openSUSE Build Service

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 20)

- Disable/remove patches no longer needed:
    mozilla-bmo1511604.patch
    mozilla-bmo1583471.patch
- Added mozilla-bmo1602730.patch to fix another LE<->BE issue (bmo#1602730)

- Mozilla Firefox 68.4.1esr
  MFSA 2020-03 (bsc#1160498)
  * CVE-2019-17026 (bmo#1607443)
    IonMonkey type confusion with StoreElementHole and FallibleStoreElement

- Mozilla Firefox 68.4.0esr
  MFSA 2020-02 (bsc#1160305)
  * CVE-2019-17015 (bmo#1599005)
    Memory corruption in parent process during new content process
    initialization on Windows
  * CVE-2019-17016 (bmo#1599181)
    Bypass of @namespace CSS sanitization during pasting
  * CVE-2019-17017 (bmo#1603055)
    Type Confusion in XPCVariant.cpp
  * CVE-2019-17021 (bmo#1599008)
    Heap address disclosure in parent process during content process
    initialization on Windows
  * CVE-2019-17022 (bmo#1602843)
    CSS sanitization does not escape HTML tags
  * CVE-2019-17024 (bmo#1507180, bmo#1595470, bmo#1598605, bmo#1601826)
    Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
------------------------------------------------------------------

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 19)

- add mozilla-bmo1583471.patch to allow building with rust 1.39

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 18)

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 17)

- Mozilla Firefox 68.3.0esr
  MFSA 2019-37
  * CVE-2019-17008 (bmo#1546331)
    Use-after-free in worker destruction
  * CVE-2019-13722 (bmo#1580156)
    Stack corruption due to incorrect number of arguments in WebRTC code
  * CVE-2019-11745 (bmo#1586176)
    Out of bounds write in NSS when encrypting with a block cipher
  * CVE-2019-17009 (bmo#1510494)
    Updater temporary files accessible to unprivileged processes
  * CVE-2019-17010 (bmo#1581084)
    Use-after-free when performing device orientation checks
  * CVE-2019-17005 (bmo#1584170)
    Buffer overflow in plain text serializer
  * CVE-2019-17011 (bmo#1591334)
    Use-after-free when retrieving a document in antitracking
  * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209,
    bmo#1580288, bmo#1585760, bmo#1592502)
    Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
  * Various updates to improve performance and stability
- updated create-tar.sh to cover buildid and origin repo information
  -> removed obsolete source-stamp.txt
- changed locale building procedure
  * removed obsolete compare-locales.tar.xz

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 16)

- added
    mozilla-bmo1504834-part4.patch
    mozilla-bmo849632.patch
  to fix broken tab-titles on big endian machines
- reactivate webRTC for all architectures

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 15)

- Ensure %{ff_esr_name} get tested as a string; also, don't compare
  against an empty string.

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 14)

- Use more portable syntax to check if macro ff_esr_name is defined.

Wolfgang Rosenauer (wrosenauer) accepted request 748737 from

Antonio Larrosa (alarrosa) over 4 years ago (revision 13)

- Increase disk size in _constraints file from 24 to 25 Gb since the
  build log is showing a "No space left on device" error when checking
  for unpackaged files in x86_64.

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 12)

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 11)

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 10)

  MFSA 2019-33 (bsc#1154738)
  * CVE-2019-15903 (bmo#1584907)
    Heap overflow in expat library in XML_GetCurrentLineNumber
  * CVE-2019-11757 (bmo#1577107)
    Use-after-free when creating index updates in IndexedDB
  * CVE-2019-11758 (bmo#1536227)
    Potentially exploitable crash due to 360 Total Security
  * CVE-2019-11759 (bmo#1577953)
    Stack buffer overflow in HKDF output
  * CVE-2019-11760 (bmo#1577719)
    Stack buffer overflow in WebRTC networking
  * CVE-2019-11761 (bmo#1561502)
    Unintended access to a privileged JSONView object
  * CVE-2019-11762 (bmo#1582857)
    document.domain-based origin isolation has same-origin-property violation
  * CVE-2019-11763 (bmo#1584216)
    Incorrect HTML parsing results in XSS bypass technique
  * CVE-2019-11764 (bmo#1558522, bmo#1577061, bmo#1548044, bmo#1571223,
    bmo#1573048, bmo#1578933, bmo#1575217, bmo#1583684, bmo#1586845,
    bmo#1581950, bmo#1583463, bmo#1586599)
    Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 9)

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 8)

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 7)

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 6)

- added mozilla-sle12-lower-python-requirement.patch to support
  SLE12 still

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 5)

- Mozilla Firefox 68.2.0esr
- removed obsolete patches
    mozilla-bmo1573381.patch
    mozilla-bmo1512162.patch
    mozilla-bmo1585099.patch

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 4)

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 3)

- do not build devel subpackage for this variant (not required and
  creating file conflicts)

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 2)

Wolfgang Rosenauer (wrosenauer) committed over 4 years ago (revision 1)

osc copypac from project:mozilla package:firefox68 revision:8

Browse Source

Places

Revisions of firefox-esr

Places