Hello community, here is the log from the commit of package MozillaFirefox for openSUSE:Factory checked in at 2020-11-26 23:09:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/MozillaFirefox (Old) and /work/SRC/openSUSE:Factory/.MozillaFirefox.new.5913 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "MozillaFirefox" Thu Nov 26 23:09:40 2020 rev:322 rq:849574 version:83.0 Changes: -------- --- /work/SRC/openSUSE:Factory/MozillaFirefox/MozillaFirefox.changes 2020-11-10 13:40:13.400381712 +0100 +++ /work/SRC/openSUSE:Factory/.MozillaFirefox.new.5913/MozillaFirefox.changes 2020-11-26 23:10:29.208893902 +0100 @@ -1,0 +2,70 @@ +Sun Nov 15 12:16:53 UTC 2020 - Wolfgang Rosenauer <[email protected]> + +- Mozilla Firefox 83.0 + * major update for SpiderMonkey improving performance significantly + * optional HTTPS-Only mode + * more improvements + https://www.mozilla.org/en-US/firefox/83.0/releasenotes/ + MFSA 2020-50 (bsc#1178824)) + * CVE-2020-26951 (bmo#1667113) + Parsing mismatches could confuse and bypass security + sanitizer for chrome privileged code + * CVE-2020-26952 (bmo#1667685) + Out of memory handling of JITed, inlined functions could lead + to a memory corruption + * CVE-2020-16012 (bmo#1642028) + Variable time processing of cross-origin images during + drawImage calls + * CVE-2020-26953 (bmo#1656741) + Fullscreen could be enabled without displaying the security UI + * CVE-2020-26954 (bmo#1657026) + Local spoofing of web manifests for arbitrary pages in + Firefox for Android + * CVE-2020-26955 (bmo#1663261) + Cookies set during file downloads are shared between normal + and Private Browsing Mode in Firefox for Android + * CVE-2020-26956 (bmo#1666300) + XSS through paste (manual and clipboard API) + * CVE-2020-26957 (bmo#1667179) + OneCRL was not working in Firefox for Android + * CVE-2020-26958 (bmo#1669355) + Requests intercepted through ServiceWorkers lacked MIME type + restrictions + * CVE-2020-26959 (bmo#1669466) + Use-after-free in WebRequestService + * CVE-2020-26960 (bmo#1670358) + Potential use-after-free in uses of nsTArray + * CVE-2020-15999 (bmo#1672223) + Heap buffer overflow in freetype + * CVE-2020-26961 (bmo#1672528) + DoH did not filter IPv4 mapped IP Addresses + * CVE-2020-26962 (bmo#610997) + Cross-origin iframes supported login autofill + * CVE-2020-26963 (bmo#1314912) + History and Location interfaces could have been used to hang + the browser + * CVE-2020-26964 (bmo#1658865) + Firefox for Android's Remote Debugging via USB could have + been abused by untrusted apps on older versions of Android + * CVE-2020-26965 (bmo#1661617) + Software keyboards may have remembered typed passwords + * CVE-2020-26966 (bmo#1663571) + Single-word search queries were also broadcast to local + network + * CVE-2020-26967 (bmo#1665820) + Mutation Observers could break or confuse Firefox Screenshots + feature + * CVE-2020-26968 (bmo#1551615, bmo#1607762, bmo#1656697, + bmo#1657739, bmo#1660236, bmo#1667912, bmo#1671479, + bmo#1671923) + Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 + * CVE-2020-26969 (bmo#1623920, bmo#1651705, bmo#1667872, + bmo#1668876) + Memory safety bugs fixed in Firefox 83 +- requires + NSS >= 3.58 + nodejs >= 10.22.1 +- removed obsolete mozilla-ppc-altivec_static_inline.patch +- disable LTO on TW because of ICEs in gcc + +------------------------------------------------------------------- Old: ---- firefox-82.0.3.source.tar.xz firefox-82.0.3.source.tar.xz.asc l10n-82.0.3.tar.xz mozilla-ppc-altivec_static_inline.patch New: ---- firefox-83.0.source.tar.xz firefox-83.0.source.tar.xz.asc l10n-83.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ MozillaFirefox.spec ++++++ --- /var/tmp/diff_new_pack.pEUCD2/_old 2020-11-26 23:11:06.260924936 +0100 +++ /var/tmp/diff_new_pack.pEUCD2/_new 2020-11-26 23:11:06.264924937 +0100 @@ -29,9 +29,9 @@ # orig_suffix b3 # major 69 # mainver %major.99 -%define major 82 -%define mainver %major.0.3 -%define orig_version 82.0.3 +%define major 83 +%define mainver %major.0 +%define orig_version 83.0 %define orig_suffix %{nil} %define update_channel release %define branding 1 @@ -101,9 +101,9 @@ BuildRequires: libproxy-devel BuildRequires: makeinfo BuildRequires: mozilla-nspr-devel >= 4.29 -BuildRequires: mozilla-nss-devel >= 3.57 +BuildRequires: mozilla-nss-devel >= 3.58 BuildRequires: nasm >= 2.14 -BuildRequires: nodejs10 >= 10.21.0 +BuildRequires: nodejs10 >= 10.22.1 %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 BuildRequires: python-libxml2 BuildRequires: python36 @@ -195,7 +195,6 @@ Patch8: mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch Patch9: mozilla-s390-context.patch Patch11: mozilla-reduce-rust-debuginfo.patch -Patch12: mozilla-ppc-altivec_static_inline.patch Patch13: mozilla-bmo1005535.patch Patch14: mozilla-bmo1568145.patch Patch15: mozilla-bmo1504834-part1.patch @@ -336,7 +335,6 @@ %patch8 -p1 %patch9 -p1 %patch11 -p1 -%patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 @@ -510,7 +508,8 @@ %endif %ifarch x86_64 # LTO needs newer toolchain stack only (at least GCC 8.2.1 (r268506) -%if 0%{?suse_version} > 1500 +# TW's gcc is currently also broken with LTO https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93951 +%if 0%{?suse_version} > 1500 && 0%{?suse_version} < 1550 ac_add_options --enable-lto %if 0%{?do_profiling} ac_add_options MOZ_PGO=1 ++++++ firefox-82.0.3.source.tar.xz -> firefox-83.0.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/firefox-82.0.3.source.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.5913/firefox-83.0.source.tar.xz differ: char 15, line 1 ++++++ l10n-82.0.3.tar.xz -> l10n-83.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/MozillaFirefox/l10n-82.0.3.tar.xz /work/SRC/openSUSE:Factory/.MozillaFirefox.new.5913/l10n-83.0.tar.xz differ: char 26, line 1 ++++++ mozilla-pipewire-0-3.patch ++++++ --- /var/tmp/diff_new_pack.pEUCD2/_old 2020-11-26 23:11:06.616925010 +0100 +++ /var/tmp/diff_new_pack.pEUCD2/_new 2020-11-26 23:11:06.620925011 +0100 @@ -40,9 +40,9 @@ 'pk11sdr.h', 'pkcs11f.h', 'pkcs11.h', -diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/BUILD.gn b/media/webrtc/trunk/webrtc/modules/desktop_capture/BUILD.gn ---- a/media/webrtc/trunk/webrtc/modules/desktop_capture/BUILD.gn -+++ b/media/webrtc/trunk/webrtc/modules/desktop_capture/BUILD.gn +diff --git a/third_party/libwebrtc/webrtc/modules/desktop_capture/BUILD.gn b/third_party/libwebrtc/webrtc/modules/desktop_capture/BUILD.gn +--- a/third_party/libwebrtc/webrtc/modules/desktop_capture/BUILD.gn ++++ b/third_party/libwebrtc/webrtc/modules/desktop_capture/BUILD.gn @@ -153,17 +153,17 @@ if (rtc_include_tests) { "../../test:test_support", ] @@ -62,16 +62,16 @@ packages = [ "gio-2.0", "gio-unix-2.0", -diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build b/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build ---- a/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build -+++ b/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build +diff --git a/third_party/libwebrtc/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build b/third_party/libwebrtc/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build +--- a/third_party/libwebrtc/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build ++++ b/third_party/libwebrtc/webrtc/modules/desktop_capture/desktop_capture_generic_gn/moz.build @@ -112,16 +112,39 @@ if CONFIG["OS_TARGET"] == "DragonFly": - "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/x_atom_cache.cc", - "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/x_error_trap.cc", - "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/x_server_pixel_buffer.cc", - "/media/webrtc/trunk/webrtc/modules/desktop_capture/mouse_cursor_monitor_linux.cc", - "/media/webrtc/trunk/webrtc/modules/desktop_capture/screen_capturer_linux.cc", - "/media/webrtc/trunk/webrtc/modules/desktop_capture/window_capturer_linux.cc" + "/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/x_atom_cache.cc", + "/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/x_error_trap.cc", + "/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/x_server_pixel_buffer.cc", + "/third_party/libwebrtc/webrtc/modules/desktop_capture/mouse_cursor_monitor_linux.cc", + "/third_party/libwebrtc/webrtc/modules/desktop_capture/screen_capturer_linux.cc", + "/third_party/libwebrtc/webrtc/modules/desktop_capture/window_capturer_linux.cc" ] +# PipeWire specific files @@ -92,9 +92,9 @@ + CXXFLAGS += [ "-I/usr/include/spa-0.2" ] + + UNIFIED_SOURCES += [ -+ "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.cc", -+ "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/screen_capturer_pipewire.cc", -+ "/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/window_capturer_pipewire.cc" ++ "/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.cc", ++ "/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/screen_capturer_pipewire.cc", ++ "/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/window_capturer_pipewire.cc" + ] + if CONFIG["OS_TARGET"] == "FreeBSD": @@ -105,9 +105,9 @@ DEFINES["_FILE_OFFSET_BITS"] = "64" OS_LIBS += [ -diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_options.h b/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_options.h ---- a/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_options.h -+++ b/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_capture_options.h +diff --git a/third_party/libwebrtc/webrtc/modules/desktop_capture/desktop_capture_options.h b/third_party/libwebrtc/webrtc/modules/desktop_capture/desktop_capture_options.h +--- a/third_party/libwebrtc/webrtc/modules/desktop_capture/desktop_capture_options.h ++++ b/third_party/libwebrtc/webrtc/modules/desktop_capture/desktop_capture_options.h @@ -136,15 +136,15 @@ class DesktopCaptureOptions { #if defined(USE_X11) bool use_update_notifications_ = false; @@ -125,9 +125,9 @@ } // namespace webrtc #endif // MODULES_DESKTOP_CAPTURE_DESKTOP_CAPTURE_OPTIONS_H_ -diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.cc b/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.cc ---- a/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.cc -+++ b/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.cc +diff --git a/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.cc b/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.cc +--- a/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.cc ++++ b/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.cc @@ -10,18 +10,21 @@ #include "modules/desktop_capture/linux/base_capturer_pipewire.h" @@ -786,9 +786,9 @@ +} + } // namespace webrtc -diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.h b/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.h ---- a/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.h -+++ b/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.h +diff --git a/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.h b/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.h +--- a/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.h ++++ b/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.h @@ -17,99 +17,103 @@ #include <spa/param/video/format-utils.h> @@ -919,9 +919,9 @@ static void OnProxyRequested(GObject* object, GAsyncResult* result, -diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/screen_capturer_pipewire.cc b/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/screen_capturer_pipewire.cc ---- a/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/screen_capturer_pipewire.cc -+++ b/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/screen_capturer_pipewire.cc +diff --git a/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/screen_capturer_pipewire.cc b/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/screen_capturer_pipewire.cc +--- a/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/screen_capturer_pipewire.cc ++++ b/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/screen_capturer_pipewire.cc @@ -10,17 +10,17 @@ #include "modules/desktop_capture/linux/screen_capturer_pipewire.h" @@ -941,9 +941,9 @@ const DesktopCaptureOptions& options) { return std::make_unique<ScreenCapturerPipeWire>(); } -diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/window_capturer_pipewire.cc b/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/window_capturer_pipewire.cc ---- a/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/window_capturer_pipewire.cc -+++ b/media/webrtc/trunk/webrtc/modules/desktop_capture/linux/window_capturer_pipewire.cc +diff --git a/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/window_capturer_pipewire.cc b/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/window_capturer_pipewire.cc +--- a/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/window_capturer_pipewire.cc ++++ b/third_party/libwebrtc/webrtc/modules/desktop_capture/linux/window_capturer_pipewire.cc @@ -10,17 +10,17 @@ #include "modules/desktop_capture/linux/window_capturer_pipewire.h" @@ -963,9 +963,9 @@ const DesktopCaptureOptions& options) { return std::make_unique<WindowCapturerPipeWire>(); } -diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/screen_capturer_linux.cc b/media/webrtc/trunk/webrtc/modules/desktop_capture/screen_capturer_linux.cc ---- a/media/webrtc/trunk/webrtc/modules/desktop_capture/screen_capturer_linux.cc -+++ b/media/webrtc/trunk/webrtc/modules/desktop_capture/screen_capturer_linux.cc +diff --git a/third_party/libwebrtc/webrtc/modules/desktop_capture/screen_capturer_linux.cc b/third_party/libwebrtc/webrtc/modules/desktop_capture/screen_capturer_linux.cc +--- a/third_party/libwebrtc/webrtc/modules/desktop_capture/screen_capturer_linux.cc ++++ b/third_party/libwebrtc/webrtc/modules/desktop_capture/screen_capturer_linux.cc @@ -21,17 +21,17 @@ namespace webrtc { @@ -985,9 +985,9 @@ #endif // defined(USE_X11) return nullptr; -diff --git a/media/webrtc/trunk/webrtc/modules/desktop_capture/window_capturer_linux.cc b/media/webrtc/trunk/webrtc/modules/desktop_capture/window_capturer_linux.cc ---- a/media/webrtc/trunk/webrtc/modules/desktop_capture/window_capturer_linux.cc -+++ b/media/webrtc/trunk/webrtc/modules/desktop_capture/window_capturer_linux.cc +diff --git a/third_party/libwebrtc/webrtc/modules/desktop_capture/window_capturer_linux.cc b/third_party/libwebrtc/webrtc/modules/desktop_capture/window_capturer_linux.cc +--- a/third_party/libwebrtc/webrtc/modules/desktop_capture/window_capturer_linux.cc ++++ b/third_party/libwebrtc/webrtc/modules/desktop_capture/window_capturer_linux.cc @@ -21,17 +21,17 @@ namespace webrtc { ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.pEUCD2/_old 2020-11-26 23:11:06.696925027 +0100 +++ /var/tmp/diff_new_pack.pEUCD2/_new 2020-11-26 23:11:06.696925027 +0100 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="release" -VERSION="82.0.3" +VERSION="83.0" VERSION_SUFFIX="" -PREV_VERSION="82.0.2" +PREV_VERSION="82.0.3" PREV_VERSION_SUFFIX="" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-release"; -RELEASE_TAG="861857e7c10478e180cc39a394377a3b1304954b" -RELEASE_TIMESTAMP="20201108180448" +RELEASE_TAG="55359edc5d1cb8addecf9d2e7151782da543f67b" +RELEASE_TIMESTAMP="20201112153044" _______________________________________________ openSUSE Commits mailing list -- [email protected] To unsubscribe, email [email protected] List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/[email protected]
