-0802 (bmo#1124898)
+ Windows can retain access to privileged content on navigation
+ to unprivileged pages
+- removed obsolete patches
+ * mozilla-bmo1088588.patch
+ * mozilla-bmo1108834.patch
+- requires NSPR 4.10.8
+
+-------------------------------------------------------------------
+Tue Mar 24 15:35:24 UTC 2015 - dvaleev@suse.com
+
+- Fix builds with skia on Power
+ mozilla-skia-be-le.patch (patch from #bmo1136958)
+ mozilla-bmo1108834.patch
+ mozilla-bmo1005535.patch
+
+-------------------------------------------------------------------
+Sat Mar 21 09:03:12 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 36.0.4 (bnc#923534)
+ * MFSA 2015-28/CVE-2015-0818 (bmo#1144988)
+ Privilege escalation through SVG navigation
+ * MFSA 2015-29/CVE-2015-0817 (bmo#1145255)
+ Code execution through incorrect JavaScript bounds checking
+ elimination
+
+-------------------------------------------------------------------
+Fri Mar 20 15:02:33 UTC 2015 - dimstar@opensuse.org
+
+- Copy the icons to /usr/share/icons instead of symlinking them:
+ in preparation for containerized apps (e.g. xdg-app) as well as
+ AppStream metadata extraction, there are a couple locations that
+ need to be real files for system integration (.desktop files,
+ icons, mime-type info).
+
+-------------------------------------------------------------------
+Sat Mar 7 07:40:56 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 36.0.1
+ Bugfixes:
+ * Disable the usage of the ANY DNS query type (bmo#1093983)
+ * Hello may become inactive until restart (bmo#1137469)
+ * Print preferences may not be preserved (bmo#1136855)
+ * Hello contact tabs may not be visible (bmo#1137141)
+ * Accept hostnames that include an underscore character ("_")
+ (bmo#1136616)
+ * WebGL may use significant memory with Canvas2d (bmo#1137251)
+ * Option -remote has been restored (bmo#1080319)
+- added mozilla-skia-bmo1136958.patch to fix build issues for
+ ARM and PPC
+
+-------------------------------------------------------------------
+Fri Feb 20 22:53:39 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 36.0 (bnc#917597)
+ * mozilla-xremote-client was removed
+ * added libclearkey.so media plugin
+ * Pinned tiles on the new tab page can be synced
+ * Support for the full HTTP/2 protocol. HTTP/2 enables a faster,
+ more scalable, and more responsive web.
+ * Locale added: Uzbek (uz)
+ security fixes:
+ * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836
+ Miscellaneous memory safety hazards
+ * MFSA 2015-12/CVE-2015-0833 (bmo#945192)
+ Invoking Mozilla updater will load locally stored DLL files
+ (Windows only)
+ * MFSA 2015-13/CVE-2015-0832 (bmo#1065909)
+ Appended period to hostnames can bypass HPKP and HSTS protections
+ * MFSA 2015-14/CVE-2015-0830 (bmo#1110488)
+ Malicious WebGL content crash when writing strings
+ * MFSA 2015-15/CVE-2015-0834 (bmo#1098314)
+ TLS TURN and STUN connections silently fail to simple TCP connections
+ * MFSA 2015-16/CVE-2015-0831 (bmo#1130514)
+ Use-after-free in IndexedDB
+ * MFSA 2015-17/CVE-2015-0829 (bmo#1128939)
+ Buffer overflow in libstagefright during MP4 video playback
+ * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675)
+ Double-free when using non-default memory allocators with a
+ zero-length XHR
+ * MFSA 2015-19/CVE-2015-0827 (bmo#1117304)
+ Out-of-bounds read and write while rendering SVG content
+ * MFSA 2015-20/CVE-2015-0826 (bmo#1092363)
+ Buffer overflow during CSS restyling
+ * MFSA 2015-21/CVE-2015-0825 (bmo#1092370)
+ Buffer underflow during MP3 playback
+ * MFSA 2015-22/CVE-2015-0824 (bmo#1095925)
+ Crash using DrawTarget in Cairo graphics library
+ * MFSA 2015-23/CVE-2015-0823 (bmo#1098497)
+ Use-after-free in Developer Console date with OpenType Sanitiser
+ * MFSA 2015-24/CVE-2015-0822 (bmo#1110557)
+ Reading of local files through manipulation of form autocomplete
+ * MFSA 2015-25/CVE-2015-0821 (bmo#1111960)
+ Local files or privileged URLs in pages can be opened into new tabs
+ * MFSA 2015-26/CVE-2015-0819 (bmo#1079554)
+ UI Tour whitelisted sites in background tab can spoof foreground
+ tabs
+ * MFSA 2015-27CVE-2015-0820 (bmo#1125398)
+ Caja Compiler JavaScript sandbox bypass
+- rebased patches
+- requires NSS 3.17.4
+
+-------------------------------------------------------------------
+Sat Jan 31 18:37:38 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 35.0.1
+ * With the Enhanced Steam extension, Firefox could crash (bmo#1123732)
+ * Kerberos authentication did not work with alias (bmo#1108971)
+ * SVG / CSS animation had a regression causing rendering issues on
+ websites like openstreemap.org (bmo#1083079)
+ * On Godaddy webmail, Firefox could crash (bmo#1113121)
+ * document.baseURI did not get updated to document.location after
+ base tag was removed from DOM for site with a CSP (bmo#1121857)
+ * With a Right-to-left (RTL) version of Firefox, the text selection
+ could be broken (bmo#1104036)
+ * CSP had a change in behavior with regard to case sensitivity
+ resources loading (bmo#1122445)
+
+-------------------------------------------------------------------
+Sat Jan 10 18:36:37 UTC 2015 - wr@rosenauer.org
+
+- update to Firefox 35.0 (bnc#910669)
+ notable features:
+ * Firefox Hello with new rooms-based conversations model
+ * Implemented HTTP Public Key Pinning Extension (for enhanced
+ authentication of encrypted connections)
+ security fixes:
+ * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
+ Miscellaneous memory safety hazards
+ * MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
+ Uninitialized memory use during bitmap rendering
+ * MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
+ sendBeacon requests lack an Origin header
+ * MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
+ Cookie injection through Proxy Authenticate responses
+ * MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
+ Read of uninitialized memory in Web Audio
+ * MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
+ Read-after-free in WebRTC
+ * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
+ Gecko Media Plugin sandbox escape
+ * MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
+ Delegated OCSP responder certificates failure with
+ id-pkix-ocsp-nocheck extension
+ * MFSA 2015-09/CVE-2014-8636 (bmo#987794)
+ XrayWrapper bypass through DOM objects
+- rebased patches
+- dropped explicit support for everything older than 12.3
+ (including SLES11)
+ * merge firefox-kde.patch and firefox-kde-114.patch
+ * dropped mozilla-sle11.patch
+- reworked specfile to build conditionally based on release channel
+ either Firefox or Firefox Developer Edition
+- added mozilla-openaes-decl.patch to fix implicit declarations
+- obsolete tracker-miner-firefox < 0.15 because it leads to startup
+ crashes (bnc#908892)
+
+-------------------------------------------------------------------
+Sat Dec 13 22:13:00 UTC 2014 - Led <ledest@gmail.com>
+
+- fix bashism in mozilla.sh script
+
+-------------------------------------------------------------------
+Sat Nov 29 21:23:03 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 34.0.5 (bnc#908009)
+ * Default search engine changed to Yahoo! for North America
+ * Default search engine changed to Yandex for Belarusian, Kazakh,
+ and Russian locales
+ * Improved search bar (en-US only)
+ * Firefox Hello real-time communication client
+ * Easily switch themes/personas directly in the Customizing mode
+ * Implementation of HTTP/2 (draft14) and ALPN
+ * Disabled SSLv3
+ * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588
+ Miscellaneous memory safety hazards
+ * MFSA 2014-84/CVE-2014-1589 (bmo#1043787)
+ XBL bindings accessible via improper CSS declarations
+ * MFSA 2014-85/CVE-2014-1590 (bmo#1087633)
+ XMLHttpRequest crashes with some input streams
+ * MFSA 2014-86/CVE-2014-1591 (bmo#1069762)
+ CSP leaks redirect data via violation reports
+ * MFSA 2014-87/CVE-2014-1592 (bmo#1088635)
+ Use-after-free during HTML5 parsing
+ * MFSA 2014-88/CVE-2014-1593 (bmo#1085175)
+ Buffer overflow while parsing media content
+ * MFSA 2014-89/CVE-2014-1594 (bmo#1074280)
+ Bad casting from the BasicThebesLayer to BasicContainerLayer
+- rebased patches
+- limit linker memory usage for %ix86
+- rebased patches
+
+-------------------------------------------------------------------
+Fri Nov 7 20:14:32 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 33.1
+ * Adding DuckDuckGo as a search option (upstream)
+ * Forget Button added
+ * Enhanced Tiles
+ * Privacy tour introduced
+- fix typo in GStreamer Recommends
+
+-------------------------------------------------------------------
+Tue Nov 4 18:00:35 UTC 2014 - guillaume@opensuse.org
+
+- Disable elf-hack for aarch64
+- Enable EGL for aarch64
+- Limit RAM usage during link for %arm
+- Fix _constraints for ARM
+
+-------------------------------------------------------------------
+Mon Nov 3 11:36:04 UTC 2014 - dmueller@suse.com
+
+- use proper macros for ARM
+
+-------------------------------------------------------------------
+Mon Nov 3 11:26:23 UTC 2014 - josua.mayer97@gmail.com
+
+- use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too
+ to fix compiling.
+- pass '-Wl,--no-keep-memory' to linker to reduce required memory during
+ linking on arm.
+
+-------------------------------------------------------------------
+Thu Oct 30 11:31:05 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 33.0.2
+ * Fix a startup crash with some combination of hardware and drivers
+ 33.0.1
+ * Firefox displays a black screen at start-up with certain
+ graphics drivers
+- adjusted _constraints for ARM
+
+-------------------------------------------------------------------
+Tue Oct 28 15:23:09 UTC 2014 - josua.mayer97@gmail.com
+
+- added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588)
+
+-------------------------------------------------------------------
+Sat Oct 25 08:45:43 UTC 2014 - wr@rosenauer.org
+
+- define /usr/share/myspell as additional dictionary location
+ and remove add-plugins.sh finally (bnc#900639)
+
+-------------------------------------------------------------------
+Sun Oct 19 12:59:28 UTC 2014 - vindex17@outlook.it
+
+- use Firefox default optimization flags instead of -Os
+- specfile cleanup
+
+-------------------------------------------------------------------
+Wed Oct 15 08:05:33 UTC 2014 - wr@rosenauer.org
+
+- fix build for all ppc by not enabling elf-hack
+ (bnc#901213)
+
+-------------------------------------------------------------------
+Sat Oct 11 08:48:24 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 33.0 (bnc#900941)
+ New features:
+ * OpenH264 support (sandboxed)
+ * Enhanced Tiles
+ * Improved search experience through the location bar
+ * Slimmer and faster JavaScript strings
+ * New CSP (Content Security Policy) backend
+ * Support for connecting to HTTP proxy over HTTPS
+ * Improved reliability of the session restoration
+ * Proprietary window.crypto properties/functions removed
+ Security:
+ * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575
+ Miscellaneous memory safety hazards
+ * MFSA 2014-75/CVE-2014-1576 (bmo#1041512)
+ Buffer overflow during CSS manipulation
+ * MFSA 2014-76/CVE-2014-1577 (bmo#1012609)
+ Web Audio memory corruption issues with custom waveforms
+ * MFSA 2014-77/CVE-2014-1578 (bmo#1063327)
+ Out-of-bounds write with WebM video
+ * MFSA 2014-78/CVE-2014-1580 (bmo#1063733)
+ Further uninitialized memory use during GIF rendering
+ * MFSA 2014-79/CVE-2014-1581 (bmo#1068218)
+ Use-after-free interacting with text directionality
+ * MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190)
+ Key pinning bypasses
+ * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981)
+ Inconsistent video sharing within iframe
+ * MFSA 2014-82/CVE-2014-1583 (bmo#1015540)
+ Accessing cross-origin objects via the Alarms API
+ (only relevant for installed web apps)
+- requires NSPR 4.10.7
+- requires NSS 3.17.1
+- removed obsolete patches:
+ * mozilla-ppc.patch
+ * mozilla-libproxy-compat.patch
+- added basic appdata information
+
+-------------------------------------------------------------------
+Sat Sep 20 13:33:51 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 32.0.2
+ * just a version bump for our builds
+ * fixed the in application update process for certain environments
+ (in application update is not enabled in openSUSE and Linux
+ is unaffected in any case)
+- build with --disable-optimize for 13.1 and above for i586 to
+ workaround miscompilations (bnc#896624)
+- use some more build flags to align with upstream
+
+-------------------------------------------------------------------
+Sat Sep 13 16:58:16 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 32.0.1
+ * fixed stability issues for computers with multiple graphics cards
+ * mixed content icon may be incorrectly displayed instead of lock
+ icon for SSL sites in 32.0 (
+ * WebRTC: setRemoteDescription() silently fails if no success
+ callback is specified (bmo#1063971)
+
+-------------------------------------------------------------------
+Sun Aug 31 07:44:54 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 32.0 (bnc#894370)
+ * MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562
+ Miscellaneous memory safety hazards
+ * MFSA 2014-68/CVE-2014-1563 (bmo#1018524)
+ Use-after-free during DOM interactions with SVG
+ * MFSA 2014-69/CVE-2014-1564 (bmo#1045977)
+ Uninitialized memory use during GIF rendering
+ * MFSA 2014-70/CVE-2014-1565 (bmo#1047831)
+ Out-of-bounds read in Web Audio audio timeline
+ * MFSA 2014-72/CVE-2014-1567 (bmo#1037641)
+ Use-after-free setting text directionality
+- rebased patches
+- requires NSS 3.16.4
+- removed upstreamed patch
+ * mozilla-aarch64-bmo-810631.patch
+
+-------------------------------------------------------------------
+Wed Aug 20 13:50:58 CEST 2014 - behlert@suse.de
+
+- adapted _constraints, used more than 3900MB on s390x during
+ last build
+
+-------------------------------------------------------------------
+Sun Jul 20 18:11:44 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 31.0 (bnc#887746)
+ * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548
+ Miscellaneous memory safety hazards
+ * MFSA 2014-57/CVE-2014-1549 (bmo#1020205)
+ Buffer overflow during Web Audio buffering for playback
+ * MFSA 2014-58/CVE-2014-1550 (bmo#1020411)
+ Use-after-free in Web Audio due to incorrect control message ordering
+ * MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375)
+ Toolbar dialog customization event spoofing
+ * MFSA 2014-61/CVE-2014-1555 (bmo#1023121)
+ Use-after-free with FireOnStateChange event
+ * MFSA 2014-62/CVE-2014-1556 (bmo#1028891)
+ Exploitable WebGL crash with Cesium JavaScript library
+ * MFSA 2014-63/CVE-2014-1544 (bmo#963150)
+ Use-after-free while when manipulating certificates in the trusted cache
+ (solved with NSS 3.16.2 requirement)
+ * MFSA 2014-64/CVE-2014-1557 (bmo#913805)
+ Crash in Skia library when scaling high quality images
+ * MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560
+ (bmo#1015973, bmo#1026022, bmo#997795)
+ Certificate parsing broken by non-standard character encoding
+ * MFSA 2014-66/CVE-2014-1552 (bmo#985135)
+ IFRAME sandbox same-origin access through redirect
+- use EGL on ARM
+- rebased patches
+- requires NSS 3.16.2
+- requires python-devel (not only python)
+
+-------------------------------------------------------------------
+Mon Jun 9 08:28:17 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 30.0 (bnc#881874)
+ * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
+ (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
+ bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
+ bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
+ bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
+ bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
+ bmo#1009952, bmo#1011007)
+ Miscellaneous memory safety hazards (rv:30.0)
+ * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
+ (bmo#989994, bmo#999274, bmo#1005584)
+ Use-after-free and out of bounds issues found using Address
+ Sanitizer
+ * MFSA 2014-50/CVE-2014-1539 (bmo#995603)
+ Clickjacking through cursor invisability after Flash interaction
+ * MFSA 2014-51/CVE-2014-1540 (bmo#978862)
+ Use-after-free in Event Listener Manager
+ * MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
+ Use-after-free with SMIL Animation Controller
+ * MFSA 2014-53/CVE-2014-1542 (bmo#991533)
+ Buffer overflow in Web Audio Speex resampler
+ * MFSA 2014-54/CVE-2014-1543 (bmo#1011859)
+ Buffer overflow in Gamepad API
+ * MFSA 2014-55/CVE-2014-1545 (bmo#1018783)
+ Out of bounds write in NSPR
+- rebased patches
+- removed obsolete patches
+ * firefox-browser-css.patch
+ * mozilla-aarch64-bmo-962488.patch
+ * mozilla-aarch64-bmo-963023.patch
+ * mozilla-aarch64-bmo-963024.patch
+ * mozilla-aarch64-bmo-963027.patch
+ * mozilla-ppc64-xpcom.patch
+ * mozilla-ppc64le-javascript.patch
+ * mozilla-ppc64le-libffi.patch
+ * mozilla-ppc64le-mfbt.patch
+ * mozilla-ppc64le-webrtc.patch
+ * mozilla-ppc64le-xpcom.patch
+ * mozilla-ppc64le-build.patch
+- requires NSPR 4.10.6
+- enabled GStreamer 1.0 usage for 13.2 and above
+
+-------------------------------------------------------------------
+Sat May 10 06:09:37 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 29.0.1
+ * Seer disabled by default (bmo#1005958)
+ * Session Restore failed with a corrupted sessionstore.js file
+ (bmo#1001167)
+ * pdf.js printing white page (bmo#1003707, bnc#876833)
+- general.useragent.locale gets overwritten with en-US while it
+ should be using the active langpack's setting
+
+-------------------------------------------------------------------
+Sat Apr 26 12:18:07 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 29.0 (bnc#875378)
+ * MFSA 2014-34/CVE-2014-1518/CVE-2014-1519
+ Miscellaneous memory safety hazards
+ * MFSA 2014-36/CVE-2014-1522 (bmo#995289)
+ Web Audio memory corruption issues
+ * MFSA 2014-37/CVE-2014-1523 (bmo#969226)
+ Out of bounds read while decoding JPG images
+ * MFSA 2014-38/CVE-2014-1524 (bmo#989183)
+ Buffer overflow when using non-XBL object as XBL
+ * MFSA 2014-39/CVE-2014-1525 (bmo#989210)
+ Use-after-free in the Text Track Manager for HTML video
+ * MFSA 2014-41/CVE-2014-1528 (bmo#963962)
+ Out-of-bounds write in Cairo
+ * MFSA 2014-42/CVE-2014-1529 (bmo#987003)
+ Privilege escalation through Web Notification API
+ * MFSA 2014-43/CVE-2014-1530 (bmo#895557)
+ Cross-site scripting (XSS) using history navigations
+ * MFSA 2014-44/CVE-2014-1531 (bmo#987140)
+ Use-after-free in imgLoader while resizing images
+ * MFSA 2014-45/CVE-2014-1492 (bmo#903885)
+ Incorrect IDNA domain name matching for wildcard certificates
+ (fixed by NSS 3.16)
+ * MFSA 2014-46/CVE-2014-1532 (bmo#966006)
+ Use-after-free in nsHostResolver
+ * MFSA 2014-47/CVE-2014-1526 (bmo#988106)
+ Debugger can bypass XrayWrappers with JavaScript
+- rebased patches
+- removed obsolete patches
+ * firefox-browser-css.patch
+ * mozilla-aarch64-599882cfb998.diff
+ * mozilla-aarch64-bmo-963028.patch
+ * mozilla-aarch64-bmo-963029.patch
+ * mozilla-aarch64-bmo-963030.patch
+ * mozilla-aarch64-bmo-963031.patch
+- requires NSS 3.16
+- added mozilla-icu-strncat.patch to fix post build checks
+
+-------------------------------------------------------------------
+Mon Apr 7 15:34:31 UTC 2014 - dmueller@suse.com
+
+- add mozilla-aarch64-599882cfb998.patch,
+ mozilla-aarch64-bmo-810631.patch,
+ mozilla-aarch64-bmo-962488.patch,
+ mozilla-aarch64-bmo-963030.patch,
+ mozilla-aarch64-bmo-963027.patch,
+ mozilla-aarch64-bmo-963028.patch,
+ mozilla-aarch64-bmo-963029.patch,
+ mozilla-aarch64-bmo-963023.patch,
+ mozilla-aarch64-bmo-963024.patch,
+ mozilla-aarch64-bmo-963031.patch: AArch64 porting
+
+-------------------------------------------------------------------
+Mon Mar 24 16:18:44 UTC 2014 - dvaleev@suse.com
+
+- Add patch for bmo#973977
+ * mozilla-ppc64-xpcom.patch
+
+-------------------------------------------------------------------
+Mon Mar 24 14:29:12 UTC 2014 - dvaleev@suse.com
+
+- Refresh mozilla-ppc64le-xpcom.patch patch
+
+-------------------------------------------------------------------
+Fri Mar 21 19:01:42 UTC 2014 - dvaleev@suse.com
+
+- Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system
+
+-------------------------------------------------------------------
+Sun Mar 16 13:39:15 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 28.0 (bnc#868603)
+ * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
+ Miscellaneous memory safety hazards
+ * MFSA 2014-17/CVE-2014-1497 (bmo#966311)
+ Out of bounds read during WAV file decoding
+ * MFSA 2014-18/CVE-2014-1498 (bmo#935618)
+ crypto.generateCRMFRequest does not validate type of key
+ * MFSA 2014-19/CVE-2014-1499 (bmo#961512)
+ Spoofing attack on WebRTC permission prompt
+ * MFSA 2014-20/CVE-2014-1500 (bmo#956524)
+ onbeforeunload and Javascript navigation DOS
+ * MFSA 2014-22/CVE-2014-1502 (bmo#972622)
+ WebGL content injection from one domain to rendering in another
+ * MFSA 2014-23/CVE-2014-1504 (bmo#911547)
+ Content Security Policy for data: documents not preserved by
+ session restore
+ * MFSA 2014-26/CVE-2014-1508 (bmo#963198)
+ Information disclosure through polygon rendering in MathML
+ * MFSA 2014-27/CVE-2014-1509 (bmo#966021)
+ Memory corruption in Cairo during PDF font rendering
+ * MFSA 2014-28/CVE-2014-1505 (bmo#941887)
+ SVG filters information disclosure through feDisplacementMap
+ * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
+ Privilege escalation using WebIDL-implemented APIs
+ * MFSA 2014-30/CVE-2014-1512 (bmo#982957)
+ Use-after-free in TypeObject
+ * MFSA 2014-31/CVE-2014-1513 (bmo#982974)
+ Out-of-bounds read/write through neutering ArrayBuffer objects
+ * MFSA 2014-32/CVE-2014-1514 (bmo#983344)
+ Out-of-bounds write through TypedArrayObject after neutering
+- requires NSPR 4.10.3 and NSS 3.15.5
+- new build dependency (and recommends):
+ * libpulse
+- update of PowerPC 64 patches (bmo#976648) (pcerny@suse.com)
+- rebased patches
+
+-------------------------------------------------------------------
+Mon Feb 17 11:59:28 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 27.0.1
+ * Fixed stability issues with Greasemonkey and other JS that used
+ ClearTimeoutOrInterval
+ * JS math correctness issue (bmo#941381)
+- incorporate Google API key for geolocation (bnc#864170)
+- updated list of "other" locales in RPM requirements
+
+-------------------------------------------------------------------
+Tue Jan 28 15:45:41 UTC 2014 - wr@rosenauer.org
+
+- update to Firefox 27.0 (bnc#861847)
+ * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
+ Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
+ * MFSA 2014-02/CVE-2014-1479 (bmo#911864)
+ Clone protected content with XBL scopes
+ * MFSA 2014-03/CVE-2014-1480 (bmo#916726)
+ UI selection timeout missing on download prompts
+ * MFSA 2014-04/CVE-2014-1482 (bmo#943803)
+ Incorrect use of discarded images by RasterImage
+ * MFSA 2014-05/CVE-2014-1483 (bmo#950427)
+ Information disclosure with *FromPoint on iframes
+ * MFSA 2014-06/CVE-2014-1484 (bmo#953993)
+ Profile path leaks to Android system log
+ * MFSA 2014-07/CVE-2014-1485 (bmo#910139)
+ XSLT stylesheets treated as styles in Content Security Policy
+ * MFSA 2014-08/CVE-2014-1486 (bmo#942164)
+ Use-after-free with imgRequestProxy and image proccessing
+ * MFSA 2014-09/CVE-2014-1487 (bmo#947592)
+ Cross-origin information leak through web workers
+ * MFSA 2014-10/CVE-2014-1489 (bmo#959531)
+ Firefox default start page UI content invokable by script
+ * MFSA 2014-11/CVE-2014-1488 (bmo#950604)
+ Crash when using web workers with asm.js
+ * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
+ (bmo#934545, bmo#930874, bmo#930857)
+ NSS ticket handling issues
+ * MFSA 2014-13/CVE-2014-1481(bmo#936056)
+ Inconsistent JavaScript handling of access to Window objects
+- requires NSS 3.15.4 or higher
+- rebased/reworked patches
+- removed obsolete mozilla-bug929439.patch
+
+-------------------------------------------------------------------
+Thu Dec 12 21:19:54 UTC 2013 - uweigand@de.ibm.com
+
+- Add support for powerpc64le-linux.
+ * mozilla-ppc64le.patch: general support
+ * mozilla-libffi-ppc64le.patch: libffi backport
+ * mozilla-xpcom-ppc64le.patch: port xpcom
+- Add build fix from mainline.
+ * mozilla-bug929439.patch
+
+-------------------------------------------------------------------
+Sun Dec 8 20:26:23 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 26.0 (bnc#854367, bnc#854370)
+ * rebased patches
+ * requires NSPR 4.10.2 and NSS 3.15.3.1
+ * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
+ Miscellaneous memory safety hazards
+ * MFSA 2013-105/CVE-2013-5611 (bmo#771294)
+ Application Installation doorhanger persists on navigation
+ * MFSA 2013-106/CVE-2013-5612 (bmo#871161)
+ Character encoding cross-origin XSS attack
+ * MFSA 2013-107/CVE-2013-5614 (bmo#886262)
+ Sandbox restrictions not applied to nested object elements
+ * MFSA 2013-108/CVE-2013-5616 (bmo#938341)
+ Use-after-free in event listeners
+ * MFSA 2013-109/CVE-2013-5618 (bmo#926361)
+ Use-after-free during Table Editing
+ * MFSA 2013-110/CVE-2013-5619 (bmo#917841)
+ Potential overflow in JavaScript binary search algorithms
+ * MFSA 2013-111/CVE-2013-6671 (bmo#930281)
+ Segmentation violation when replacing ordered list elements
+ * MFSA 2013-112/CVE-2013-6672 (bmo#894736)
+ Linux clipboard information disclosure though selection paste
+ * MFSA 2013-113/CVE-2013-6673 (bmo#970380)
+ Trust settings for built-in roots ignored during EV certificate
+ validation
+ * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
+ Use-after-free in synthetic mouse movement
+ * MFSA 2013-115/CVE-2013-5615 (bmo#929261)
+ GetElementIC typed array stubs can be generated outside observed
+ typesets
+ * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
+ JPEG information leak
+ * MFSA 2013-117 (bmo#946351)
+ Mis-issued ANSSI/DCSSI certificate
+ (fixed via NSS 3.15.3.1)
+- removed gecko.js preference file as GStreamer is enabled by
+ default now
+
+-------------------------------------------------------------------
+Thu Oct 24 18:16:19 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 25.0 (bnc#847708)
+ * rebased patches
+ * requires NSS 3.15.2 or above
+ * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
+ Miscellaneous memory safety hazards
+ * MFSA 2013-94/CVE-2013-5593 (bmo#868327)
+ Spoofing addressbar through SELECT element
+ * MFSA 2013-95/CVE-2013-5604 (bmo#914017)
+ Access violation with XSLT and uninitialized data
+ * MFSA 2013-96/CVE-2013-5595 (bmo#916580)
+ Improperly initialized memory and overflows in some JavaScript
+ functions
+ * MFSA 2013-97/CVE-2013-5596 (bmo#910881)
+ Writing to cycle collected object during image decoding
+ * MFSA 2013-98/CVE-2013-5597 (bmo#918864)
+ Use-after-free when updating offline cache
+ * MFSA 2013-99/CVE-2013-5598 (bmo#920515)
+ Security bypass of PDF.js checks using iframes
+ * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
+ (bmo#915210, bmo#915576, bmo#916685)
+ Miscellaneous use-after-free issues found through ASAN fuzzing
+ * MFSA 2013-101/CVE-2013-5602 (bmo#897678)
+ Memory corruption in workers
+ * MFSA 2013-102/CVE-2013-5603 (bmo#916404)
+ Use-after-free in HTML document templates
+
+-------------------------------------------------------------------
+Tue Sep 24 07:31:30 UTC 2013 - wr@rosenauer.org
+
+- as GStreamer is not automatically required anymore but loaded
+ dynamically if available, require it explicitely
+- recommend optional GStreamer plugins for comprehensive media
+ support
+
+-------------------------------------------------------------------
+Mon Sep 16 11:59:18 UTC 2013 - lnussel@suse.de
+
+- move greek to the translations-common package (bnc#840551)
+
+-------------------------------------------------------------------
+Sat Sep 14 14:39:58 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 24.0 (bnc#840485)
+ * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
+ Miscellaneous memory safety hazards
+ * MFSA 2013-77/CVE-2013-1720 (bmo#888820)
+ Improper state in HTML5 Tree Builder with templates
+ * MFSA 2013-78/CVE-2013-1721 (bmo#890277)
+ Integer overflow in ANGLE library
+ * MFSA 2013-79/CVE-2013-1722 (bmo#893308)
+ Use-after-free in Animation Manager during stylesheet cloning
+ * MFSA 2013-80/CVE-2013-1723 (bmo#891292)
+ NativeKey continues handling key messages after widget is destroyed
+ * MFSA 2013-81/CVE-2013-1724 (bmo#894137)
+ Use-after-free with select element
+ * MFSA 2013-82/CVE-2013-1725 (bmo#876762)
+ Calling scope for new Javascript objects can lead to memory corruption
+ * MFSA 2013-85/CVE-2013-1728 (bmo#883686)
+ Uninitialized data in IonMonkey
+ * MFSA 2013-88/CVE-2013-1730 (bmo#851353)
+ Compartment mismatch re-attaching XBL-backed nodes
+ * MFSA 2013-89/CVE-2013-1732 (bmo#883514)
+ Buffer overflow with multi-column, lists, and floats
+ * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
+ Memory corruption involving scrolling
+ * MFSA 2013-91/CVE-2013-1737 (bmo#907727)
+ User-defined properties on DOM proxies get the wrong "this" object
+ * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
+ GC hazard with default compartments and frame chain restoration
+- enable gstreamer explicitely via pref (gecko.js)
+- require NSS 3.15.1
+
+-------------------------------------------------------------------
+Mon Aug 26 07:35:36 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 23.0.1
+ * Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls
+ (bmo#901527)
+
+-------------------------------------------------------------------
+Sun Aug 4 18:30:11 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 23.0 (bnc#833389)
+ * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702
+ Miscellaneous memory safety hazards
+ * MFSA 2013-64/CVE-2013-1704 (bmo#883313)
+ Use after free mutating DOM during SetBody
+ * MFSA 2013-65/CVE-2013-1705 (bmo#882865)
+ Buffer underflow when generating CRMF requests
+ * MFSA 2013-67/CVE-2013-1708 (bmo#879924)
+ Crash during WAV audio file decoding
+ * MFSA 2013-68/CVE-2013-1709 (bmo#838253)
+ Document URI misrepresentation and masquerading
+ * MFSA 2013-69/CVE-2013-1710 (bmo#871368)
+ CRMF requests allow for code execution and XSS attacks
+ * MFSA 2013-70/CVE-2013-1711 (bmo#843829)
+ Bypass of XrayWrappers using XBL Scopes
+ * MFSA 2013-72/CVE-2013-1713 (bmo#887098)
+ Wrong principal used for validating URI for some Javascript
+ components
+ * MFSA 2013-73/CVE-2013-1714 (bmo#879787)
+ Same-origin bypass with web workers and XMLHttpRequest
+ * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
+ Local Java applets may read contents of local file system
+- requires NSPR 4.10 and NSS 3.15
+
+-------------------------------------------------------------------
+Wed Jul 3 17:14:35 UTC 2013 - dmueller@suse.com
+
+- fix build on ARM (/-g/ matches /-grecord-switches/)
+
+-------------------------------------------------------------------
+Sat Jun 22 17:48:06 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 22.0 (bnc#825935)
+ * removed obsolete patches
+ + mozilla-qcms-ppc.patch
+ + mozilla-gstreamer-760140.patch
+ * GStreamer support does not build on 12.1 anymore (build only
+ on 12.2 and later)
+ * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683
+ Miscellaneous memory safety hazards
+ * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
+ Memory corruption found using Address Sanitizer
+ * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
+ Privileged content access and execution via XBL
+ * MFSA 2013-52/CVE-2013-1688 (bmo#873966)
+ Arbitrary code execution within Profiler
+ * MFSA 2013-53/CVE-2013-1690 (bmo#857883)
+ Execution of unmapped memory through onreadystatechange event
+ * MFSA 2013-54/CVE-2013-1692 (bmo#866915)
+ Data in the body of XHR HEAD requests leads to CSRF attacks
+ * MFSA 2013-55/CVE-2013-1693 (bmo#711043)
+ SVG filters can lead to information disclosure
+ * MFSA 2013-56/CVE-2013-1694 (bmo#848535)
+ PreserveWrapper has inconsistent behavior
+ * MFSA 2013-57/CVE-2013-1695 (bmo#849791)
+ Sandbox restrictions not applied to nested frame elements
+ * MFSA 2013-58/CVE-2013-1696 (bmo#761667)
+ X-Frame-Options ignored when using server push with multi-part
+ responses
+ * MFSA 2013-59/CVE-2013-1697 (bmo#858101)
+ XrayWrappers can be bypassed to run user defined methods in a
+ privileged context
+ * MFSA 2013-60/CVE-2013-1698 (bmo#876044)
+ getUserMedia permission dialog incorrectly displays location
+ * MFSA 2013-61/CVE-2013-1699 (bmo#840882)
+ Homograph domain spoofing in .com, .net and .name
+
+-------------------------------------------------------------------
+Tue Jun 11 21:06:58 UTC 2013 - dvaleev@suse.com
+
+- Fix qcms altivec include (mozilla-qcms-ppc.patch)
+
+-------------------------------------------------------------------
+Fri May 10 05:25:39 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 21.0 (bnc#819204)
+ * removed upstreamed patch firefox-712763.patch
+ * removed disabled mozilla-disable-neon-option.patch
+ * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669
+ Miscellaneous memory safety hazards
+ * MFSA 2013-42/CVE-2013-1670 (bmo#853709)
+ Privileged access for content level constructor
+ * MFSA 2013-43/CVE-2013-1671 (bmo#842255)
+ File input control has access to full path
+ * MFSA 2013-46/CVE-2013-1674 (bmo#860971)
+ Use-after-free with video and onresize event
+ * MFSA 2013-47/CVE-2013-1675 (bmo#866825)
+ Uninitialized functions in DOMSVGZoomEvent
+ * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/
+ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681
+ Memory corruption found using Address Sanitizer
+
+-------------------------------------------------------------------
+Tue Apr 9 06:41:31 UTC 2013 - wr@rosenauer.org
+
+- revert to use GStreamer 0.10 on 12.3 (bnc#814101)
+ (remove mozilla-gstreamer-1.patch)
+
+-------------------------------------------------------------------
+Fri Apr 5 17:04:11 UTC 2013 - schwab@linux-m68k.org
+
+- Explicitly disable WebRTC support on non-x86, the configure script
+ disables it only half-heartedly
+
+-------------------------------------------------------------------
+Fri Mar 29 22:15:21 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 20.0 (bnc#813026)
+ * requires NSPR 4.9.5 and NSS 3.14.3
+ * mozilla-webrtc-ppc.patch included upstream
+ * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
+ Miscellaneous memory safety hazards
+ * MFSA 2013-31/CVE-2013-0800 (bmo#825721)
+ Out-of-bounds write in Cairo library
+ * MFSA 2013-35/CVE-2013-0796 (bmo#827106)
+ WebGL crash with Mesa graphics driver on Linux
+ * MFSA 2013-36/CVE-2013-0795 (bmo#825697)
+ Bypass of SOW protections allows cloning of protected nodes
+ * MFSA 2013-37/CVE-2013-0794 (bmo#626775)
+ Bypass of tab-modal dialog origin disclosure
+ * MFSA 2013-38/CVE-2013-0793 (bmo#803870)
+ Cross-site scripting (XSS) using timed history navigations
+ * MFSA 2013-39/CVE-2013-0792 (bmo#722831)
+ Memory corruption while rendering grayscale PNG images
+- use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch)
+
+-------------------------------------------------------------------
+Tue Mar 12 23:08:15 UTC 2013 - dmueller@suse.com
+
+- build fixes for armv7hl:
+ * disable debug build as armv7hl does not have enough memory
+ * disable webrtc on armv7hl as it is non-compiling
+
+-------------------------------------------------------------------
+Thu Mar 7 19:03:32 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 19.0.2 (bnc#808243)
+ * MFSA 2013-29/CVE-2013-0787 (bmo#848644)
+ Use-after-free in HTML Editor
+
+-------------------------------------------------------------------
+Thu Feb 28 22:06:36 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 19.0.1
+ * blocklist updates
+
+-------------------------------------------------------------------
+Sat Feb 16 07:08:55 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 19.0 (bnc#804248)
+ * MFSA 2013-21/CVE-2013-0783/2013-0784
+ Miscellaneous memory safety hazards
+ * MFSA 2013-22/CVE-2013-0772 (bmo#801366)
+ Out-of-bounds read in image rendering
+ * MFSA 2013-23/CVE-2013-0765 (bmo#830614)
+ Wrapped WebIDL objects can be wrapped again
+ * MFSA 2013-24/CVE-2013-0773 (bmo#809652)
+ Web content bypass of COW and SOW security wrappers
+ * MFSA 2013-25/CVE-2013-0774 (bmo#827193)
+ Privacy leak in JavaScript Workers
+ * MFSA 2013-26/CVE-2013-0775 (bmo#831095)
+ Use-after-free in nsImageLoadingContent
+ * MFSA 2013-27/CVE-2013-0776 (bmo#796475)
+ Phishing on HTTPS connection through malicious proxy
+ * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
+ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
+ Use-after-free, out of bounds read, and buffer overflow issues
+ found using Address Sanitizer
+- removed obsolete patches
+ * mozilla-webrtc.patch
+ * mozilla-gstreamer-803287.patch
+- added patch to fix session restore window order (bmo#712763)
+
+-------------------------------------------------------------------
+Sat Feb 2 08:40:52 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 18.0.2
+ * blocklist and CTP updates
+ * fixes in JS engine
+
+-------------------------------------------------------------------
+Wed Jan 16 20:51:55 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 18.0.1
+ * blocklist updates
+ * backed out bmo#677092 (removed patch)
+ * fixed problems involving HTTP proxy transactions
+
+-------------------------------------------------------------------
+Sat Jan 12 17:25:11 UTC 2013 - schwab@linux-m68k.org
+
+- Fix WebRTC to build on powerpc
+
+-------------------------------------------------------------------
+Sun Jan 6 21:54:18 UTC 2013 - wr@rosenauer.org
+
+- update to Firefox 18.0 (bnc#796895)
+ * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
+ Miscellaneous memory safety hazards
+ * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
+ CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
+ Use-after-free and buffer overflow issues found using Address Sanitizer
+ * MFSA 2013-03/CVE-2013-0768 (bmo#815795)
+ Buffer Overflow in Canvas
+ * MFSA 2013-04/CVE-2012-0759 (bmo#802026)
+ URL spoofing in addressbar during page loads
+ * MFSA 2013-05/CVE-2013-0744 (bmo#814713)
+ Use-after-free when displaying table with many columns and column groups
+ * MFSA 2013-06/CVE-2013-0751 (bmo#790454)
+ Touch events are shared across iframes
+ * MFSA 2013-07/CVE-2013-0764 (bmo#804237)
+ Crash due to handling of SSL on threads
+ * MFSA 2013-08/CVE-2013-0745 (bmo#794158)
+ AutoWrapperChanger fails to keep objects alive during garbage collection
+ * MFSA 2013-09/CVE-2013-0746 (bmo#816842)
+ Compartment mismatch with quickstubs returned values
+ * MFSA 2013-10/CVE-2013-0747 (bmo#733305)
+ Event manipulation in plugin handler to bypass same-origin policy
+ * MFSA 2013-11/CVE-2013-0748 (bmo#806031)
+ Address space layout leaked in XBL objects
+ * MFSA 2013-12/CVE-2013-0750 (bmo#805121)
+ Buffer overflow in Javascript string concatenation
+ * MFSA 2013-13/CVE-2013-0752 (bmo#805024)
+ Memory corruption in XBL with XML bindings containing SVG
+ * MFSA 2013-14/CVE-2013-0757 (bmo#813901)
+ Chrome Object Wrapper (COW) bypass through changing prototype
+ * MFSA 2013-15/CVE-2013-0758 (bmo#813906)
+ Privilege escalation through plugin objects
+ * MFSA 2013-16/CVE-2013-0753 (bmo#814001)
+ Use-after-free in serializeToStream
+ * MFSA 2013-17/CVE-2013-0754 (bmo#814026)
+ Use-after-free in ListenerManager
+ * MFSA 2013-18/CVE-2013-0755 (bmo#814027)
+ Use-after-free in Vibrate
+ * MFSA 2013-19/CVE-2013-0756 (bmo#814029)
+ Use-after-free in Javascript Proxy objects
+- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)
+- removed obsolete SLE11 patches (mozilla-gcc43*)
+- reenable WebRTC
+- added mozilla-libproxy-compat.patch for libproxy API compat
+ on openSUSE 11.2 and earlier
+- backed out restartless language packs as it broke multi-locale
+ setup (bmo#677092, bmo#818468)
+
+-------------------------------------------------------------------
+Thu Nov 29 19:56:51 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 17.0.1
+ * revert some useragent changes introduced in 17.0
+ * leaving private browsing with social enabled doesn't reset all
+ social components (bmo#815042)
+- fix KDE integration for file dialogs
+
+-------------------------------------------------------------------
+Tue Nov 20 19:52:02 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 17.0 (bnc#790140)
+ * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
+ Miscellaneous memory safety hazards
+ * MFSA 2012-92/CVE-2012-4202 (bmo#758200)
+ Buffer overflow while rendering GIF images
+ * MFSA 2012-93/CVE-2012-4201 (bmo#747607)
+ evalInSanbox location context incorrectly applied
+ * MFSA 2012-94/CVE-2012-5836 (bmo#792857)
+ Crash when combining SVG text on path with CSS
+ * MFSA 2012-95/CVE-2012-4203 (bmo#765628)
+ Javascript: URLs run in privileged context on New Tab page
+ * MFSA 2012-96/CVE-2012-4204 (bmo#778603)
+ Memory corruption in str_unescape
+ * MFSA 2012-97/CVE-2012-4205 (bmo#779821)
+ XMLHttpRequest inherits incorrect principal within sandbox
+ * MFSA 2012-99/CVE-2012-4208 (bmo#798264)
+ XrayWrappers exposes chrome-only properties when not in chrome
+ compartment
+ * MFSA 2012-100/CVE-2012-5841 (bmo#805807)
+ Improper security filtering for cross-origin wrappers
+ * MFSA 2012-101/CVE-2012-4207 (bmo#801681)
+ Improper character decoding in HZ-GB-2312 charset
+ * MFSA 2012-102/CVE-2012-5837 (bmo#800363)
+ Script entered into Developer Toolbar runs with chrome privileges
+ * MFSA 2012-103/CVE-2012-4209 (bmo#792405)
+ Frames can shadow top.location
+ * MFSA 2012-104/CVE-2012-4210 (bmo#796866)
+ CSS and HTML injection through Style Inspector
+ * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
+ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
+ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
+ Use-after-free and buffer overflow issues found using Address
+ Sanitizer
+ * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
+ Use-after-free, buffer overflow, and memory corruption issues
+ found using Address Sanitizer
+- rebased patches
+- disabled WebRTC since build is broken (bmo#776877)
+
+-------------------------------------------------------------------
+Tue Nov 20 15:42:55 UTC 2012 - pcerny@suse.com
+
+- build on SLE11
+ * mozilla-gcc43-enums.patch
+ * mozilla-gcc43-template_hacks.patch
+ * mozilla-gcc43-templates_instantiation.patch
+
+-------------------------------------------------------------------
+Wed Oct 24 08:27:29 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 16.0.2 (bnc#786522)
+ * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196
+ (bmo#800666, bmo#793121, bmo#802557)
+ Fixes for Location object issues
+- bring back Obsoletes for libproxy's mozjs plugin for distributions
+ before 12.2 to avoid crashes
+
+-------------------------------------------------------------------
+Thu Oct 11 01:51:16 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 16.0.1 (bnc#783533)
+ * MFSA 2012-88/CVE-2012-4191 (bmo#798045)
+ Miscellaneous memory safety hazards
+ * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
+ defaultValue security checks not applied
+
+-------------------------------------------------------------------
+Sun Oct 7 21:40:14 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 16.0 (bnc#783533)
+ * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
+ Miscellaneous memory safety hazards
+ * MFSA 2012-75/CVE-2012-3984 (bmo#575294)
+ select element persistance allows for attacks
+ * MFSA 2012-76/CVE-2012-3985 (bmo#655649)
+ Continued access to initial origin after setting document.domain
+ * MFSA 2012-77/CVE-2012-3986 (bmo#775868)
+ Some DOMWindowUtils methods bypass security checks
+ * MFSA 2012-79/CVE-2012-3988 (bmo#725770)
+ DOS and crash with full screen and history navigation
+ * MFSA 2012-80/CVE-2012-3989 (bmo#783867)
+ Crash with invalid cast when using instanceof operator
+ * MFSA 2012-81/CVE-2012-3991 (bmo#783260)
+ GetProperty function can bypass security checks
+ * MFSA 2012-82/CVE-2012-3994 (bmo#765527)
+ top object and location property accessible by plugins
+ * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
+ Chrome Object Wrapper (COW) does not disallow acces to privileged
+ functions or properties
+ * MFSA 2012-84/CVE-2012-3992 (bmo#775009)
+ Spoofing and script injection through location.hash
+ * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
+ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
+ Use-after-free, buffer overflow, and out of bounds read issues
+ found using Address Sanitizer
+ * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
+ CVE-2012-4188
+ Heap memory corruption issues found using Address Sanitizer
+ * MFSA 2012-87/CVE-2012-3990 (bmo#787704)
+ Use-after-free in the IME State Manager
+- requires NSPR 4.9.2
+- improve GStreamer integration (bmo#760140)
+- removed upstreamed mozilla-crashreporter-restart-args.patch
+- webapprt now included
+- use kmozillahelper's new REVEAL command (bnc#777415)
+ (requires mozilla-kde4-integration >= 0.6.4)
+- updated translations-other with new languages
+
+-------------------------------------------------------------------
+Mon Sep 10 19:37:56 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 15.0.1 (bnc#779936)
+ * Sites visited while in Private Browsing mode could be found
+ through manual browser cache inspection (bmo#787743)
+
+-------------------------------------------------------------------
+Sun Aug 26 13:47:43 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 15.0 (bnc#777588)
+ * MFSA 2012-57/CVE-2012-1970
+ Miscellaneous memory safety hazards
+ * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
+ CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
+ CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
+ Use-after-free issues found using Address Sanitizer
+ * MFSA 2012-59/CVE-2012-1956 (bmo#756719)
+ Location object can be shadowed using Object.defineProperty
+ * MFSA 2012-60/CVE-2012-3965 (bmo#769108)
+ Escalation of privilege through about:newtab
+ * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
+ Memory corruption with bitmap format images with negative height
+ * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
+ WebGL use-after-free and memory corruption
+ * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
+ SVG buffer overflow and use-after-free issues
+ * MFSA 2012-64/CVE-2012-3971
+ Graphite 2 memory corruption
+ * MFSA 2012-65/CVE-2012-3972 (bmo#746855)
+ Out-of-bounds read in format-number in XSLT
+ * MFSA 2012-66/CVE-2012-3973 (bmo#757128)
+ HTTPMonitor extension allows for remote debugging without explicit
+ activation
+ * MFSA 2012-68/CVE-2012-3975 (bmo#770684)
+ DOMParser loads linked resources in extensions when parsing
+ text/html
+ * MFSA 2012-69/CVE-2012-3976 (bmo#768568)
+ Incorrect site SSL certificate data display
+ * MFSA 2012-70/CVE-2012-3978 (bmo#770429)
+ Location object security checks bypassed by chrome code
+ * MFSA 2012-72/CVE-2012-3980 (bmo#771859)
+ Web console eval capable of executing chrome-privileged code
+- fix HTML5 video crash with GStreamer enabled (bmo#761030)
+- GStreamer is only used for MP4 (no WebM, OGG)
+- updated filelist
+- moved browser specific preferences to correct location
+
+-------------------------------------------------------------------
+Sun Jul 29 08:34:39 UTC 2012 - aj@suse.de
+
+- Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16)
+
+-------------------------------------------------------------------
+Sat Jul 14 19:31:51 UTC 2012 - wr@rosenauer.org
+
+- update to 14.0.1 (bnc#771583)
+ * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
+ Miscellaneous memory safety hazards
+ * MFSA 2012-43/CVE-2012-1950
+ Incorrect URL displayed in addressbar through drag and drop
+ * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
+ Gecko memory corruption
+ * MFSA 2012-45/CVE-2012-1955 (bmo#757376)
+ Spoofing issue with location
+ * MFSA 2012-46/CVE-2012-1966 (bmo#734076)
+ XSS through data: URLs
+ * MFSA 2012-47/CVE-2012-1957 (bmo#750096)
+ Improper filtering of javascript in HTML feed-view
+ * MFSA 2012-48/CVE-2012-1958 (bmo#750820)
+ use-after-free in nsGlobalWindow::PageHidden
+ * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
+ Same-compartment Security Wrappers can be bypassed
+ * MFSA 2012-50/CVE-2012-1960 (bmo#761014)
+ Out of bounds read in QCMS
+ * MFSA 2012-51/CVE-2012-1961 (bmo#761655)
+ X-Frame-Options header ignored when duplicated
+ * MFSA 2012-52/CVE-2012-1962 (bmo#764296)
+ JSDependentString::undepend string conversion results in memory
+ corruption
+ * MFSA 2012-53/CVE-2012-1963 (bmo#767778)
+ Content Security Policy 1.0 implementation errors cause data
+ leakage
+ * MFSA 2012-55/CVE-2012-1965 (bmo#758990)
+ feed: URLs with an innerURI inherit security context of page
+ * MFSA 2012-56/CVE-2012-1967 (bmo#758344)
+ Code execution through javascript: URLs
+- license change from tri license to MPL-2.0
+- fix crashreporter restart option (bmo#762780)
+- require NSS 3.13.5
+- remove mozjs pacrunner obsoletes again for now
+- adopted mozilla-prefer_plugin_pref.patch
+- PPC fixes:
+ * reenabled mozilla-yarr-pcre.patch to fix build for PPC
+ * add patches for bmo#750620 and bmo#746112
+ * fix xpcshell segfault on ppc
+
+-------------------------------------------------------------------
+Fri Jun 15 12:37:09 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 13.0.1
+ * bugfix release
+- obsolete libproxy's mozjs pacrunner (bnc#759123)
+
+-------------------------------------------------------------------
+Sat Jun 2 08:22:51 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 13.0 (bnc#765204)
+ * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
+ Miscellaneous memory safety hazards
+ * MFSA 2012-36/CVE-2012-1944 (bmo#751422)
+ Content Security Policy inline-script bypass
+ * MFSA 2012-37/CVE-2012-1945 (bmo#670514)
+ Information disclosure though Windows file shares and shortcut
+ files
+ * MFSA 2012-38/CVE-2012-1946 (bmo#750109)
+ Use-after-free while replacing/inserting a node in a document
+ * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
+ Buffer overflow and use-after-free issues found using Address
+ Sanitizer
+- require NSS 3.13.4
+ * MFSA 2012-39/CVE-2012-0441 (bmo#715073)
+- fix sound notifications when filename/path contains a whitespace
+ (bmo#749739)
+
+-------------------------------------------------------------------
+Wed May 23 14:40:16 UTC 2012 - adrian@suse.de
+
+- fix build on arm
+
+-------------------------------------------------------------------
+Wed May 16 05:34:01 UTC 2012 - wr@rosenauer.org
+
+- reenabled crashreporter for Factory/12.2
+ (fix in mozilla-gcc47.patch)
+
+-------------------------------------------------------------------
+Sat Apr 21 10:02:37 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 12.0 (bnc#758408)
+ * rebased patches
+ * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
+ Miscellaneous memory safety hazards
+ * MFSA 2012-22/CVE-2012-0469 (bmo#738985)
+ use-after-free in IDBKeyRange
+ * MFSA 2012-23/CVE-2012-0470 (bmo#734288)
+ Invalid frees causes heap corruption in gfxImageSurface
+ * MFSA 2012-24/CVE-2012-0471 (bmo#715319)
+ Potential XSS via multibyte content processing errors
+ * MFSA 2012-25/CVE-2012-0472 (bmo#744480)
+ Potential memory corruption during font rendering using cairo-dwrite
+ * MFSA 2012-26/CVE-2012-0473 (bmo#743475)
+ WebGL.drawElements may read illegal video memory due to
+ FindMaxUshortElement error
+ * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
+ Page load short-circuit can lead to XSS
+ * MFSA 2012-28/CVE-2012-0475 (bmo#694576)
+ Ambiguous IPv6 in Origin headers may bypass webserver access
+ restrictions
+ * MFSA 2012-29/CVE-2012-0477 (bmo#718573)
+ Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
+ * MFSA 2012-30/CVE-2012-0478 (bmo#727547)
+ Crash with WebGL content using textImage2D
+ * MFSA 2012-31/CVE-2011-3062 (bmo#739925)
+ Off-by-one error in OpenType Sanitizer
+ * MFSA 2012-32/CVE-2011-1187 (bmo#624621)
+ HTTP Redirections and remote content can be read by javascript errors
+ * MFSA 2012-33/CVE-2012-0479 (bmo#714631)
+ Potential site identity spoofing when loading RSS and Atom feeds
+- added mozilla-libnotify.patch to allow fallback from libnotify
+ to xul based events if no notification-daemon is running
+- gcc 4.7 fixes
+ * mozilla-gcc47.patch
+ * disabled crashreporter temporarily for Factory
+- recommend libcanberra0 for proper sound notifications
+
+-------------------------------------------------------------------
+Fri Mar 9 21:47:07 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 11.0 (bnc#750044)
+ * MFSA 2012-13/CVE-2012-0455 (bmo#704354)
+ XSS with Drag and Drop and Javascript: URL
+ * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
+ SVG issues found with Address Sanitizer
+ * MFSA 2012-15/CVE-2012-0451 (bmo#717511)
+ XSS with multiple Content Security Policy headers
+ * MFSA 2012-16/CVE-2012-0458
+ Escalation of privilege with Javascript: URL as home page
+ * MFSA 2012-17/CVE-2012-0459 (bmo#723446)
+ Crash when accessing keyframe cssText after dynamic modification
+ * MFSA 2012-18/CVE-2012-0460 (bmo#727303)
+ window.fullScreen writeable by untrusted content
+ * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
+ CVE-2012-0463
+ Miscellaneous memory safety hazards
+- ported and reenabled KDE integration (bnc#746591)
+- explicitely build-require X libs
+
+-------------------------------------------------------------------
+Mon Mar 5 13:31:48 UTC 2012 - vdziewiecki@suse.com
+
+- add Provides: browser(npapi) FATE#313084
+
+-------------------------------------------------------------------
+Fri Feb 17 17:41:11 UTC 2012 - pcerny@suse.com
+
+- better plugin directory resolution (bnc#747320)
+
+-------------------------------------------------------------------
+Thu Feb 16 08:47:31 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 10.0.2 (bnc#747328)
+ * CVE-2011-3026 (bmo#727401)
+ libpng: integer overflow leading to heap-buffer overflow
+
+-------------------------------------------------------------------
+Thu Feb 9 09:26:11 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 10.0.1 (bnc#746616)
+ * MFSA 2012-10/CVE-2012-0452 (bmo#724284)
+ use after free in nsXBLDocumentInfo::ReadPrototypeBindings
+
+-------------------------------------------------------------------
+Tue Feb 7 10:40:58 UTC 2012 - dvaleev@suse.com
+
+- Use YARR interpreter instead of PCRE on platforms where YARR JIT
+ is not supported, since PCRE doesnt build (bmo#691898)
+- fix ppc64 build (bmo#703534)
+
+-------------------------------------------------------------------
+Mon Jan 30 09:41:59 UTC 2012 - wr@rosenauer.org
+
+- update to Firefox 10.0 (bnc#744275)
+ * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
+ Miscellaneous memory safety hazards
+ * MFSA 2012-03/CVE-2012-0445 (bmo#701071)
+ <iframe> element exposed across domains via name attribute
+ * MFSA 2012-04/CVE-2011-3659 (bmo#708198)
+ Child nodes from nsDOMAttribute still accessible after removal
+ of nodes
+ * MFSA 2012-05/CVE-2012-0446 (bmo#705651)
+ Frame scripts calling into untrusted objects bypass security
+ checks
+ * MFSA 2012-06/CVE-2012-0447 (bmo#710079)
+ Uninitialized memory appended when encoding icon images may
+ cause information disclosure
+ * MFSA 2012-07/CVE-2012-0444 (bmo#719612)
+ Potential Memory Corruption When Decoding Ogg Vorbis files
+ * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
+ Crash with malformed embedded XSLT stylesheets
+- KDE integration has been disabled since it needs refactoring
+- removed obsolete ppc64 patch
+
+-------------------------------------------------------------------
+Sun Jan 22 12:08:07 UTC 2012 - joop.boonen@opensuse.org
+
+- Disable neon for arm as it doesn't build correctly
+
+-------------------------------------------------------------------
+Fri Dec 23 17:02:01 UTC 2011 - wr@rosenauer.org
+
+- update to Firefox 9.0.1
+ * (strongparent) parentNode of element gets lost (bmo#335998)
+
+-------------------------------------------------------------------
+Sun Dec 18 09:58:52 UTC 2011 - adrian@suse.de
+
+- fix arm build, don't package crashreporter there
+
+-------------------------------------------------------------------
+Sun Dec 18 09:52:08 UTC 2011 - wr@rosenauer.org
+
+- update to Firefox 9 (bnc#737533)
+ * MFSA 2011-53/CVE-2011-3660
+ Miscellaneous memory safety hazards (rv:9.0)
+ * MFSA 2011-54/CVE-2011-3661 (bmo#691299)
+ Potentially exploitable crash in the YARR regular expression
+ library
+ * MFSA 2011-55/CVE-2011-3658 (bmo#708186)
+ nsSVGValue out-of-bounds access
+ * MFSA 2011-56/CVE-2011-3663 (bmo#704482)
+ Key detection without JavaScript via SVG animation
+ * MFSA 2011-58/VE-2011-3665 (bmo#701259)
+ Crash scaling <video> to extreme sizes
+
+-------------------------------------------------------------------
+Sun Nov 27 03:51:54 UTC 2011 - mgorse@suse.com
+
+- Fix accessibility under GNOME 3 (bnc#732898)
+
+-------------------------------------------------------------------
+Sat Nov 12 15:16:38 UTC 2011 - dvaleev@suse.com
+
+- fix ppc64 build
+
+-------------------------------------------------------------------
+Sun Nov 6 08:20:59 UTC 2011 - wr@rosenauer.org
+
+- update to Firefox 8 (bnc#728520)
+ * MFSA 2011-47/CVE-2011-3648 (bmo#690225)
+ Potential XSS against sites using Shift-JIS
+ * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
+ Miscellaneous memory safety hazards
+ * MFSA 2011-49/CVE-2011-3650 (bmo#674776)
+ Memory corruption while profiling using Firebug
+ * MFSA 2011-52/CVE-2011-3655 (bmo#672182)
+ Code execution via NoWaiverWrapper
+- rebased patches
+
+-------------------------------------------------------------------
+Thu Oct 20 12:34:47 UTC 2011 - wr@rosenauer.org
+
+- enable telemetry prompt
+
+-------------------------------------------------------------------
+Fri Sep 30 10:52:36 UTC 2011 - wr@rosenauer.org
+
+- update to minor release 7.0.1
+ * fixed staged addon updates
+- set intl.locale.matchOS=true in the base package as it causes
+ too much confusion when it's only available with branding-openSUSE
+
+-------------------------------------------------------------------
+Fri Sep 23 11:22:22 UTC 2011 - wr@rosenauer.org
+
+- update to Firefox 7 (bnc#720264)
+ including
+ * Improve Responsiveness with Memory Reductions
+ * Instant Sync
+ * WebSocket protocol 8
+ * MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997
+ Miscellaneous memory safety hazards
+ * MFSA 2011-39/CVE-2011-3000 (bmo#655389)
+ Defense against multiple Location headers due to CRLF Injection
+ * MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
+ Code installation through holding down Enter
+ * MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335)
+ Potentially exploitable WebGL crashes
+ * MFSA 2011-42/CVE-2011-3232 (bmo#653672)
+ Potentially exploitable crash in the YARR regular expression
+ library
+ * MFSA 2011-43/CVE-2011-3004 (bmo#653926)
+ loadSubScript unwraps XPCNativeWrapper scope parameter
+ * MFSA 2011-44/CVE-2011-3005 (bmo#675747)
+ Use after free reading OGG headers
+ * MFSA 2011-45
+ Inferring keystrokes from motion data
+- removed obsolete mozilla-cairo-lcd.patch
+- rebased patches
+- removed XLIB_SKIP_ARGB_VISUALS=1 from environment in
+ mozilla.sh.in (bnc#680758)
+
+-------------------------------------------------------------------
+Fri Sep 16 06:57:38 UTC 2011 - wr@rosenauer.org
+
+- fixed loading of kde.js under KDE (bnc#718311)
+
+-------------------------------------------------------------------
+Wed Sep 14 07:02:04 UTC 2011 - wr@rosenauer.org
+
+- add dbus-1-glib-devel to BuildRequires (not pulled in
+ automatically anymore on 12.1)
+- increase minversions for NSPR and NSS
+
+-------------------------------------------------------------------
+Fri Sep 9 20:44:15 UTC 2011 - wr@rosenauer.org
+
+- recreated source archive to get correct source-stamp.txt
+
+-------------------------------------------------------------------
+Wed Sep 7 14:30:34 UTC 2011 - pcerny@suse.com
+
+- security update to 6.0.2 (bnc#714931)
+ * Complete blocking of certificates issued by DigiNotar
+ (bmo#683449)
+
+-------------------------------------------------------------------
+Fri Sep 2 14:40:07 UTC 2011 - pcerny@suse.com
+
+- security update to 6.0.1 (bnc#714931)
+ * MFSA 2011-34
+ Protection against fraudulent DigiNotar certificates
+ (bmo#682927)
+
+-------------------------------------------------------------------
+Fri Aug 12 21:16:19 UTC 2011 - wr@rosenauer.org
+
+- update to 6.0 (bnc#712224)
+ included security fixes MFSA 2011-29
+ * CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985
+ Miscellaneous memory safety hazards
+ * CVE-2011-2993 (bmo#657267)
+ Unsigned scripts can call script inside signed JAR
+ * CVE-2011-2988 (bmo#665934)
+ Heap overflow in ANGLE library
+ * CVE-2011-0084 (bmo#648094)
+ Crash in SVGTextElement.getCharNumAtPosition()
+ * CVE-2011-2990
+ Credential leakage using Content Security Policy reports
+ * CVE-2011-2986 (bmo#655836)
+ Cross-origin data theft using canvas and Windows D2D
+- removed obsolete curl header dependency (mozilla-curl.patch)
+
+-------------------------------------------------------------------
+Fri Jul 22 13:34:12 UTC 2011 - wr@rosenauer.org
+
+- update to 6.0b3
+ * removed obsolete patches
+ - firefox-shellservice.patch
+ - mozilla-gio.patch
+ - mozilla-ppc-ipc.patch
+ - firefox-linkorder.patch
+ - firefox-no-sync-l10n.patch
+- recognize linux3 as platform for symbolstore.py
+
+-------------------------------------------------------------------
+Fri Jul 1 19:53:18 CEST 2011 - vuntz@opensuse.org
+
+- Add x-scheme-handler/ftp to the MimeType key in the .desktop, to
+ let desktops know that Firefox can deal with ftp: URIs.
+
+-------------------------------------------------------------------
+Fri Jul 1 06:45:08 UTC 2011 - wr@rosenauer.org
+
+- create upstream branding package again (supposedly empty)
+ (bnc#703401)
+- fix build on SLE11 (changes do not affect/are not applied for
+ later versions)
+
+-------------------------------------------------------------------
+Wed Jun 22 06:41:17 UTC 2011 - wr@rosenauer.org
+
+- enable startup notification (bnc#701465)
+
+-------------------------------------------------------------------
+Mon Jun 20 19:37:01 UTC 2011 - wr@rosenauer.org
+
+- update to 5.0 final
+- included fixes for security issues: (bnc#701296, bnc#700578)
+ * MFSA 2011-19/CVE-2011-2374 CVE-2011-2375
+ Miscellaneous memory safety hazards
+ * MFSA 2011-20/CVE-2011-2373 (bmo#617247)
+ Use-after-free vulnerability when viewing XUL document with
+ script disabled
+ * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
+ Memory corruption due to multipart/x-mixed-replace images
+ * MFSA 2011-22/CVE-2011-2371 (bmo#664009)
+ Integer overflow and arbitrary code execution in
+ Array.reduceRight()
+ * MFSA 2011-25/CVE-2011-2366
+ Stealing of cross-domain images using WebGL textures
+ * MFSA 2011-26/CVE-2011-2367 CVE-2011-2368
+ Multiple WebGL crashes
+ * MFSA 2011-27/CVE-2011-2369 (bmo#650001)
+ XSS encoding hazard with inline SVG
+ * MFSA 2011-28/CVE-2011-2370 (bmo#645699)
+ Non-whitelisted site can trigger xpinstall
+
+-------------------------------------------------------------------
+Mon Jun 20 09:17:42 UTC 2011 - wr@rosenauer.org
+
+- update to 5.0b7
+ * updated supported locales
+- do not build dump_syms static (not needed for us)
+ -> fix build for openSUSE 12.1 and above
+
+-------------------------------------------------------------------
+Wed Jun 15 14:59:32 UTC 2011 - wr@rosenauer.org
+
+- update to 5.0b6
+- include proper revision information into the build
+- speedier find-external-requires.sh
+
+-------------------------------------------------------------------
+Tue May 31 06:53:55 UTC 2011 - wr@rosenauer.org
+
+- update to 5.0b3
+- transformed to standalone Firefox (not xulrunner based)
+ (with new Firefox rapid release cycle it makes no sense anymore)
+ * imported all relevant xulrunner patches
+- do not compile in build timestamp
+
+-------------------------------------------------------------------
+Fri Apr 15 07:08:53 UTC 2011 - wr@rosenauer.org
+
+- security update to 4.0.1 (bnc#689281)
+ * MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0079
+ CVE-2011-0080 CVE-2011-0081
+ Miscellaneous memory safety hazards
+ * MFSA 2011-17/CVE-2011-0068 (bmo#623791)
+ WebGLES vulnerabilities
+ * MFSA 2011-18/CVE-2011-1202 (bmo#640339)
+ XSLT generate-id() function heap address leak
+
+-------------------------------------------------------------------
+Wed Mar 30 11:24:36 UTC 2011 - wr@rosenauer.org
+
+- add all available icon sizes
+
+-------------------------------------------------------------------
+Tue Mar 29 11:55:53 UTC 2011 - cfarrell@novell.com
+
+- license update: MPLv1.1 or GPLv2+ or LGPLv2+
+ Sync licenses with Fedora. MPL does not state ^or later^
+
+-------------------------------------------------------------------
+Fri Mar 18 08:49:15 UTC 2011 - wr@rosenauer.org
+
+- update to version 4.0rc2
+- fixed rpm macros delivered with devel package (bnc#679950)
+
+-------------------------------------------------------------------
+Wed Feb 23 07:52:04 UTC 2011 - wr@rosenauer.org
+
+- update to version 4.0b12
+- rebased patches
+
+-------------------------------------------------------------------
+Fri Feb 4 09:32:50 UTC 2011 - wr@rosenauer.org
+
+- update to version 4.0b11
+ * loads of bugfixes compared to last beta
+ * added "Do Not Track" option
+- rebased patches
+- disable testpilot
+
+-------------------------------------------------------------------
+Fri Jan 28 08:56:12 UTC 2011 - wr@rosenauer.org
+
+- set correct desktop file name within KDE for 11.4 and up
+- add devel package with macros for extensions (from lnussel@suse.de)
+
+-------------------------------------------------------------------
+Sat Jan 22 22:21:52 UTC 2011 - wr@rosenauer.org
+
+- update to version 4.0b10
+- removed obsolete firefox-shell-bmo624267.patch
+- testpilot moved to distribution/extensions
+- updated locale provides and removed bn-IN from locales
+
+-------------------------------------------------------------------
+Tue Jan 11 06:13:40 UTC 2011 - wr@rosenauer.org
+
+- update to version 4.0b9
+- added x-scheme-handler for http and https to desktop file for
+ newer Gnome environments
+- fixed default browser check/set for GIO (bmo#611953)
+ (mozilla-shellservice.patch)
+- removed obsolete firefox-appname.patch (integrated into
+ shellservice patch)
+- renamed desktop file to firefox.desktop for 11.4 and newer
+ (bnc#664211)
+- removed support for 10.3 and older from the spec file
+- removed obsolete "Ximian" categories from desktop file
+
+-------------------------------------------------------------------
+Mon Jan 3 17:35:46 CET 2011 - meissner@suse.de
+
+- Mirror ac_add_options --disable-ipc from xulrunner for PowerPC.
+
+-------------------------------------------------------------------
+Wed Dec 15 07:49:45 UTC 2010 - wr@rosenauer.org
+
+- update to version 4.0beta8
+
+-------------------------------------------------------------------
+Tue Nov 30 14:19:59 UTC 2010 - wr@rosenauer.org
+
+- major update to version 4.0beta7
+ * based on mozilla-xulrunner20
+ * far too many internal changes to list
+
+-------------------------------------------------------------------
+Wed Oct 27 07:12:14 CEST 2010 - wr@rosenauer.org
+
+- security update to 3.6.12 (bnc#649492)
+ * MFSA 2010-73/CVE-2010-3765 (bmo#607222)
+ Heap buffer overflow mixing document.write and DOM insertion
+
+-------------------------------------------------------------------
+Wed Oct 6 07:13:52 CEST 2010 - wr@rosenauer.org
+
+- security update to 3.6.11 (bnc#645315)
+ * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
+ Miscellaneous memory safety hazards
+ * MFSA 2010-65/CVE-2010-3179 (bmo#583077)
+ Buffer overflow and memory corruption using document.write
+ * MFSA 2010-66/CVE-2010-3180 (bmo#588929)
+ Use-after-free error in nsBarProp
+ * MFSA 2010-67/CVE-2010-3183 (bmo#598669)
+ Dangling pointer vulnerability in LookupGetterOrSetter
+ * MFSA 2010-68/CVE-2010-3177 (bmo#556734)
+ XSS in gopher parser when parsing hrefs
+ * MFSA 2010-69/CVE-2010-3178 (bmo#576616)
+ Cross-site information disclosure via modal calls
+ * MFSA 2010-70/CVE-2010-3170 (bmo#578697)
+ SSL wildcard certificate matching IP addresses
+ * MFSA 2010-71/CVE-2010-3182 (bmo#590753)
+ Unsafe library loading vulnerabilities
+ * MFSA 2010-72/CVE-2010-3173
+ Insecure Diffie-Hellman key exchange
+
+-------------------------------------------------------------------
+Wed Sep 15 07:39:22 CEST 2010 - wr@rosenauer.org
+
+- update to 3.6.10
+ * fixing startup topcrash (bmo#594699)
+
+-------------------------------------------------------------------
+Thu Aug 26 07:40:28 CEST 2010 - wr@rosenauer.org
+
+- security update to 3.6.9 (bnc#637303)
+ * MFSA 2010-49/CVE-2010-3169
+ Miscellaneous memory safety hazards
+ * MFSA 2010-50/CVE-2010-2765 (bmo#576447)
+ Frameset integer overflow vulnerability
+ * MFSA 2010-51/CVE-2010-2767 (bmo#584512)
+ Dangling pointer vulnerability using DOM plugin array
+ * MFSA 2010-53/CVE-2010-3166 (bmo#579655)
+ Heap buffer overflow in nsTextFrameUtils::TransformText
+ * MFSA 2010-54/CVE-2010-2760 (bmo#585815)
+ Dangling pointer vulnerability in nsTreeSelection
+ * MFSA 2010-55/CVE-2010-3168 (bmo#576075)
+ XUL tree removal crash and remote code execution
+ * MFSA 2010-56/CVE-2010-3167 (bmo#576070)
+ Dangling pointer vulnerability in nsTreeContentView
+ * MFSA 2010-57/CVE-2010-2766 (bmo#580445)
+ Crash and remote code execution in normalizeDocument
+ * MFSA 2010-59/CVE-2010-2762 (bmo#584180)
+ SJOW creates scope chains ending in outer object
+ * MFSA 2010-61/CVE-2010-2768 (bmo#579744)
+ UTF-7 XSS by overriding document charset using <object> type
+ attribute
+ * MFSA 2010-62/CVE-2010-2769 (bmo#520189)
+ Copy-and-paste or drag-and-drop into designMode document allows
+ XSS
+ * MFSA 2010-63/CVE-2010-2764 (bmo#552090)
+ Information leak via XMLHttpRequest statusText
+
+-------------------------------------------------------------------
+Wed Jul 28 08:33:14 CEST 2010 - meissner@suse.de
+
+- disable crash reporter for non x86/x86_64 to make it build.
+
+-------------------------------------------------------------------
+Sat Jul 24 12:42:58 CEST 2010 - wr@rosenauer.org
+
+- security update to 3.6.8 (bnc#622506)
+ * MFSA 2010-48/CVE-2010-2755 (bmo#575836)
+ Dangling pointer crash regression from plugin parameter array
+ fix
+
+-------------------------------------------------------------------
+Fri Jul 16 06:48:44 CEST 2010 - wr@rosenauer.org
+
+- security update to 3.6.7 (bnc#622506)
+ * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
+ Miscellaneous memory safety hazards
+ * MFSA 2010-35/CVE-2010-1208 (bmo#572986)
+ DOM attribute cloning remote code execution vulnerability
+ * MFSA 2010-36/CVE-2010-1209 (bmo#552110)
+ Use-after-free error in NodeIterator
+ * MFSA 2010-37/CVE-2010-1214 (bmo#572985)
+ Plugin parameter EnsureCachedAttrParamArrays remote code
+ execution vulnerability
+ * MFSA 2010-38/CVE-2010-1215 (bmo#567069)
+ Arbitrary code execution using SJOW and fast native function
+ * MFSA 2010-39/CVE-2010-2752 (bmo#574059)
+ nsCSSValue::Array index integer overflow
+ * MFSA 2010-40/CVE-2010-2753 (bmo#571106)
+ nsTreeSelection dangling pointer remote code execution
+ vulnerability
+ * MFSA 2010-41/CVE-2010-1205 (bmo#570451)
+ Remote code execution using malformed PNG image
+ * MFSA 2010-42/CVE-2010-1213 (bmo#568148)
+ Cross-origin data disclosure via Web Workers and importScripts
+ * MFSA 2010-43/CVE-2010-1207 (bmo#571287)
+ Same-origin bypass using canvas context
+ * MFSA 2010-44/CVE-2010-1210 (bmo#564679)
+ Characters mapped to U+FFFD in 8 bit encodings cause subsequent
+ character to vanish
+ * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
+ Multiple location bar spoofing vulnerabilities
+ * MFSA 2010-46/CVE-2010-0654 (bmo#524223)
+ Cross-domain data theft using CSS
+ * MFSA 2010-47/CVE-2010-2754 (bmo#568564)
+ Cross-origin data leakage from script filename in error messages
+
+-------------------------------------------------------------------
+Sun Jun 27 20:24:31 CEST 2010 - wr@rosenauer.org
+
+- update to 3.6.6 release
+ * modifies the crash protection feature to increase the amount
+ of time that plugins are allowed to be non-responsive before
+ being terminated.
+
+-------------------------------------------------------------------
+Wed Jun 23 14:40:35 CEST 2010 - wr@rosenauer.org
+
+- update to final 3.6.4 release (bnc#603356)
+ * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
+ CVE-2010-1203
+ Crashes with evidence of memory corruption (rv:1.9.2.4)
+ * MFSA 2010-28/CVE-2010-1198 (bmo#532246)
+ Freed object reuse across plugin instances
+ * MFSA 2010-29/CVE-2010-1196 (bmo#534666)
+ Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
+ * MFSA 2010-30/CVE-2010-1199 (bmo#554255)
+ Integer Overflow in XSLT Node Sorting
+ * MFSA 2010-31/CVE-2010-1125 (bmo#552255)
+ focus() behavior can be used to inject or steal keystrokes
+ * MFSA 2010-32/CVE-2010-1197 (bmo#537120)
+ Content-Disposition: attachment ignored if
+ Content-Type: multipart also present
+ * MFSA 2010-33/CVE-2008-5913 (bmo#475585)
+ User tracking across sites using Math.random()
+
+-------------------------------------------------------------------
+Mon Jun 7 07:07:33 CEST 2010 - wr@rosenauer.org
+
+- update to 3.6.4(build6)
+
+-------------------------------------------------------------------
+Sun Apr 18 09:42:40 CEST 2010 - wr@rosenauer.org
+
+- security update to 3.6.4 (Lorentz)
+ * enable crashreporter also for x86-64
+ * Flash runs in a separate process to avoid crashing Firefox
+ (ix86 only; x86-64 still uses nspluginwrapper)
+
+-------------------------------------------------------------------
+Thu Apr 1 11:15:38 UTC 2010 - wr@rosenauer.org
+
+- security update to 3.6.3
+ * MFSA 2010-25/CVE-2010-1121 (bmo#555109)
+ Re-use of freed object due to scope confusion
+
+-------------------------------------------------------------------
+Thu Mar 18 06:43:33 CET 2010 - wr@rosenauer.org
+
+- security update to version 3.6.2 (bnc#586567)
+ * MFSA 2010-08/CVE-2010-1028
+ WOFF heap corruption due to integer overflow
+ * MFSA 2010-09/CVE-2010-0164 (bmo#547143)
+ Deleted frame reuse in multipart/x-mixed-replace image
+ * MFSA 2010-10/CVE-2010-0170 (bmo#541530)
+ XSS via plugins and unprotected Location object
+ * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167
+ Crashes with evidence of memory corruption
+ * MFSA 2010-12/CVE-2010-0171 (bmo#531364)
+ XSS using addEventListener and setTimeout on a wrapped object
+ * MFSA 2010-13/CVE-2010-0168 (bmo#540642)
+ Content policy bypass with image preloading
+ * MFSA 2010-14/CVE-2010-0169 (bmo#535806)
+ Browser chrome defacement via cached XUL stylesheets
+ * MFSA 2010-15/CVE-2010-0172 (bmo#537862)
+ Asynchronous Auth Prompt attaches to wrong window
+ * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
+ Crashes with evidence of memory corruption
+ * MFSA 2010-18/CVE-2010-0176 (bmo#538308)
+ Dangling pointer vulnerability in nsTreeContentView
+ * MFSA 2010-19/CVE-2010-0177 (bmo#538310)
+ Dangling pointer vulnerability in nsPluginArray
+ * MFSA 2010-20/CVE-2010-0178 (bmo#546909)
+ Chrome privilege escalation via forced URL drag and drop
+ * MFSA 2010-22/CVE-2009-3555 (bmo#545755)
+ Update NSS to support TLS renegotiation indication
+ * MFSA 2010-23/CVE-2010-0181 (bmo#452093)
+ Image src redirect to mailto: URL opens email editor
+ * MFSA 2010-24/CVE-2010-0182 (bmo#490790)
+ XMLDocument::load() doesn't check nsIContentPolicy
+
+-------------------------------------------------------------------
+Mon Jan 18 09:42:50 CET 2010 - wr@rosenauer.org
+
+- update to 3.6rc2 (already named 3.6.0)
+- removed obsolete orbit-devel build requirement
+
+-------------------------------------------------------------------
+Wed Jan 6 17:15:40 CET 2010 - wr@rosenauer.org
+
+- major update to 3.6rc1
+
+-------------------------------------------------------------------
+Fri Dec 25 09:39:42 CET 2009 - wr@rosenauer.org
+
+- update to version 3.5.7 (bnc#568011)
+ * DNS resolution in MakeSN of nsAuthSSPI causing issues for
+ proxy servers that support NTLM auth (bmo#535193)
+- added missing lockdown preferences (bnc#567131)
+
+-------------------------------------------------------------------
+Thu Dec 17 20:06:38 CET 2009 - wr@rosenauer.org
+
+- readded firefox-ui-lockdown.patch (bnc#546158)
+
+-------------------------------------------------------------------
+Thu Dec 3 21:53:59 CET 2009 - wr@rosenauer.org
+
+- security update to version 3.5.6 (bnc#559807)
+ * MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
+ Crashes with evidence of memory corruption (rv:1.9.1.6)
+ * MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
+ Memory safety fixes in liboggplay media library
+ * MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
+ Integer overflow, crash in libtheora video library
+ * MFSA 2009-68/CVE-2009-3983 (bmo#487872)
+ NTLM reflection vulnerability
+ * MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
+ Location bar spoofing vulnerabilities
+ * MFSA 2009-70/VE-2009-3986 (bmo#522430)
+ Privilege escalation via chrome window.opener
+- fixed firefox-browser-css.patch (bnc#561027)
+
+-------------------------------------------------------------------
+Mon Nov 23 22:31:21 CET 2009 - wr@rosenauer.org
+
+- rebased patches for fuzz=0
+
+-------------------------------------------------------------------
+Thu Nov 5 19:49:33 UTC 2009 - wr@rosenauer.org
+
+- update to version 3.5.5 (bnc#553172)
+
+-------------------------------------------------------------------
+Sat Oct 17 23:19:23 CEST 2009 - wr@rosenauer.org
+
+- security update to version 3.5.4 (bnc#545277)
+ * MFSA 2009-52/CVE-2009-3370 (bmo#511615)
+ Form history vulnerable to stealing
+ * MFSA 2009-53/CVE-2009-3274 (bmo#514823)
+ Local downloaded file tampering
+ * MFSA 2009-54/CVE-2009-3371 (bmo#514554)
+ Crash with recursive web-worker calls
+ * MFSA 2009-55/CVE-2009-3372 (bmo#500644)
+ Crash in proxy auto-configuration regexp parsing
+ * MFSA 2009-56/CVE-2009-3373 (bmo#511689)
+ Heap buffer overflow in GIF color map parser
+ * MFSA 2009-57/CVE-2009-3374 (bmo#505988)
+ Chrome privilege escalation in XPCVariant::VariantDataToJS()
+ * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862)
+ Heap buffer overflow in string to number conversion
+ * MFSA 2009-61/CVE-2009-3375 (bmo#503226)
+ Cross-origin data theft through document.getSelection()
+ * MFSA 2009-62/CVE-2009-3376 (bmo#511521)
+ Download filename spoofing with RTL override
+ * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378
+ Upgrade media libraries to fix memory safety bugs
+ * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383
+ Crashes with evidence of memory corruption
+- removed upstreamed patch
+ * firefox-bug506901.patch
+
+-------------------------------------------------------------------
+Wed Oct 7 20:11:24 CEST 2009 - llunak@novell.com
+
+- fix KDE button order in one more place (bnc#170055)
+
+-------------------------------------------------------------------
+Fri Oct 2 20:26:49 CEST 2009 - wr@rosenauer.org
+
+- improve UI colors to be usable with dark themes at all
+ (firefox-browser-css.patch) (bnc#503351)
+- extend list of supported architectures as ABI identifier
+ (mozilla-abi.patch) (bnc#543460)
+
+-------------------------------------------------------------------
+Mon Sep 14 00:07:55 CEST 2009 - wr@rosenauer.org
+
+- added KDE integration patch from llunak@novell.com
+ (firefox-kde.patch)
+ * support for knotify, making -kde4-addon obsolete
+ * KDE-specific support functional (bnc#170055)
+- do not build libnkgnomevfs (bmo#512671) (firefox-no-gnomevfs)
+
+-------------------------------------------------------------------
+Thu Sep 10 09:34:26 CEST 2009 - wr@rosenauer.org
+
+- security update to version 3.5.3 (bnc#534458)
+ * MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/
+ CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075
+ Crashes with evidence of memory corruption
+ * MFSA 2009-49/CVE-2009-3077 (bmo#506871)
+ TreeColumns dangling pointer vulnerability
+ * MFSA 2009-50/CVE-2009-3078 (bmo#453827)
+ Location bar spoofing via tall line-height Unicode characters
+ * MFSA 2009-51/CVE-2009-3079 (bmo#454363)
+ Chrome privilege escalation with FeedWriter
+
+-------------------------------------------------------------------
+Wed Aug 19 22:14:07 CEST 2009 - wr@rosenauer.org
+
+- renamed patch firefox-contextmenu-gnome to firefox-cross-desktop
+ as it contains more tweaks to handle non-Gnome environments and
+ especially KDE integration:
+ * added the ability to set the KDE default browser
+ (still part of bnc#170055)
+
+-------------------------------------------------------------------
+Sat Aug 8 00:14:18 CEST 2009 - wr@rosenauer.org
+
+- split -translations package into -common and -other
+ (bnc#529180)
+- remove "set as background" from context menu if not running in
+ Gnome (part of bnc#170055)
+
+-------------------------------------------------------------------
+Fri Jul 31 09:01:57 CEST 2009 - wr@rosenauer.org
+
+- security update to version 3.5.2
+ * MFSA 2009-38/CVE-2009-2470 (bmo#459524)
+ Data corruption with SOCKS5 reply containing DNS name longer
+ than 15 characters
+ * MFSA 2009-44/CVE-2009-2654 (bmo#451898)
+ Location bar and SSL indicator spoofing via window.open() on
+ invalid URL
+ * MFSA 2009-45
+ Crashes with evidence of memory corruption
+ * MFSA 2009-46 (bmo#498897)
+ Chrome privilege escalation due to incorrectly cached wrapper
+ * various other stability fixes
+- export MOZ_APP_LAUNCHER in the startscript (bmo#453689)
+
+-------------------------------------------------------------------
+Tue Jul 28 14:54:46 CEST 2009 - wr@rosenauer.org
+
+- fixed %exclude usage
+- fixed preferences' advanced pane for fresh profiles (bmo#506901)
+
+-------------------------------------------------------------------
+Wed Jul 15 20:13:19 CEST 2009 - wr@rosenauer.org
+
+- security update to version 3.5.1
+ * MFSA 2009-41
+ Corrupt JIT state after deep return from native function
+
+-------------------------------------------------------------------
+Mon Jul 6 12:33:47 CEST 2009 - wr@rosenauer.org
+
+- added mozilla-linkorder.patch to fix build with --as-needed
+
+-------------------------------------------------------------------
+Tue Jun 30 08:52:00 CEST 2009 - wr@rosenauer.org
+
+- update to final version 3.5 (20090623)
+
+-------------------------------------------------------------------
+Tue Jun 23 09:39:50 CEST 2009 - wr@rosenauer.org
+
+- fixed build by linking to a real file
+
+-------------------------------------------------------------------
+Thu Jun 18 10:19:40 CEST 2009 - wr@rosenauer.org
+
+- update to version 3.5rc2 (20090617)
+- BuildRequire mozilla-xulrunner191 = 1.9.1.0
+
+-------------------------------------------------------------------
+Sat Jun 6 15:59:02 CEST 2009 - wr@rosenauer.org
+
+- update to version 3.5b99 (20090604)
+- BuildRequire mozilla-xulrunner191 = 1.9.1b99
+
+-------------------------------------------------------------------
+Wed May 27 08:03:16 CEST 2009 - wr@rosenauer.org
+
+- fixed typos in improved xulrunner dependencies
+
+-------------------------------------------------------------------
+Mon May 11 18:25:12 CEST 2009 - wr@rosenauer.org
+
+- use non-localized Downloads folder (bnc#501724)
+
+-------------------------------------------------------------------
+Mon May 4 07:57:50 CEST 2009 - wr@rosenauer.org
+
+- update to new major version 3.5b4
+ * based on Gecko 1.9.1 (mozilla-xulrunner191)
+ * Private Browsing Mode
+ * TraceMonkey JavaScript engine
+ * Geolocation support
+ * native JSON and web worker threads support
+ * speculative parsing for faster content rendering
+ * Some HTML5 support
+- updated firefox.schemas
+- improved firefox-no-update.patch
+
+-------------------------------------------------------------------
+Tue Apr 28 10:47:54 CEST 2009 - wr@rosenauer.org
+
+- security update to 3.0.10
+ * MFSA 2009-23/CVE-2009-1313 (bmo#489647)
+ Crash in nsTextFrame::ClearTextRun()
+
+-------------------------------------------------------------------
+Thu Apr 16 13:52:21 CEST 2009 - wr@rosenauer.org
+
+- security update to 3.0.9 (bnc#495473)
+ * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305
+ Crashes with evidence of memory corruption (rv:1.9.0.9)
+ * MFSA 2009-15/CVE-2009-0652 (bmo#479336)
+ URL spoofing with box drawing character
+ * MFSA 2009-16/CVE-2009-1306 (bmo#474536)
+ jar: scheme ignores the content-disposition: header on the
+ inner URI
+ * MFSA 2009-17/CVE-2009-1307 (bmo#481342)
+ Same-origin violations when Adobe Flash loaded via
+ view-source: scheme
+ * MFSA 2009-18/CVE-2009-1308 (bmo#481558)
+ XSS hazard using third-party stylesheets and XBL bindings
+ * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433)
+ Same-origin violations in XMLHttpRequest and
+ XPCNativeWrapper.toString
+ * MFSA 2009-20/CVE-2009-1310 (bmo#483086)
+ Malicious search plugins can inject code into arbitrary sites
+ * MFSA 2009-21/CVE-2009-1311 (bmo#471962)
+ POST data sent to wrong site when saving web page with
+ embedded frame
+ * MFSA 2009-22/CVE-2009-1312 (bmo#475636)
+ Firefox allows Refresh header to redirect to javascript: URIs
+
+-------------------------------------------------------------------
+Fri Mar 27 09:43:43 CET 2009 - wr@rosenauer.org
+
+- security update to 1.9.0.8 (bnc#488955,489411)
+ * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
+ Crash and remote code execution in XSL transformation
+ * MFSA 2009-13/CVE-2009-1044 (bmo#484320)
+ Arbitrary code execution via XUL tree moveToEdgeShift
+- allow RPM provides for stuff besides shared libraries
+ (e.g. mime-types)
+
+-------------------------------------------------------------------
+Sun Mar 1 11:08:58 CET 2009 - wr@rosenauer.org
+
+- security update to 3.0.7 (bnc#478625)
+ * MFSA 2009-07 - Crashes with evidence of memory corruption
+ CVE-2009-0771 - Layout Engine Crashes
+ CVE-2009-0772 - Layout Engine Crashes
+ CVE-2009-0773 - crashes in the JavaScript engine
+ CVE-2009-0774 - Layout Engine Crashes
+ * MFSA 2009-08/CVE-2009-0775 - (bmo#474456)
+ Mozilla Firefox XUL Linked Clones Double Free Vulnerability
+ * MFSA 2009-09/CVE-2009-0776 (bmo#414540)
+ XML data theft via RDFXMLDataSource and cross-domain redirect
+ * MFSA 2009-10/CVE-2009-0040 (bmo#478901)
+ Upgrade PNG library to fix memory safety hazards
+ * MFSA 2009-11/CVE-2009-0777 (bmo#452979)
+ URL spoofing with invisible control characters
+
+-------------------------------------------------------------------
+Wed Feb 4 18:58:59 EST 2009 - hfiguiere@suse.de
+
+- Review and approve changes.
+
+-------------------------------------------------------------------
+Wed Jan 28 13:48:00 CET 2009 - wr@rosenauer.org
+
+- security update to 3.0.6 (bnc#470074)
+ * MFSA 2009-06/CVE-2009-0358: Directives to not cache pages ignored
+ (bmo#441751)
+ * MFSA 2009-05/CVE-2009-0357: XMLHttpRequest allows reading
+ HTTPOnly cookies (bmo#380418)
+ * MFSA 2009-04/CVE-2009-0356: Chrome privilege escalation via
+ local .desktop files (bmo#460425)
+ * MFSA 2009-03/CVE-2009-0355: Local file stealing with SessionStore
+ (bmo#466937)
+ * MFSA 2009-02/CVE-2009-0354: XSS using a chrome XBL method
+ and window.eval (bmo#468581)
+ * MFSA 2009-01/CVE-2009-0352 - CVE-2009-0353: Crashes with
+ evidence of memory corruption (rv:1.9.0.6) (bmo#452913,
+ bmo#449006, bmo#331088, bmo#401042, bmo#416461, bmo#422283,
+ bmo#422301, bmo#431705, bmo#437142, bmo#421839, bmo#420697,
+ bmo#461027)
+ * (non security) added lv locale
+
+-------------------------------------------------------------------
+Thu Jan 22 11:09:42 EST 2009 - hfiguiere@suse.de
+
+- Fix the wrapper script for PowerPC 64-bits (bnc#464753)
+
+-------------------------------------------------------------------
+Wed Dec 17 13:13:25 EST 2008 - hfiguiere@suse.de
+
+- Review and approve changes.
+
+-------------------------------------------------------------------
+Mon Dec 15 16:41:57 CET 2008 - wr@rosenauer.org
+
+- security update to 1.9.0.5 (bnc#455804)
+ for details
+ http://www.mozilla.org/security/known-vulnerabilities/firefox30.html
+ * removed aboutRights workaround again
+ * added et locale
+
+-------------------------------------------------------------------
+Tue Nov 25 10:14:45 EST 2008 - hfiguiere@suse.de
+
+- Review and approve changes.
+
+-------------------------------------------------------------------
+Sat Nov 22 13:26:03 CET 2008 - wr@rosenauer.org
+
+- replace license agreement with about:rights toolbar
+ (backported from upcoming FF 3.0.5) (bnc#436054, bmo#456439)
+ (it's always displayed in en-US)
+
+-------------------------------------------------------------------
+Fri Nov 21 03:11:41 EST 2008 - hfiguiere@suse.de
+
+- Update firefox-lockdown-ui.patch
+ * Print Setup is now properly locked down. bnc#431028
+ * Bookmark editing it now properly locked down. bnc#439335
+ * Bookmars are properly hidden.
+ * History is properly locked down. bnc#439343
+ * Make sure the search bar is not put back when resetting the
+ toolbar. bnc#439358
+
+-------------------------------------------------------------------
+Thu Nov 20 18:49:19 CST 2008 - maw@suse.de
+
+- Review and approve changes.
+
+-------------------------------------------------------------------
+Thu Nov 13 08:22:13 CET 2008 - wr@rosenauer.org
+
+- lockdown cleanup
+ * removed gecko-lockdown.patch from Firefox (it's in xulrunner)
+ * stripped out some toolkit stuff from firefox-ui-lockdown
+ * added extra default preferences for lockdown
+
+-------------------------------------------------------------------
+Wed Nov 12 17:55:19 CST 2008 - maw@suse.de
+
+- Review and approve changes.
+
+-------------------------------------------------------------------
+Tue Nov 11 09:15:59 CET 2008 - wr@rosenauer.org
+
+- update to security/maintenance release 3.0.4 (bnc#439841)
+ * support additional locales (bg, cy, eo, oc)
+- removed obsolete configure option (enable-gconf)
+
+-------------------------------------------------------------------
+Fri Nov 7 15:39:54 CST 2008 - maw@suse.de
+
+- Review and approve changes.
+
+-------------------------------------------------------------------
+Tue Nov 4 23:27:03 CET 2008 - wr@rosenauer.org
+
+- moved gconf schema into branding packages (bnc#441646)
+
+-------------------------------------------------------------------
+Tue Oct 28 16:16:14 EDT 2008 - hfiguiere@suse.de
+
+- Fix missing %endif (for fix for bnc#434283)
+
+-------------------------------------------------------------------
+Mon Oct 27 17:05:02 EDT 2008 - hfiguiere@suse.de
+
+- Add disable_show_passwords to firefox.schemas. (FATE #301534)
+
+-------------------------------------------------------------------
+Mon Oct 27 11:57:29 CET 2008 - wr@rosenauer.org
+
+- make biarch dependencies work correctly (bnc#434283)
+
+-------------------------------------------------------------------
+Thu Oct 23 10:14:22 EDT 2008 - hfiguiere@suse.de
+
+- Added firefox-ui-lockdown.patch and gecko-lockdown.patch
+ * Lockdown: FATE#302023, FATE#302024
+
+-------------------------------------------------------------------
+Mon Oct 6 14:55:48 CEST 2008 - sbrabec@suse.cz
+
+- Conflict with other branding providers (FATE#304881).
+
+-------------------------------------------------------------------
+Mon Sep 29 12:27:43 CDT 2008 - maw@suse.de
+
+- Review and approve changes.
+
+-------------------------------------------------------------------
+Mon Sep 29 11:36:30 CDT 2008 - maw@suse.de
+
+- Remove a reference to a stale patch.
+
+-------------------------------------------------------------------
+Sun Sep 28 18:19:26 CEST 2008 - wr@rosenauer.org
+
+- update to regression fix release 3.0.3
+ * Fixed a problem where users were unable to retrieve saved
+ passwords or save new passwords (bmo#454708, bnc#429179#c20,
+ CVE-2008-4063, CVE-2008-4064, CVE-2008-3836, andCVE-2008-4070)
+
+-------------------------------------------------------------------
+Thu Sep 25 14:47:13 CDT 2008 - maw@suse.de
+
+- Review and approve changes.
+
+-------------------------------------------------------------------
+Mon Sep 15 13:45:16 CEST 2008 - wr@rosenauer.org
+
+- update to security/maintenance release 3.0.2 (bnc#429179)
+- removed unused files from sources
+- fix more rpmlint complaints and provide a config file to filter
+ false positives
+- disable Gnome crashreporter as it has no value
+- brought man-page up to date for the firefox stub
+ (removing firefox-bin reference)
+- en-US locale not longer packaged in translations subpackage
+
+-------------------------------------------------------------------
+Fri Aug 15 18:56:26 CDT 2008 - maw@novell.com
+
+- Review and approve changes.
+
+-------------------------------------------------------------------
+Mon Aug 4 09:26:05 CEST 2008 - wr@rosenauer.org
+
+- Tweak branding split
+
+-------------------------------------------------------------------
+Tue Jul 29 15:02:47 CEST 2008 - vuntz@novell.com
+
+- Create branding package (bnc#390752):
+ + search-addons.tar.bz2, bookmarks.html.suse and
+ firefox-suse-default-prefs.js will be moved to
+ MozillaFirefox-branding-openSUSE
+ + create a MozillaFirefox-branding-upstream package
+
+-------------------------------------------------------------------
+Mon Jul 28 20:54:22 CEST 2008 - mauro@suse.de
+
+- Update to stability/security release 3.0.1 (bnc#407573)
+ (thanks, Wolfgang)
+ + MFSA 2008-36 Crash with malformed GIF file on Mac OS X
+ + MFSA 2008-35 Command-line URLs launch multiple tabs when
+ Firefox not running
+ + MFSA 2008-34 Remote code execution by overflowing CSS reference counter
+- Set browser.shell.checkDefaultBrowser to true (bnc#404119)
+
+-------------------------------------------------------------------
+Tue Jun 17 18:49:33 CEST 2008 - maw@suse.de
+
+- Merge changes from the build service (thanks, Wolfgang)
+ (bnc#400001 and SWAMP#18164).
+
+-------------------------------------------------------------------
+Tue Jun 17 14:40:04 CEST 2008 - wr@rosenauer.org
+
+- update to version 3.0
+- fixed double entry in bookmarks for www.opensuse.org (bnc#396980
+
+-------------------------------------------------------------------
+Thu May 15 13:45:51 CEST 2008 - aj@suse.de
+
+- Add Planet SUSE, forums.o.o and How to participate to default
+ URLs.
+
+-------------------------------------------------------------------
+Fri May 2 16:25:24 CEST 2008 - maw@suse.de
+
+- network.protocol-handler.app.* prefs are no longer supported;
+ remove references to them from firefox-suse-default-prefs.js
+ (bnc#383697).
+
+-------------------------------------------------------------------
+Thu Apr 3 01:42:34 CEST 2008 - maw@suse.de
+
+- Update to Firefox 3.0b5 (2.9.95) (thanks, Wolfgang).
+
+-------------------------------------------------------------------
+Wed Mar 26 01:05:18 CET 2008 - maw@suse.de
+
+- Merge changes from the build service (thanks, Wolfgang)
+- Update to the fourth Firefox 3.0 Beta (2.9.94):
+ + Based upon the Gecko 1.9 Web rendering platform, which improves
+ performance, stability, and rendering correctness; it also
+ boasts a considerable simplification in its code
+ + Security improvements:
+ * One-click site info
+ * Malware Protection
+ * New Web Forgery Protection page
+ * New SSL error pages
+ * Add-ons and Plugin version check
+ * Secure add-on updates
+ * Effective top-level domain (eTLD) service to better restrict
+ cookies and other restricted content to a single domain
+ * Better protection against cross-site JSON data leaks
+ + Usability improvements:
+ * Easier password management
+ * Simplified add-on installation
+ * New Download Manager
+ * Resumable downloading
+ * Full page zoom
+ * Podcasts and Videocasts can be associated with your media
+ playback tools
+ * Tab scrolling and quickmenu
+ * Save what you were doing: Firefox will prompt users to save
+ tabs on exit
+ * Optimized Open in Tabs behavior
+ * Location and Search bar size can now be customized with a
+ simple resizer item
+ * Text selection improvements
+ * Find toolbar
+ * Improved integration with Linux: Firefox's default icons,
+ buttons, and menu styles now use the native GTK theme
+ + Personalization improvements:
+ * Star button: quickly add bookmarks from the location bar
+ with a single click; a second click lets you file and tag them
+ * Tags: associate keywords with your bookmarks to sort them
+ by topic
+ * Location bar & auto-complete
+ * Smart Bookmarks Folder
+ * Places Organizer: view, organize and search through all
+ of your bookmarks, tags, and browsing history with multiple
+ views and smart folders to store your frequent searches
+ * Web-based protocol handlers
+ * Download & Install Add-ons
+ * Easy to use Download Actions
+ + Improved platform for web developers:
+ * New graphics and font handling: new graphics and text
+ rendering architectures in Gecko 1.9 provides rendering
+ improvements in CSS, SVG as well as improved display of
+ fonts with ligatures and complex scripts
+ * Color management: (set gfx.color_management.enabled on
+ in about:config and restart the browser to enable.);
+ Firefox can now adjust images with embedded color profiles
+ * Offline support: enables web applications to provide
+ offline functionality (website authors must add support
+ for offline browsing to their site for this feature
+ to be available to users)
+ + Improved performance:
+ * Speed: improvements to the JavaScript engine as well as
+ profile guided optimizations have resulted in significant
+ improvements in performance; compared to Firefox 2,
+ web applications like Google Mail and Zoho Office run
+ twice as fast in Firefox 3 Beta 4, and the popular
+ SunSpider test from Apple shows improvements over
+ previous releases
+ * Memory usage: Several new technologies work together to
+ reduce the amount of memory used by Firefox 3 Beta 4
+ over a web browsing session; memory cycles are broken
+ and collected by an automated cycle collector, a new
+ memory allocator reduces fragmentation, hundreds of leaks
+ have been fixed, and caching strategies have been tuned
+ * Reliability: A user's bookmarks, history, cookies, and
+ preferences are now stored in a transactionally secure
+ database format which will prevent data loss even if their
+ system crashes
+- This version depends upon the mozilla-xulrunner190 package
+- Drop various stale packages, respin several that have been
+ kept around, and add a few new ones.
+
+-------------------------------------------------------------------
+Mon Feb 11 18:18:14 CET 2008 - maw@suse.de
+
+- Security update to version 2.0.0.12 (bnc#354469):
+ + MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div
+ overlay
+ + MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet
+ redirect
+ + MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain
+ text files
+ + MFSA 2008-08/CVE-2008-0591 File action dialog tampering
+ + MFSA 2008-06/CVE-2008-0419 Web browsing history and forward
+ navigation stealing
+ + MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome: URI
+ + MFSA 2008-04/CVE-2008-0417 Stored password corruption
+ + MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote
+ Code Execution
+ + MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing
+ vulnerabilities
+ + MFSA 2008-01/CVE-2008-0412 Crashes with evidence of memory
+ corruption (rv:1.8.1.12)
+- Reference libaoss.so in start script (bnc#117079)
+- Remove mozilla-canvas-1.8.1.10.patch, as it has been upstreamed
+- Update firefox-ui-lockdown.patch (FATE#301534, FATE#302023, and
+ FATE#302024)
+- Add application/x-xpinstall mime type to MozillaFirefox.desktop
+- Add MozillaFirefox.xml to bind .xpi to application/x-xpinstall
+ in desktop.
+
+-------------------------------------------------------------------
+Thu Jan 17 17:52:47 CET 2008 - maw@suse.de
+
+- Add mozilla-maxpathlen.patch (#354150 and bmo #412610).
+
+-------------------------------------------------------------------
+Fri Dec 21 18:46:50 CET 2007 - maw@suse.de
+
+- Add firefox-348446-empty-lists.patch (bnc#348446).
+
+-------------------------------------------------------------------
+Wed Dec 5 02:21:26 CET 2007 - maw@suse.de
+
+- Respin proxy-dev.patch (bnc#340678) -- thanks, Anders!
+
+-------------------------------------------------------------------
+Tue Nov 27 18:25:25 CET 2007 - maw@suse.de
+
+- Security update to version 2.0.0.10 (#341905, #341591):
+ + MFSA 2007-39 Referer-spoofing via window.location race condition
+ + MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
+ + MFSA 2007-37 jar: URI scheme XSS hazard
+ + Fixes for regressions introduced in 2.0.0.8
+ + Updated dbus.patch, startup.patch, misc.dif, and configure.patch
+- Add mozilla-gcc4.3-fixes.patch
+- Add mozilla-canvas-1.8.1.10.patch (#341591#c10).
+
+-------------------------------------------------------------------
+Mon Nov 26 18:27:25 CET 2007 - maw@suse.de
+
+- Build with -ftree-vrp -fwrapv, per advice in #342603#c17.
+
+-------------------------------------------------------------------
+Tue Nov 13 17:49:01 CET 2007 - maw@suse.de
+
+- Add firefox-gcc4.3-fixes.patch.
+
+-------------------------------------------------------------------
+Fri Oct 19 02:04:45 CEST 2007 - maw@suse.de
+
+- Security update to version 2.0.0.8 (#332512) (thanks, Wolfgang)
+ * MFSA 2007-29 Crashes with evidence of memory corruption
+ * MFSA 2007-30 onUnload Tailgating
+ * MFSA 2007-31 Digest authentication request splitting
+ * MFSA 2007-32 File input focus stealing vulnerability
+ * MFSA 2007-33 XUL pages can hide the window titlebar
+ * MFSA 2007-34 Possible file stealing through sftp protocol
+ * MFSA 2007-35 XPCNativeWraper pollution using Script object
+ complete advisories on
+ http://www.mozilla.org/projects/security/known-vulnerabilities.html
+
+-------------------------------------------------------------------
+Sun Sep 23 19:49:12 CEST 2007 - maw@suse.de
+
+- Don't explicitly require libaoss.so (#326751).
+
+-------------------------------------------------------------------
+Fri Sep 14 23:13:06 CEST 2007 - maw@suse.de
+
+- Update the Novell Support search plugin in search-addons.tar.bz2
+ (#297261)
+- Set the browser.tabs.loadFolderAndReplace preference to false
+ by default (#230759).
+
+-------------------------------------------------------------------
+Wed Sep 12 15:21:06 CEST 2007 - dmueller@suse.de
+
+- fix hardlinks accross partitions
+
+-------------------------------------------------------------------
+Thu Sep 6 16:07:12 CEST 2007 - maw@suse.de
+
+- Add http://software.opensuse.org/search?baseproject=openSUSE:10.3
+ to the default bookmarks (#308223).
+
+-------------------------------------------------------------------
+Mon Sep 3 22:33:09 CEST 2007 - ro@suse.de
+
+- move last change a bit further in specfile
+
+-------------------------------------------------------------------
+Fri Aug 31 18:36:16 CEST 2007 - maw@suse.de
+
+- Mark a .png file as nonexecutable.
+
+-------------------------------------------------------------------
+Tue Aug 28 16:44:08 CEST 2007 - maw@suse.de
+
+- Minor .spec update (#305193)
+ + Remove two obsolete patches
+ + Correct releasedate
+ + Include only the officially supported locales.
+
+-------------------------------------------------------------------
+Wed Aug 22 17:53:03 CEST 2007 - maw@suse.de
+
+- Merge changes from the build service (thanks, Wolfgang):
+ + Provide locale dependency information (#302288)
+ + Add x11-session.patch, supporting X11 session management
+ (#227047)
+ + Update to version 2.0.0.6
+ * MFSA 2007-26 Privilege escalation through chrome-loaded
+ about:blank windows
+ * MFSA 2007-27 Unescaped URIs passed to external programs
+ (only relevant on Windows)
+- Use %fdupes.
+
+-------------------------------------------------------------------
+Tue Aug 21 09:45:35 CEST 2007 - aj@suse.de
+
+- Adjust bookmarks: Add news.opensuse.org, use new software.o.o
+ page.
+
+-------------------------------------------------------------------
+Thu Aug 16 14:57:27 CEST 2007 - mauro@suse.de
+
+- Revert previous change.
+
+-------------------------------------------------------------------
+Tue Aug 14 11:58:23 CEST 2007 - mauro@suse.de
+
+- Added support for ymp in the mimetypes.rdf
+- Added OneClickInstallUrlHandler for handing the actual call from firefox.
+- Fixes bnc #295677
+
+-------------------------------------------------------------------
+Mon Jul 23 18:57:07 CEST 2007 - maw@suse.de
+
+- Security update to version 2.0.0.5 (#288115) which has fixes for:
+MFSA 2007-18
+ CVE-2007-3734 - Browser flaws
+ CVE-2007-3735 - Javascript flaws
+
+MFSA 2007-19
+ CVE-2007-3736
+
+MFSA 2007-20
+ CVE-2007-3089
+
+MFSA 2007-21
+ CVE-2007-3737
+
+MFSA 2007-22
+ CVE-2007-3285
+
+MFSA 2007-23
+ CVE-2007-3670
+
+MFSA 2007-24
+ CVE-2007-3656
+
+MFSA 2007-25
+ CVE-2007-3738
+
+-------------------------------------------------------------------
+Thu Jun 21 15:59:01 CEST 2007 - adrian@suse.de
+
+- fix changelog entry order
+
+-------------------------------------------------------------------
+Mon Jun 18 13:22:42 CDT 2007 - maw@suse.de
+
+- Use mozilla.sh.in from the build service (#230681).
+
+-------------------------------------------------------------------
+Tue Jun 5 15:55:08 CEST 2007 - sbrabec@suse.cz
+
+- Removed invalid desktop category "Application" (#254654).
+
+-------------------------------------------------------------------
+Mon Jun 4 19:53:35 CDT 2007 - maw@suse.de
+
+- Security update to version 2.0.0.4
+- Refresh configure.patch, startup.patch, and visibility.patch
+- Now use l10n-%{version}.tar.bz2 instead of l10n.tar.bz2.
+
+-------------------------------------------------------------------
+Mon Apr 30 16:49:55 CEST 2007 - ro@suse.de
+
+- added unzip to BuildRequires
+
+-------------------------------------------------------------------
+Wed Apr 18 14:16:44 CEST 2007 - mfabian@suse.de
+
+- add Japanese to the languages which get PANGO enabled in the
+ start script to support the Japanese combining characters
+ U+3099 U+309A (see bugzilla #262718 comment #29).
+
+-------------------------------------------------------------------
+Mon Mar 12 11:06:10 CST 2007 - maw@suse.de
+
+- Package gconf stuff.
+
+-------------------------------------------------------------------
+Wed Feb 21 16:37:25 CST 2007 - maw@suse.de
+
+- Security update to 2.0.0.2 (#244923), which covers:
+ + mfsa2007-01
+ * CVE-2007-0775 - layout engine crashes
+ * CVE-2007-0776 - SVG
+ * CVE-2007-0777 - javascript engine corruption
+ + mfsa2007-02
+ * CVE-2007-0995 - Invalid trailing characters in HTML tag attributes
+ * CVE-2007-0996 - Child frame character set inheritance
+ * CVE-2006-6077 - Injected password forms
+ + mfsa2007-02
+ + mfsa2007-03
+ * CVE-2007-0078
+ + mfsa2007-04
+ * CVE-2007-0079
+ + mfsa2007-05
+ * CVE-2007-0780
+ * CVE-2007-0800
+ + mfsa2007-06
+ * CVE-2007-0008 - client flaw
+ * CVE-2007-0009 - server flaw
+ + mfsa2007-07
+ * CVE-2007-0981
+- Updates mozilla.sh.in (#230681)
+- Fixes #232209
+- Updates the man page (#243037)
+- Properly propagates exit codes (#241492)
+- Adds em-356370.patch (#217374)
+
+-------------------------------------------------------------------
+Thu Jan 25 10:16:56 CST 2007 - maw@suse.de
+
+- Fixup the Gnome paths, keeping in closer sync with the
+ buildservice.
+
+-------------------------------------------------------------------
+Thu Jan 18 09:27:54 CST 2007 - maw@suse.de
+
+- Gnome is now in /usr, so remove references to /opt/gnome
+- Install firefox.png with the executable bit not set.
+
+-------------------------------------------------------------------
+Wed Jan 10 12:57:39 CET 2007 - meissner@suse.de
+
+- readd MozillaFirebird provides (was incorrect in removing it).
+
+-------------------------------------------------------------------
+Mon Jan 8 11:16:08 CET 2007 - meissner@suse.de
+
+- Do not provide MozillaFirebird, just obsolete it.
+
+-------------------------------------------------------------------
+Fri Dec 1 02:22:49 CET 2006 - maw@suse.de
+
+- Update gecko-lockdown.patch (#220616).
+
+-------------------------------------------------------------------
+Thu Nov 30 19:02:54 CET 2006 - maw@suse.de
+
+- Update firefox-suse-default-prefs.js, adding
+ 'pref("browser.backspace_action", 2);' (#217374)
+
+-------------------------------------------------------------------
+Thu Nov 30 08:17:28 CET 2006 - aj@suse.de
+
+- Fix last change (#224431).
+
+-------------------------------------------------------------------
+Wed Nov 29 11:45:47 CET 2006 - aj@suse.de
+
+- Change download bookmark (#224431).
+- Rename bookmark folder to openSUSE.
+
+-------------------------------------------------------------------
+Tue Nov 28 08:09:48 CET 2006 - aj@suse.de
+
+- Sync from Buildservice with following critical fixes (thanks
+ Wolfgang Rosenauer!):
+ * fixed system-proxies.patch to actually work (#223881).
+ * Rearrange Bookmarks to pass trademark review.
+
+-------------------------------------------------------------------
+Mon Nov 27 19:40:44 CET 2006 - aj@suse.de
+
+- Fix tango theme (#223796).
+
+-------------------------------------------------------------------
+Mon Nov 27 17:40:50 CET 2006 - aj@suse.de
+
+- Use www.opensuse.org as home page.
+
+-------------------------------------------------------------------
+Sun Nov 12 11:28:00 CET 2006 - aj@suse.de
+
+- Set novell.com as home page.
+- Update from BuildService (thanks Wolfgang!):
+ - fixed crash in htmlparser (#217257, bmo #358797)
+ - added gconf2 as PreReq (#212505)
+ - added 32bit libaoss.so as requirement (#216266)
+ - Removed SUSE searchplugin (Portal not available anymore)
+ (#216054)
+ - Removed obsolete xul-picker.patch and system-nspr.patch
+ - Fixed building on 10.1 and 10.0 (dbus)
+ - Removed obsolete throbber preference
+
+-------------------------------------------------------------------
+Thu Nov 9 19:09:46 CET 2006 - jhargadon@suse.de
+
+- updated tango theme
+
+-------------------------------------------------------------------
+Sun Oct 29 12:05:46 CET 2006 - aj@suse.de
+
+- Another fix for 214125, patch by Wolfgang Rosenauer.
+
+-------------------------------------------------------------------
+Thu Oct 26 06:58:59 CEST 2006 - aj@suse.de
+
+- Fix gcc warnings about undefined operations, patch by
+ Robert O'Callahan.
+- Update system-proxies.patch to fix error box (214125), patch by
+ Robert O'Callahan.
+
+-------------------------------------------------------------------
+Mon Oct 23 21:54:54 CEST 2006 - aj@suse.de
+
+- Update to current CVS version of 2.0.
+- Use www.opensuse.org as default home page for now (#203547).
+
+-------------------------------------------------------------------
+Sat Oct 21 08:53:50 CEST 2006 - aj@suse.de
+
+- Disable non-working plasticfox and tango themes.
+
+-------------------------------------------------------------------
+Fri Oct 20 20:16:29 CEST 2006 - aj@suse.de
+
+- Fix building of locales.
+
+-------------------------------------------------------------------
+Fri Oct 20 11:27:23 CEST 2006 - mkoenig@suse.de
+
+- update to version 2.0rc3:
+ * New features: Visual Refresh, Built-in phishing protection,
+ Enhanced search capabilities, Improved tabbed browsing,
+ Resuming your browsing session, Previewing and subscribing
+ to Web feeds, Inline spell checking, Live Titles,
+ Improved Add-ons manager, JavaScript 1.7, Extended search
+ plugin format, Updates to the extension system,
+ Client-side session and persistent storage, SVG text
+
+-------------------------------------------------------------------
+Tue Oct 17 11:26:44 CEST 2006 - meissner@suse.de
+
+- disabled debugging.
+
+-------------------------------------------------------------------
+Tue Sep 12 20:27:02 CEST 2006 - stark@suse.de
+
+- security update to version 1.5.0.7
+
+-------------------------------------------------------------------
+Mon Aug 21 12:53:50 CEST 2006 - stark@suse.de
+
+- added greasemonkey helper change (#199920)
+- fixed packager.mk for new make version
+
+-------------------------------------------------------------------
+Fri Aug 11 20:51:48 CEST 2006 - stark@suse.de
+
+- fixed crash in dbus component (patch by thoenig #197928)
+- use external adresses for PAC configuration (#196506)
+
+-------------------------------------------------------------------
+Mon Aug 7 09:26:58 CEST 2006 - stark@suse.de
+
+- added symlink for Firefox 1.0.x compatibility
+
+-------------------------------------------------------------------
+Sat Jul 29 08:48:53 CEST 2006 - stark@suse.de
+
+- update to regression release 1.5.0.6 (#195043)
+
+-------------------------------------------------------------------
+Thu Jul 27 06:20:36 CEST 2006 - stark@suse.de
+
+- security update to version 1.5.0.5 (#195043)
+ * observer-lock.patch integrated now
+- fixed leak in JS' liveconnect (#186066)
+- fixed desktop file for old distributions
+ (StartupNotify=false)
+
+-------------------------------------------------------------------
+Thu Jun 29 20:13:28 CEST 2006 - stark@suse.de
+
+- fixed printing crash if the last used printer is not available
+ anymore (#187013)
+
+-------------------------------------------------------------------
+Fri Jun 16 22:11:22 CEST 2006 - stark@suse.de
+
+- added 48x48 icon (#185777)
+
+-------------------------------------------------------------------
+Mon Jun 12 20:20:02 CEST 2006 - stark@suse.de
+
+- fix overwrite confirmation for GTK filesaver (#179531)
+- get network.negotiate-auth.trusted-uris and
+ network.negotiate-auth.delegation-uris from gconf if
+ system-settings are enabled (#184489)
+
+-------------------------------------------------------------------
+Thu Jun 1 20:34:43 CEST 2006 - stark@suse.de
+
+- update to security/stability release 1.5.0.4 (#179011)
+- moved locale-global prefs to browserconfig.properties (#177881)
+
+-------------------------------------------------------------------
+Tue May 23 21:11:11 CEST 2006 - stark@suse.de
+
+- complete implementation of startup-notification (#115417)
+ (including autoconf and remote support)
+- different home-pages for SLE10 and SL (#177881)
+
+-------------------------------------------------------------------
+Tue May 16 06:27:26 CEST 2006 - stark@suse.de
+
+- fixed potential deadlock in nsObserverList::RemoveObserver
+ (#173986, bmo #338069)
+- base startup notification on libstartup-notification (#115417)
+
+-------------------------------------------------------------------
+Thu May 11 09:39:27 CEST 2006 - stark@suse.de
+
+- save printer settings properly (#174082, bmo #324072)
+- added startup notification support for showing load activity
+ in Gnome and to avoid focus stealing prevention (#115417)
+- added StartupNotify=true to desktop file (#115417)
+- provide legacy symlink for NLD9 update compatibility (#173138)
+- fixed system-proxies patch to avoid unwanted wpad requests
+ (#171743, #167613)
+
+-------------------------------------------------------------------
+Mon May 8 14:55:52 CEST 2006 - stark@suse.de
+
+- preconfigure the theme according to the used desktop (#151163)
+
+-------------------------------------------------------------------
+Thu Apr 27 10:24:07 CEST 2006 - stark@suse.de
+
+- last minute change for 1.5.0.3
+
+-------------------------------------------------------------------
+Wed Apr 26 14:23:33 CEST 2006 - stark@suse.de
+
+- security update to 1.5.0.3
+- fix for typo in postscript.patch
+
+-------------------------------------------------------------------
+Tue Apr 25 14:14:51 CEST 2006 - stark@suse.de
+
+- fixed iframe crash (#169039, bmo #334515)
+- fixed img tag misuse (#168710, bmo #334341)
+
+-------------------------------------------------------------------
+Mon Apr 24 08:04:16 CEST 2006 - stark@suse.de
+
+- improved postscript output (bmo #334485)
+- changed defaults for printer properties (#6534)
+- overwrite gnome-vfs' file protocol by providing "desktop-launch"
+ (#131501)
+- get available paper sizes from CUPS (#65482)
+- replaced/removed complicated gconfd reload in %post (#167989)
+- fixed memory leak in clipboard caching (bmo #289897)
+
+-------------------------------------------------------------------
+Tue Apr 11 08:35:53 CEST 2006 - stark@suse.de
+
+- added (optional) plastikfox theme (#151163)
+- get some more security related patches (#148876)
+- finally fixed the default proxy configuration by adding a new
+ UI option (#132398)
+
+-------------------------------------------------------------------
+Mon Apr 3 11:41:13 CEST 2006 - stark@suse.de
+
+- fixed keyword fixup patch (#162532)
+
+-------------------------------------------------------------------
+Tue Mar 28 07:17:04 CEST 2006 - stark@suse.de
+
+- don't use keyword fixup for pasted text (#160034, bmo #331522)
+
+-------------------------------------------------------------------
+Mon Mar 20 09:28:58 CET 2006 - stark@suse.de
+
+- added Tango theme
+- fixed reading proxies from gconf (#132398)
+
+-------------------------------------------------------------------
+Sun Mar 12 09:04:05 CET 2006 - stark@suse.de
+
+- tweaked bookmarks (fixed URLs)
+- added Khmer (km-*) to pango locales (#157397)
+
+-------------------------------------------------------------------
+Sat Mar 4 21:08:45 CET 2006 - stark@suse.de
+
+- fixed crash with multipart JPEGs (bmo #328684) (#140416)
+- got latest security fixes from upstream (#148876)
+
+-------------------------------------------------------------------
+Wed Feb 22 13:24:58 CET 2006 - stark@suse.de
+
+- fixed plugin loading when launched from Thunderbird (#151614)
+- merged dbus reconnection patch (#150042)
+- default to autodetect proxy (network.proxy.type=4) (#151811)
+- added GTK category to desktop file
+
+-------------------------------------------------------------------
+Tue Feb 14 06:45:24 CET 2006 - stark@suse.de
+
+- modified lockdown patches (#67281, #67282)
+- applied set of security patches (#148876)
+ bmo bugs: 282105, 307989, 315625, 320459, 323634, 325403, 325947
+
+-------------------------------------------------------------------
+Tue Feb 7 20:09:43 CET 2006 - stark@suse.de
+
+- fixed disabling of Pango (#148788)
+
+-------------------------------------------------------------------
+Thu Feb 2 21:51:30 CET 2006 - stark@suse.de
+
+- define gssapi lib explicitely (#147670)
+- use only official Firefox-Icon
+- changed home-download patch
+
+-------------------------------------------------------------------
+Sun Jan 29 09:54:49 CET 2006 - stark@suse.de
+
+- throbber URL is default again
+- removed firefox-showpass patch
+- removed additional CA certs from builtin NSS
+
+-------------------------------------------------------------------
+Fri Jan 27 17:55:21 CET 2006 - stark@suse.de
+
+- got some l10n changes from 1.8.0 branch
+
+-------------------------------------------------------------------
+Fri Jan 27 08:15:09 CET 2006 - stark@suse.de
+
+- final 1.5.0.1 version
+- make it possible to choose $HOME as download directory
+ (#144894, bmo #300856)
+
+-------------------------------------------------------------------
+Wed Jan 25 21:33:43 CET 2006 - mls@suse.de
+
+- converted neededforbuild to BuildRequires
+
+-------------------------------------------------------------------
+Sun Jan 22 17:06:57 CET 2006 - stark@suse.de
+
+- disable Pango if MOZ_ENABLE_PANGO is not set
+ and no typical language which needs Pango is used (#143428)
+
+-------------------------------------------------------------------
+Wed Jan 18 10:27:30 CET 2006 - stark@suse.de
+
+- fixed DumpStackToFile() for glibc 2.4
+- added default (font) settings
+
+-------------------------------------------------------------------
+Thu Jan 12 10:23:58 CET 2006 - stark@suse.de
+
+- update to 1.5.0.1pre (20060111)
+- updated man-page
+- fixed hovered tab close button
+- only Requires mozilla-nspr instead of PreReq since
+ there is no postinstall registration necessary anymore
+- use system NSS from CODE10 on
+- use -fstack-protector where available
+- changed unixproxy component to work on older distributions
+
+-------------------------------------------------------------------
+Mon Jan 2 13:39:09 CET 2006 - stark@suse.de
+
+- added unixproxy component written by Robert O'Callahan (#132398)
+ (bmo #66057)
+- added official translations
+- preload libaoss for plugin sound (#117079)
+
+-------------------------------------------------------------------
+Wed Dec 28 08:16:03 CET 2005 - stark@suse.de
+
+- get some patches from 1.8.0 branch
+- readded modification to gconf-backend (bmo #321315)
+- readded lockdown stuff
+- enable additional extension install directory (#120329)
+ (/usr/lib/browser-extensions/firefox)
+- added patch to make the XUL filechooser optional
+ (MOZ_XUL_PICKER)
+
+-------------------------------------------------------------------
+Wed Dec 14 16:08:12 CET 2005 - stark@suse.de
+
+- fixed patch for parsing -remote parameter
+- removed default-plugin patch (not needed anymore)
+
+-------------------------------------------------------------------
+Fri Dec 9 17:21:29 CET 2005 - stark@suse.de
+
+- fix to ignore X composite extension (#135373)
+- fixed parsing of -remote parameters (#134396)
+- activated locales as released
+
+-------------------------------------------------------------------
+Tue Nov 29 21:33:13 CET 2005 - stark@suse.de
+
+- update to 1.5 (20051128)
+- don't override startup URL when changing Gecko versions (#135314)
+- added patch for GTK2 handling (#134831)
+- readded add-plugins stuff for compatibility
+
+-------------------------------------------------------------------
+Fri Nov 18 07:41:41 CET 2005 - stark@suse.de
+
+- update to 1.5rc3 (20051117)
+
+-------------------------------------------------------------------
+Mon Oct 31 08:58:14 CET 2005 - stark@suse.de
+
+- updated l10n archive (20051030)
+- fixed postinstall script to copy plugin links instead of files
+
+-------------------------------------------------------------------
+Fri Oct 28 06:43:27 CEST 2005 - stark@suse.de
+
+- update to 1.5rc1 (20051027)
+- fixed profile locking on FAT partitions (bmo #313360)
+- introduced an rpath again
+
+-------------------------------------------------------------------
+Wed Oct 19 20:03:48 CEST 2005 - stark@suse.de
+
+- update to snapshot 1.5 (20051019)
+- moved installation to /usr/%{_lib}/firefox
+- added dbus component to be able to get network status from
+ NetworkManager (bmo #312793)
+- remove all update UI for application
+- removed diable-gconf (no registration at build time anymore)
+- removed rebuild-databases.sh (no system registration anymore)
+- open links in new windows (#128087)
+
+-------------------------------------------------------------------
+Thu Oct 6 20:44:53 CEST 2005 - stark@suse.de
+
+- update to Firefox 1.5b2 (20051005)
+- added supported translations
+
+-------------------------------------------------------------------
+Sat Oct 1 15:09:18 CEST 2005 - stark@suse.de
+
+- update to Firefox 1.5b1 (20050930) RPM version 1.4.1
+- removed rebuild-databases.sh calls
+- removed add-plugins.sh calls and corresponding triggers
+- enabled SVG and Canvas support
+- fixed gconf urlhandler registration
+
+-------------------------------------------------------------------
+Tue Sep 20 10:24:16 CEST 2005 - stark@suse.de
+
+- security update to 1.0.7 (#117619)
+ * MFSA 2005-57: IDN heap overrun using soft-hyphens (bmo #307259)
+ (enabled IDN pref again)
+ * MFSA 2005-58:
+ CAN-2005-2701 Heap overrun in XBM image processing
+ CAN-2005-2702 Crash on "zero-width non-joiner" sequence
+ CAN-2005-2703 XMLHttpRequest header spoofing
+ CAN-2005-2704 Object spoofing using XBL <implements>
+ CAN-2005-2705 JavaScript integer overflow
+ CAN-2005-2706 Privilege escalation using about: scheme
+ CAN-2005-2707 Chrome window spoofing
+ Regression fixes
+- register beagle extension if it gets installed (#116787)
+
+-------------------------------------------------------------------
+Tue Sep 13 15:41:37 CEST 2005 - aj@suse.de
+
+- Change SUSE bookmarks.
+
+-------------------------------------------------------------------
+Sun Sep 11 17:05:07 CEST 2005 - stark@suse.de
+
+- disable IDN per default (#116070)
+- unlocalize bookmarks (#114279)
+
+-------------------------------------------------------------------
+Thu Sep 8 08:52:13 CEST 2005 - stark@suse.de
+
+- fixed some filemodes (#114849)
+
+-------------------------------------------------------------------
+Sun Sep 4 00:03:53 CEST 2005 - stark@suse.de
+
+- fixed gconf-backend patch to be able to use
+ system prefs (#114054)
+
+-------------------------------------------------------------------
+Thu Sep 1 13:22:17 CEST 2005 - stark@suse.de
+
+- changed default font to sans-serif (#114464)
+- removed de-de parts of the bookmark-links (#114279)
+
+-------------------------------------------------------------------
+Mon Aug 22 06:10:12 CEST 2005 - stark@suse.de
+
+- install gconf schema for lockdown also on non-NLD
+- added backports (firefox-backports.patch)
+ * gtk_im_context_set_cursor_location() is not used (bmo #281339)
+ * fixed crash in imgCacheValidator::OnStartRequest()
+ (bmo #293307)
+- workaround for linking with pangoxft and pangox
+ (broken by gtk 2.8 update) (#105764)
+- remove extensions on deinstallation
+- include dragonegg (kparts) plugin (#105468)
+
+-------------------------------------------------------------------
+Thu Aug 18 13:08:55 CEST 2005 - stark@suse.de
+
+- fixed regression in profile locking change (bmo #303633)
+- added rtsp handler to global config (#104434)
+- don't blacklist help: protocol (bmo #304833)
+- fixed Gdk-WARNING at startup (gtk.patch)
+- fixed crash with gtk 2.7 (bmo #300226, bnc #104586)
+- fixed installation of the beagle plugin
+- update industrial theme to 1.0.11 (#104564)
+- included lockdownV2 (removed obsolete gconf.diff)
+- linked firefox-bin with rpath to progdir
+
+-------------------------------------------------------------------
+Fri Aug 5 09:51:26 CEST 2005 - stark@suse.de
+
+- fixed profile locking (bmo #151188)
+- install beagle extension globally
+
+-------------------------------------------------------------------
+Fri Jul 29 06:58:24 CEST 2005 - stark@suse.de
+
+- don't require and provide NSS libs (#98002)
+- fixed printing error 'You cannot print while in print preview'
+ (#96991, bmo #302445)
+
+-------------------------------------------------------------------
+Wed Jul 27 09:34:12 CEST 2005 - stark@suse.de
+
+- fixed Firefox on ppc (stack-direction.patch) (#97359)
+- removed open-pref from startscript as it is done
+ automatically now (#73042)
+- updated Novell searchplugins
+
+-------------------------------------------------------------------
+Mon Jul 25 12:32:13 CEST 2005 - stark@suse.de
+
+- GTK filechooser is now modal (#8533)
+- backed out patch to add tooltips to print-preview
+ because it breaks localization
+
+-------------------------------------------------------------------
+Fri Jul 22 10:54:39 CEST 2005 - stark@suse.de
+
+- fixed another problem in printing patch
+
+-------------------------------------------------------------------
+Tue Jul 19 10:44:59 CEST 2005 - stark@suse.de
+
+- fixed error in ft-xft-ps2.patch
+- disabled stripping in spec instead of patch
+- added NSPR to PreReq
+
+-------------------------------------------------------------------
+Mon Jul 18 08:43:24 CEST 2005 - stark@suse.de
+
+- fixed some more regressions with final 1.0.6
+- fixed width calculation in Postscript module (bmo #290292)
+- fixed plugin event starvation (bnc #94749, #94751, bmo #301161)
+
+-------------------------------------------------------------------
+Fri Jul 15 11:24:47 CEST 2005 - stark@suse.de
+
+- searchplugins can now be installed per profile (#8176)
+
+-------------------------------------------------------------------
+Fri Jul 15 06:54:02 CEST 2005 - stark@suse.de
+
+- update to 1.0.6 which restores API compatibility
+
+-------------------------------------------------------------------
+Tue Jul 12 06:20:37 CEST 2005 - stark@suse.de
+
+- update to 1.0.5 final (#88509)
+- don't strip explicitely
+- don't ship beagle.xpi
+
+-------------------------------------------------------------------
+Wed Jul 6 14:13:09 CEST 2005 - stark@suse.de
+
+- update to 1.0.5-pre (20050705)
+- use RPM_OPT_FLAGS for NSS component
+- fixed implicit declarations and uninitialized used variables
+- added patch for bmo #87969
+
+-------------------------------------------------------------------
+Tue Jul 5 10:17:16 CEST 2005 - stark@suse.de
+
+- fixed regression from security update (#95069, bmo #298478)
+
+-------------------------------------------------------------------
+Mon Jun 27 21:46:58 CEST 2005 - stark@suse.de
+
+- don't use system-prefs by default on NLD
+- removed basic lockdown stuff for SUSE Linux
+ (it's not needed and caused problems: bnc #75418)
+- fixed NLD lockdown patch (bnc #75418)
+- don't write prefs back to gconf for now
+
+-------------------------------------------------------------------
+Wed Jun 22 07:32:42 CEST 2005 - stark@suse.de
+
+- new NLD lockdown patch which is syncing user prefs to gconf
+- update to 1.0.5pre security-release
+
+-------------------------------------------------------------------
+Thu Jun 9 06:56:02 CEST 2005 - stark@suse.de
+
+- new revision of NLD lockdown patch
+- fixed remote usage behaviour in start script (bnc #41903)
+- got more bugfixes from the branch
+
+-------------------------------------------------------------------
+Thu Jun 2 10:31:48 CEST 2005 - stark@suse.de
+
+- fixed neededforbuild
+
+-------------------------------------------------------------------
+Wed Jun 1 20:15:25 CEST 2005 - stark@suse.de
+
+- fixed IDN for 64bit platforms (bmo #236425, bnc #46268)
+
+-------------------------------------------------------------------
+Fri May 20 15:12:06 CEST 2005 - stark@suse.de
+
+- fixed keybinding for KP separator (bnc #84147)
+- pulled security related patch from upstream branch
+- update plastikfox theme to version 1.6
+
+-------------------------------------------------------------------
+Thu May 12 06:16:25 CEST 2005 - stark@suse.de
+
+- update to final 1.0.4 release
+
+-------------------------------------------------------------------
+Tue May 10 06:38:05 CEST 2005 - stark@suse.de
+
+- update to 1.0.4 security release
+- removed s390(x) patches (upstream)
+- made two more files %verify (81692)
+- updated NLD lockdown patch (81304)
+
+-------------------------------------------------------------------
+Thu Apr 28 09:45:53 CEST 2005 - stark@suse.de
+
+- use static NSPR libs from new location
+
+-------------------------------------------------------------------
+Sat Apr 23 15:56:08 CEST 2005 - stark@suse.de
+
+- activate usage of system NSPR for distributions after 9.3
+- add patch to be able to use systen NSPR at all
+
+-------------------------------------------------------------------
+Fri Apr 22 02:06:06 CEST 2005 - ro@suse.de
+
+- use mozilla-gcc4.patch
+
+-------------------------------------------------------------------
+Thu Apr 21 12:51:19 CEST 2005 - stark@suse.de
+
+- don't execute gconf magic within build environment
+
+-------------------------------------------------------------------
+Sat Apr 16 13:05:37 CEST 2005 - stark@suse.de
+
+- update to final 1.0.3 release
+
+-------------------------------------------------------------------
+Fri Apr 15 00:10:54 CEST 2005 - ro@suse.de
+
+- fix problem in postinstall script
+
+-------------------------------------------------------------------
+Wed Apr 14 09:20:02 CEST 2005 - stark@suse.de
+
+- included fixed lockdown patch for NLD
+- linked proxies within Firefox with gnome settings (NLD)
+- added gconfd restart procedure to install script
+ (only needed if gconf changes are done) (#76852)
+
+-------------------------------------------------------------------
+Sat Apr 2 21:03:11 CEST 2005 - stark@suse.de
+
+- update to security pre-release 1.0.3 (#75692)
+ * Manual plug-in install, javascript vulnerability (bmo #288556)
+ * Access memory vulnerability (bmo #288688)
+
+-------------------------------------------------------------------
+Fri Apr 1 11:32:44 CEST 2005 - stark@suse.de
+
+- added advanced lockdown features for ZLM integration (NLD-only)
+
+-------------------------------------------------------------------
+Tue Mar 22 12:33:15 CET 2005 - stark@suse.de
+
+- update to final 1.0.2
+- use new theme handling on NLD
+- added default-plugin-less-annoying from mozilla
+- use GTK2 for Flash
+- use system NSPR on SUSE releases after 9.3
+- made startscript PIS aware
+- set g-application-name correctly (bmo #281979)
+- added man-page
+- use GTK system colors
+- modify useragent string and add vendor id
+- activate smooth-scrolling by default (#74310)
+
+-------------------------------------------------------------------
+Tue Mar 22 08:59:06 CET 2005 - stark@suse.de
+
+- don't register beagle automatically (#74062)
+- added default bookmarks for SUSE LINUX
+
+-------------------------------------------------------------------
+Mon Mar 21 18:20:39 CET 2005 - max@suse.de
+
+- Fixed a typo in the shell code that handles inclusion of the
+ Acrobat Reader plugin (#70861).
+
+-------------------------------------------------------------------
+Thu Mar 17 21:01:11 CET 2005 - stark@suse.de
+
+- updates from upcoming 1.0.2
+- added again logic to use Adobe Reader 7 (#70861)
+- fixed crash in ICO decoding (#67142, bmo #245631)
+- preinstall beagle extension (#72920)
+- bugfixes in trigger scripts
+- fixed industrial theming for Gnome (#72918)
+
+-------------------------------------------------------------------
+Sat Mar 12 12:42:16 CET 2005 - stark@suse.de
+
+- fixed more security related bugs
+ (bmo #284551, #284627, #285595)
+
+-------------------------------------------------------------------
+Wed Mar 9 21:42:05 CET 2005 - stark@suse.de
+
+- update also GNOME desktop file (#71810)
+- added firefox-gnome.png to filelist
+- use correct Firefox icon
+
+-------------------------------------------------------------------
+Mon Mar 7 20:47:00 CET 2005 - stark@suse.de
+
+- disable inclusion of acrobat plugin again (#70861)
+- don't use gconfd in registration phase (#66381)
+
+-------------------------------------------------------------------
+Mon Mar 7 16:13:29 CET 2005 - adrian@suse.de
+
+- use standard icon again for the default desktop file and
+ add a Gnome-only desktop file for the Gnome icon
+- add plastikfox chrome theme to fix button order within KDE
+- add patch for automatic theme selection for KDE and Gnome
+- do register extensions in rebuild-databases.sh instead of %install,
+ to fix needed timestamps
+
+-------------------------------------------------------------------
+Fri Mar 4 07:54:47 CET 2005 - stark@suse.de
+
+- extend add-plugins to recognize Java 1.5 (#66909)
+- changed comment in desktop-file (#66867)
+
+-------------------------------------------------------------------
+Tue Feb 22 09:33:44 CET 2005 - stark@suse.de
+
+- make --display parameter working in all cases (bnc #66043)
+- revised postscript patch
+- final 1.0.1 codebase
+
+-------------------------------------------------------------------
+Mon Feb 21 13:09:30 CET 2005 - stark@suse.de
+
+- added patch to create Postscript level 2 (instead of 3)
+ (special thanks to Jungshik Shin)
+- disabled freetype explicitly to be able to use the above patch
+ (freetype wasn't used anymore since some time anyway)
+
+-------------------------------------------------------------------
+Fri Feb 18 09:10:10 CET 2005 - stark@suse.de
+
+- got more patches from branch to get another IDN fix and to
+ fix bug #51019
+- enabled IDN again
+
+-------------------------------------------------------------------
+Wed Feb 16 09:20:39 CET 2005 - stark@suse.de
+
+- bumped version number to 1.0.1
+
+-------------------------------------------------------------------
+Tue Feb 15 10:26:04 CET 2005 - stark@suse.de
+
+- got updates from 1.0.1 branch
+
+-------------------------------------------------------------------
+Thu Feb 10 06:57:33 CET 2005 - stark@suse.de
+
+- additional fireflashing fix (#50635, bmo #280664)
+- some more security related fixes
+ (bmo #268483, #273498, #277322)
+- fire up GTK2 filepicker if GNOME is running
+
+-------------------------------------------------------------------
+Tue Feb 8 07:51:13 CET 2005 - stark@suse.de
+
+- some prefs are ignored (bmo #261934)
+- disabled default IDN (#50566)
+- fixed some more bugzilla.mozilla.org bugs:
+ #276482, #280056, #280603
+
+-------------------------------------------------------------------
+Sun Feb 6 13:10:12 CET 2005 - stark@suse.de
+
+- use same desktop categories for Professional and NLD
+- added some lockdown stuff for printing and page saving
+ (bmo #280488)
+
+-------------------------------------------------------------------
+Wed Feb 2 13:58:53 CET 2005 - stark@suse.de
+
+- modified gconf.diff to honor ignore_hosts (bmo #280742)
+- added a JS crasher fix (bmo #268535)
+- added more fixes (bmo #255441, #273024, #275405, #275634)
+
+-------------------------------------------------------------------
+Fri Jan 28 12:39:37 CET 2005 - stark@suse.de
+
+- added gplflash inclusion
+- improved JRE inclusion
+- reactivated usage of Acrobat Reader plugin
+ (ready for acroread 7)
+
+-------------------------------------------------------------------
+Sat Jan 22 13:16:47 CET 2005 - stark@suse.de
+
+- added some backported bugfixes
+
+-------------------------------------------------------------------
+Sat Dec 18 10:30:11 CET 2004 - stark@suse.de
+
+- updated industrial theme to 1.0.9
+- use slightly changed icon for menu-entry (bnc #275)
+- use original desktop file for NLD again
+
+-------------------------------------------------------------------
+Thu Dec 16 19:37:48 CET 2004 - stark@suse.de
+
+- newer patch for GNOME associations (bnc #362)
+- fix overwriting of files with GTK picker (Ximian #65068)
+- readded the industrial default theme patch for NLD
+
+-------------------------------------------------------------------
+Wed Dec 15 11:50:56 CET 2004 - stark@suse.de
+
+- activate GTK filepicker for NLD again
+- fix for GNOME helper applications with parameters
+- make GNOME associations the default on NLD
+
+-------------------------------------------------------------------
+Sat Dec 4 16:11:01 CET 2004 - stark@suse.de
+
+- fixed build on s390/s390x
+- added patch to be able to install-global without running X
+ (bmo #265859)
+
+-------------------------------------------------------------------
+Thu Nov 18 21:48:05 CET 2004 - stark@suse.de
+
+- update industrial theme to 1.0.8 (still not activated)
+- added patch to make home-directory the default download dir
+ (on NLD is still used Desktop)
+
+-------------------------------------------------------------------
+Thu Nov 11 09:01:58 CET 2004 - stark@suse.de
+
+- made initial window height smaller again
+
+-------------------------------------------------------------------
+Tue Nov 9 09:09:06 CET 2004 - stark@suse.de
+
+- update to final 1.0 release (20041109)
+
+-------------------------------------------------------------------
+Thu Nov 4 08:22:36 CET 2004 - stark@suse.de
+
+- update to 1.0rc2
+
+-------------------------------------------------------------------
+Sat Oct 30 21:27:29 CEST 2004 - stark@suse.de
+
+- added missing s390(x) patch
+
+-------------------------------------------------------------------
+Wed Oct 27 07:26:25 CEST 2004 - stark@suse.de
+
+- update to 1.0rc1 codebase
+- printing via XFT/fontconfig
+- freetype changes to avoid API conflicts with newer freetype2
+- fixed build for s390/s390x
+- removed AMD64 patch (included upstream)
+- added translations sub-package
+- removed "Show folder" patch for NLD (resolved upstream)
+- don't use gnome-filepicker patch for NLD for now
+- removed hppa buildfix (included upstream)
+- removed untitled.patch (bmo #24068) resolved by (bmo #262478)
+- use make -C browser/installer now to prepare installation
+- don't check for default browser at startup (#47587)
+- updated industrial.jar (0.99.13) (disabled)
+
+-------------------------------------------------------------------
+Fri Oct 15 13:51:54 CEST 2004 - stark@suse.de
+
+- inherit locale from system
+- fixed chrome registration
+
+-------------------------------------------------------------------
+Wed Oct 6 23:11:01 CEST 2004 - joeshaw@suse.de
+
+ - disable gconf settings as default (Ximian #67718)
+
+-------------------------------------------------------------------
+Wed Oct 6 07:04:05 CEST 2004 - stark@suse.de
+
+- fixed inclusion of RealPlayer plugin again
+
+-------------------------------------------------------------------
+Tue Oct 5 10:09:04 CEST 2004 - stark@suse.de
+
+- small important fix in firefox-download.patch (Ximian #65472)
+
+-------------------------------------------------------------------
+Sun Oct 3 00:02:09 CEST 2004 - stark@suse.de
+
+- added security-fix from 0.10.1 (mozilla.org #259708) (#46687)
+
+-------------------------------------------------------------------
+Fri Oct 1 12:49:38 CEST 2004 - stark@suse.de
+
+- final fix for downloading to Desktop folder (Ximian #65756)
+- remove Postscript from printer names (Ximian #65560)
+
+-------------------------------------------------------------------
+Thu Sep 30 16:14:10 CEST 2004 - shprasad@suse.de
+
+- Modified the MozillaFirefox.desktop file.
+ Changed the name 'Firefox' to 'Firefox Web Browser'.
+ Also changed it for all languages.
+
+-------------------------------------------------------------------
+Wed Sep 29 15:54:46 CEST 2004 - stark@suse.de
+
+- fix inclusion of RealPlayer plugin (Ximian #65711)
+
+-------------------------------------------------------------------
+Mon Sep 27 17:51:24 CEST 2004 - joeshaw@suse.de
+
+- Update the industrial default patch, for some reason it didn't
+ take before.
+
+-------------------------------------------------------------------
+Fri Sep 24 07:34:48 CEST 2004 - stark@suse.de
+
+- fix for Ximian #65176 (mozilla.org #240068)
+- revised patch for update function (Ximian #65615)
+
+-------------------------------------------------------------------
+Thu Sep 23 20:21:39 CEST 2004 - joeshaw@suse.de
+
+- Uncomment the patch which tells the UI that industrial is the
+ default.
+
+-------------------------------------------------------------------
+Thu Sep 23 12:38:06 CEST 2004 - stark@suse.de
+
+- open Nautilus on NLD for 'Show folder' in download settings
+ (Ximian #65472) by sragavan@novell.com
+- save to Desktop folder if selected (Ximian #65756)
+ by sragavan@novell.com
+
+-------------------------------------------------------------------
+Wed Sep 22 10:23:01 CEST 2004 - stark@suse.de
+
+- synced NLD package with 9.2 version
+- GTK2 filepicker does now ask for confirmation when overwriting
+ files (Ximian #65068) by sagarwala@novell.com
+- no direct update function (Ximian #65615) by rganesan@novell.com
+- throbber linked to Novell (Ximian #66283) by rganesan@novell.com
+- make industrial the default theme for NLD
+ (Ximian #65542) by joeshaw@suse.de
+
+-------------------------------------------------------------------
+Mon Sep 20 22:00:55 CEST 2004 - joeshaw@suse.de
+
+- Add default bookmarks. Ximian #65546.
+- Add the industrial theme, but it's not the default yet.
+- Remove acroread from add-plugins because it's badly behaved.
+ Ximian #65499.
+
+-------------------------------------------------------------------
+Mon Sep 20 17:57:38 CEST 2004 - federico@ximian.com
+
+- Added MozillaFirefox-toplevel-window-height.diff for
+ http://bugzilla.ximian.com/show_bug.cgi?id=65543
+
+-------------------------------------------------------------------
+Sun Sep 19 15:42:30 CEST 2004 - stark@suse.de
+
+- use GNOME system prefs only for NLD by default
+ (fixes bug #45575)
+
+-------------------------------------------------------------------
+Fri Sep 17 08:59:32 CEST 2004 - stark@suse.de
+
+- joeshaw@suse.de: Update GConf patch so that proxy settings work
+ correctly (Ximian #64461)
+- don't search Java on every path (Ximian #65383)
+- added some missing fixes for official release
+- added new java package name for triggers (#45257)
+
+-------------------------------------------------------------------
+Sat Sep 11 13:25:41 CEST 2004 - stark@suse.de
+
+- update to official 1.0PR (0.10)
+- adopted gnome-filepicker patch
+- removed obsolete CUPS hack from start-script
+ (Ximian #65635, #65560)
+
+-------------------------------------------------------------------
+Thu Sep 9 21:35:42 CEST 2004 - stark@suse.de
+
+- fixed endianess on AMD64 in JS component (#34743)
+
+-------------------------------------------------------------------
+Mon Sep 6 17:33:07 CEST 2004 - stark@suse.de
+
+- fixed filelist
+
+-------------------------------------------------------------------
+Mon Sep 6 13:48:03 CEST 2004 - stark@suse.de
+
+- update to 1.0PR (aka 0.10)
+
+-------------------------------------------------------------------
+Fri Sep 3 21:35:47 CEST 2004 - stark@suse.de
+
+- added ppc64 patch
+
+-------------------------------------------------------------------
+Thu Sep 2 03:08:59 CEST 2004 - dave@suse.de
+
+- Fixed up the .desktop installation on nld
+
+-------------------------------------------------------------------
+Wed Sep 1 15:05:48 CEST 2004 - shprasad@suse.de
+
+- Doesn't ask to set Firefox as default web-browser.
+
+-------------------------------------------------------------------
+Tue Aug 31 14:01:18 CEST 2004 - stark@suse.de
+
+- next new version for filepicker stuff
+- deactivated native filepicker for NLD
+- update to snapshot (20040831)
+
+-------------------------------------------------------------------
+Tue Aug 24 17:35:52 CEST 2004 - stark@suse.de
+
+- new version of gnome-filepicker patch
+- added patch for config
+
+-------------------------------------------------------------------
+Fri Aug 20 17:12:48 CEST 2004 - stark@suse.de
+
+- update to snapshot (20040820)
+
+-------------------------------------------------------------------
+Thu Aug 19 08:46:42 CEST 2004 - stark@suse.de
+
+- added workaround for mozilla bug #246313
+ (Firefox does not start: getting "cannot open display" error)
+
+-------------------------------------------------------------------
+Wed Aug 18 15:07:22 CEST 2004 - stark@suse.de
+
+- added some patches from Ximian
+ - use GNOME filepicker
+ - use more gconf settings
+ - set startup homepage to Novell
+
+-------------------------------------------------------------------
+Tue Aug 17 13:12:35 CEST 2004 - stark@suse.de
+
+- update to pre-1.0.0 (20040817)
+
+-------------------------------------------------------------------
+Thu Aug 5 06:27:41 CEST 2004 - stark@suse.de
+
+- security update to 0.9.3
+ (including #43312 and others)
+- handle RealPlayer 9 plugin
+
+-------------------------------------------------------------------
+Mon Aug 2 15:11:51 CEST 2004 - ro@suse.de
+
+- recode desktop file to utf-8
+
+-------------------------------------------------------------------
+Wed Jul 28 08:46:31 CEST 2004 - stark@suse.de
+
+- added fix against certificate spoofing (#43312)
+
+-------------------------------------------------------------------
+Fri Jul 23 06:31:41 CEST 2004 - stark@suse.de
+
+- update to 0.9.2
+- added workaround for extension registry
+- removed old (incompatible) mozex extension
+
+-------------------------------------------------------------------
+Tue Jun 29 06:27:59 CEST 2004 - stark@suse.de
+
+- update to 0.9.1
+- added hint to run as root first
+
+-------------------------------------------------------------------
+Tue Jun 15 12:42:28 CEST 2004 - stark@suse.de
+
+- update to 0.9
+- added patch for newer freetype
+
+-------------------------------------------------------------------
+Fri Apr 2 10:31:45 CEST 2004 - stark@suse.de
+
+- removing relocation of TEMP directory (#34391)
+
+-------------------------------------------------------------------
+Mon Mar 29 11:43:51 CEST 2004 - stark@suse.de
+
+- update to 0.8.0+ (20040503)
+- removed firefox logos and activate official branding for
+ milestone builds
+- changed profile-dir to .firefox
+- added some needed files
+- enabled gnomevfs extension
+
+-------------------------------------------------------------------
+Fri Mar 26 18:09:34 CET 2004 - uli@suse.de
+
+- fixed hang during build on s390* (bug #35440)
+
+-------------------------------------------------------------------
+Wed Mar 3 06:52:00 CET 2004 - stark@suse.de
+
+- removed unused patches for GTK2 build
+- more fixes for (#35179)
+
+-------------------------------------------------------------------
+Mon Mar 1 07:32:52 CET 2004 - stark@suse.de
+
+- improved start-script to interact with thunderbird (#35179)
+
+-------------------------------------------------------------------
+Thu Feb 26 06:57:05 CET 2004 - stark@suse.de
+
+- use official releasedate
+- added official (trademarked) artwork
+- added firefox icon to /usr/share/pixmaps
+- cleaned up spec-file (there will be no GTK1 version)
+
+-------------------------------------------------------------------
+Tue Feb 24 16:43:17 CET 2004 - stark@suse.de
+
+- fixed optimization for non-x86 archs
+
+-------------------------------------------------------------------
+Tue Feb 24 07:43:35 CET 2004 - stark@suse.de
+
+- adopted file-list and build options to original distribution
+- added prdtoa fix (#32963)
+- added hook for static firefox build to rebuild-databases.sh
+- added compiler flags for security/ (nss-opt.patch)
+- included mozex (mozex.mozdev.org)
+- added -Os as optimization flag
+
+-------------------------------------------------------------------
+Mon Feb 9 21:59:37 CET 2004 - stark@suse.de
+
+- renamed to MozillaFirefox
+- update to final version 0.8
+
+-------------------------------------------------------------------
+Fri Feb 6 08:39:15 CET 2004 - stark@suse.de
+
+- update to Firebird 0.8 (20040205)
+- added mips build fix
+- set PS printer list in MozillaFirebird.sh
+- use lib64 again for biarch platforms
+
+-------------------------------------------------------------------
+Sat Jan 10 10:33:54 CET 2004 - adrian@suse.de
+
+- build as user
+
+-------------------------------------------------------------------
+Fri Aug 22 11:32:07 CEST 2003 - stark@suse.de
+
+- upstream sync for 0.6.1post
+
+-------------------------------------------------------------------
+Sun Aug 10 22:01:12 CEST 2003 - stark@suse.de
+
+- removed dmoz from searchplugins-filelist
+
+-------------------------------------------------------------------
+Fri Aug 8 10:30:50 CEST 2003 - stark@suse.de
+
+- update to 0.6.1post (TRUNK)
+- use -fno-strict-aliasing
+
+-------------------------------------------------------------------
+Thu Jul 31 11:25:39 CEST 2003 - stark@suse.de
+
+- update to 0.6.1 (MOZILLA_1_4_BRANCH)
+- synchronized with mozilla-source
+- created file-list
+
+-------------------------------------------------------------------
+Thu Jul 10 09:45:49 CEST 2003 - stark@suse.de
+
+- update to snapshot 20030709
+- fixed generation of symlink MozillaFirebird-xremote-client
+
+-------------------------------------------------------------------
+Fri Jun 20 06:53:08 CEST 2003 - stark@suse.de
+
+- update to snapshot 20030622 (0.7pre)
+
+-------------------------------------------------------------------
+Mon May 19 08:54:46 CEST 2003 - stark@suse.de
+
+- update to snapshot 20030518 (0.6)
+
+-------------------------------------------------------------------
+Sun May 7 10:11:16 CEST 2003 - stark@suse.de
+
+- update to snapshot 20030507
+
+-------------------------------------------------------------------
+Wed Apr 30 13:26:43 CEST 2003 - stark@suse.de
+
+- initial SuSE package
+