firefox-esr (115.12.0esr-1~deb12u1) bookworm-security; urgency=medium
* New upstream release.
* Fixes for mfsa2024-26, also known as:
CVE-2024-5702, CVE-2024-5688, CVE-2024-5690, CVE-2024-5691,
CVE-2024-5693, CVE-2024-5696, CVE-2024-5700.
-- Mike Hommey <glandium@debian.org> Wed, 12 Jun 2024 05:41:00 +0900
firefox-esr (115.11.0esr-1~deb12u1) bookworm-security; urgency=medium
* New upstream release.
* Fixes for mfsa2024-22, also known as:
CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769,
CVE-2024-4770, CVE-2024-4777.
-- Mike Hommey <glandium@debian.org> Wed, 15 May 2024 05:05:03 +0900
firefox-esr (115.10.0esr-1~deb12u1) bookworm-security; urgency=medium
* New upstream release.
* Fixes for mfsa2024-19, also known as:
CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-2609,
CVE-2024-3859, CVE-2024-3861, CVE-2024-3302, CVE-2024-3864.
-- Mike Hommey <glandium@debian.org> Wed, 17 Apr 2024 05:35:49 +0900
firefox-esr (115.9.1esr-1~deb12u1) bookworm-security; urgency=medium
* New upstream release.
* Fixes for mfsa2024-16, also known as CVE-2024-29944.
* debian/control*, debian/rules: Undo workaround for bug 1052002.
-- Mike Hommey <glandium@debian.org> Sat, 23 Mar 2024 05:09:32 +0900
firefox-esr (115.9.0esr-1~deb12u1) bookworm-security; urgency=medium
* New upstream release.
* Fixes for mfsa2024-13, also known as:
CVE-2024-0743, CVE-2024-2607, CVE-2024-2608, CVE-2024-2616,
CVE-2023-5388, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612,
CVE-2024-2614.
-- Mike Hommey <glandium@debian.org> Wed, 20 Mar 2024 05:59:40 +0900
firefox-esr (115.8.0esr-1~deb12u1) bookworm-security; urgency=medium
* New upstream release.
* Fixes for mfsa2024-06, also known as:
CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549,
CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553.
-- Mike Hommey <glandium@debian.org> Wed, 21 Feb 2024 06:08:41 +0900
firefox-esr (115.7.0esr-1~deb12u1) bookworm-security; urgency=medium
* New upstream release.
* Fixes for mfsa2024-02, also known as:
CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747,
CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,
CVE-2024-0755.
-- Mike Hommey <glandium@debian.org> Wed, 24 Jan 2024 05:44:58 +0900
firefox-esr (115.6.0esr-1~deb12u1) bookworm-security; urgency=medium
* New upstream release.
* Fixes for mfsa2023-54, also known as:
CVE-2023-6856, CVE-2023-6865, CVE-2023-6857, CVE-2023-6858,
CVE-2023-6859, CVE-2023-6860, CVE-2023-6867, CVE-2023-6861,
CVE-2023-6862, CVE-2023-6863, CVE-2023-6864.
* intl/locale/rust/oxilangtag-ffi/src/lib.rs: Allow to build with
rustc < 1.65.
-- Mike Hommey <glandium@debian.org> Wed, 20 Dec 2023 08:49:25 +0900
firefox-esr (115.5.0esr-1~deb12u1) bookworm-security; urgency=medium
* New upstream release.
* Fixes for mfsa2023-50, also known as:
CVE-2023-6204, CVE-2023-6205, CVE-2023-6206, CVE-2023-6207,
CVE-2023-6208, CVE-2023-6209, CVE-2023-6212.
-- Mike Hommey <glandium@debian.org> Wed, 22 Nov 2023 05:32:16 +0900
firefox-esr (115.4.0esr-1~deb12u1) bookworm-security; urgency=medium
* New upstream release.
* Fixes for mfsa2023-46, also known as:
CVE-2023-5721, CVE-2023-5732, CVE-2023-5724, CVE-2023-5725,
CVE-2023-5728, CVE-2023-5730.
-- Mike Hommey <glandium@debian.org> Wed, 25 Oct 2023 06:21:28 +0900
firefox-esr (115.3.0esr-1~deb12u1) bookworm-security; urgency=medium
* New upstream release.
* Fixes for mfsa2023-42, also known as:
CVE-2023-5169, CVE-2023-5171, CVE-2023-5176.
* debian/control*, debian/rules: Work around bug 1052002 by force-using
clang-14.
-- Mike Hommey <glandium@debian.org> Wed, 27 Sep 2023 05:43:46 +0900
firefox-esr (115.2.1esr-1) unstable; urgency=medium
* New upstream release.
* Fix for mfsa2023-40, also known as CVE-2023-4863.
* debian/upstream.mk, debian/repack.py: Get l10n sources from zip archives.
Thanks David Turner for the initial implementation.
-- Mike Hommey <glandium@debian.org> Wed, 13 Sep 2023 06:30:23 +0900
firefox-esr (115.2.0esr-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2023-36, also known as:
CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4577,
CVE-2023-4051, CVE-2023-4578, CVE-2023-4053, CVE-2023-4580,
CVE-2023-4581, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585.
* debian/watch: Refresh.
-- Mike Hommey <glandium@debian.org> Wed, 30 Aug 2023 06:03:46 +0900
firefox-esr (115.1.0esr-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2023-31, also known as:
CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048,
CVE-2023-4049, CVE-2023-4050, CVE-2023-4055, CVE-2023-4056,
CVE-2023-4057.
-- Mike Hommey <glandium@debian.org> Wed, 02 Aug 2023 06:15:06 +0900
firefox-esr (115.0.2esr-1) unstable; urgency=medium
* New upstream release.
* security/nss/lib/freebl/unix_rand.c,
security/nss/cmd/shlibsign/shlibsign.c: Unapply changes for Hurd, as
there is no rustc there.
-- Mike Hommey <glandium@debian.org> Fri, 14 Jul 2023 13:40:53 +0900
firefox (115.0.2-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2023-26, also known as CVE-2023-3600.
* debian/control*, debian/compat: Bump debhelper compat level to 12.
* debian/rules:
- Stop compressing debug info at link time.
- Use dh_missing.
- Disable dwz for libxul.
- Disable debug symbols on riscv64, because linking takes so long that
buildds kill the build after 420 minutes of "inactivity".
- Remove libgtk2 exclusion in dh_shlibdeps call. The dependency is long
gone.
- Stop cleaning up configure. It is unnecessary nowadays.
- Rely on dh_update_autotools_config instead of manual grunt work.
- Stop overriding dh_clean.
* debian/browser.mozconfig.in, debian/control.in, debian/rules,
debian/upstream.mk: Remove support for stretch.
* debian/symbols.apt.conf, debian/symbols.mk, debian/symbols.sources.list:
Remove symbol dumping scripts. They haven't been used to upload symbols
for a long time, and Mozilla now pulls the symbols rather than us
uploading them.
* build/unix/elfhack/elf.cpp, build/unix/elfhack/elfhack.cpp,
build/unix/elfhack/elfxx.h: More properly handle files > 4GB in elfhack.
bz#1840931.
* media/libaom/moz.build: After all, we did need that patch. bz#1842933.
-- Mike Hommey <glandium@debian.org> Wed, 12 Jul 2023 09:16:06 +0900
firefox (115.0.1-1) unstable; urgency=medium
* New upstream release.
* debian/patches: Consolidate patches in two categories instead of four.
Also remove some unuseful patches:
+ xpcom/reflect/xptcall/md/unix/moz.build,
xpcom/reflect/xptcall/src/md/unix/xptcinvoke_linux_sh.cpp,
xpcom/reflect/xptcall/src/md/unix/xptcstubs_linux_sh.cpp: Remove xptcall
support for SH4. We don't have rustc on SH4 anyways.
+ media/libaom/moz.build: libaom neon flags are better set as of bz#1791482
and shouldn't require a patch.
* gfx/skia/moz.build: Work around GCC ICE on ppc64el.
-- Mike Hommey <glandium@debian.org> Tue, 11 Jul 2023 06:39:31 +0900
firefox (115.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2023-22, also known as:
CVE-2023-3482, CVE-2023-37201, CVE-2023-37202, CVE-2023-37203,
CVE-2023-37204, CVE-2023-37205, CVE-2023-37206, CVE-2023-37207,
CVE-2023-37208, CVE-2023-37209, CVE-2023-37210, CVE-2023-37211,
CVE-2023-37212.
* debian/rules, media/ffvpx/config_unix64.h: Work around
https://sourceware.org/bugzilla/show_bug.cgi?id=30578. Closes: #1040328.
* gfx/skia/moz.build: Undefine the mips builtin macro on mips in skia.
bz#1841197.
-- Mike Hommey <glandium@debian.org> Wed, 05 Jul 2023 06:46:25 +0900
firefox (114.0.2-1) unstable; urgency=medium
* New upstream release.
* debian/upstream.mk: Unstable is trixie.
* debian/rules: Use in-tree NSS on bookworm.
-- Mike Hommey <glandium@debian.org> Thu, 22 Jun 2023 13:54:23 +0900
firefox (114.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2023-20, also known as:
CVE-2023-34414, CVE-2023-34415, CVE-2023-34416, CVE-2023-34417.
* debian/browser.install.in: Install gfxtest and vaapitest.
-- Mike Hommey <glandium@debian.org> Wed, 07 Jun 2023 05:52:21 +0900
firefox (113.0.2-1) unstable; urgency=medium
* New upstream release.
* dom/base/nsTextFragment.cpp, dom/base/nsTextFragmentGeneric.h,
dom/base/nsTextFragmentGenericFwd.h: Isolate SSE2 requirements to
SSE-compiled file. bz#1827566.
-- Mike Hommey <glandium@debian.org> Sat, 27 May 2023 05:00:29 +0900
firefox (113.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2023-16, also known as:
CVE-2023-32205, CVE-2023-32206, CVE-2023-32207, CVE-2023-32208,
CVE-2023-32209, CVE-2023-32210, CVE-2023-32211, CVE-2023-32212,
CVE-2023-32213, CVE-2023-32215, CVE-2023-32216.
* debian/control, debian/l10n/browser-l10n.control: Refresh locales.
-- Mike Hommey <glandium@debian.org> Wed, 10 May 2023 06:47:20 +0900
firefox (112.0.1-1) unstable; urgency=medium
* New upstream release.
* gfx/thebes/gfxFont.cpp, gfx/thebes/gfxFontEntry.cpp: Don't attempt
to use font extents if we didn't get a valid 'head' table, or if
it's not an sfnt resource. bz#1827950. Closes: #1034363.
-- Mike Hommey <glandium@debian.org> Thu, 20 Apr 2023 06:12:33 +0900
firefox (112.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2023-13, also known as:
CVE-2023-29533, CVE-2023-29535, CVE-2023-29536, CVE-2023-29537,
CVE-2023-29538, CVE-2023-29539, CVE-2023-29540, CVE-2023-29541,
CVE-2023-29543, CVE-2023-29544, CVE-2023-29547, CVE-2023-29548,
CVE-2023-29549, CVE-2023-29550, CVE-2023-29551.
* debian/control*: Bump nss build dependency.
* debian/control: Add libavcodec60 recommendation.
* security/manager/ssl/builtins/build.rs,
security/manager/ssl/builtins/src/certdata.rs: Revert upstream change to
preserve compatibility with rustc 1.63.
-- Mike Hommey <glandium@debian.org> Wed, 12 Apr 2023 09:53:55 +0900
firefox (111.0.1-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Sat, 25 Mar 2023 05:21:58 +0900
firefox (111.0-3) unstable; urgency=medium
* dom/media/webaudio/AudioNodeEngine*: Forward declare arch-specific xsimd
specialization. bz#1822901.
-- Mike Hommey <glandium@debian.org> Tue, 21 Mar 2023 09:28:00 +0900
firefox (111.0-2) unstable; urgency=medium
* gfx/skia/generate_mozbuild.py, gfx/skia/moz.build: Remove explicit NEON
flags from skia build. Thanks Emanuele Rocca.
* dom/media/webaudio/AudioNodeEngineGeneric.h: Use fully specified xsimd::batch
type. bz#1821363.
* third_party/libwebrtc/moz.build: Add now removed desktop_capture_generic_gn
directory.
-- Mike Hommey <glandium@debian.org> Tue, 21 Mar 2023 06:18:07 +0900
firefox (111.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2023-09, also known as:
CVE-2023-25750, CVE-2023-25751, CVE-2023-28160, CVE-2023-28164,
CVE-2023-28161, CVE-2023-28162, CVE-2023-25752, CVE-2023-28176,
CVE-2023-28177.
* debian/control*: Bump nss build dependency.
* debian/control, debian/l10n/browser-l10n.control: Refresh locales.
* debian/browser.mozconfig.in: Disable wasm sandboxing on s390x for now.
It doesn't work at the moment.
-- Mike Hommey <glandium@debian.org> Wed, 15 Mar 2023 07:56:18 +0900
firefox (110.0.1-1) unstable; urgency=medium
* New upstream release.
* debian/control*: Build depend on the rustc version we have in unstable.
Closes: #1031357.
* Cargo.lock, python/mozboot/mozboot/util.py,
servo/components/selectors/context.rs,
servo/components/selectors/parser.rs,
servo/components/style/gecko/selector_parser.rs,
servo/components/style/properties/gecko.mako.rs,
servo/components/style/style_resolver.rs,
servo/components/style/stylesheets/container_rule.rs,
servo/components/style/stylist.rs,
third_party/rust/cstr/.cargo-checksum.json,
third_party/rust/cstr/Cargo.toml,
third_party/rust/cstr/README.md,
third_party/rust/cstr/src/lib.rs: Relax minimum supported rust version
to 1.63.
* js/src/irregexp/moz.build: Suppress false positive error for GCC.
bz#1810584.
-- Mike Hommey <glandium@debian.org> Wed, 01 Mar 2023 08:35:30 +0900
firefox (110.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2023-05, also known as:
CVE-2023-25728, CVE-2023-25730, CVE-2023-0767, CVE-2023-25735,
CVE-2023-25737, CVE-2023-25739, CVE-2023-25729, CVE-2023-25732,
CVE-2023-25731, CVE-2023-25733, CVE-2023-25736, CVE-2023-25741,
CVE-2023-25742, CVE-2023-25744, CVE-2023-25745.
* debian/control*: Bump nss, rustc and cargo build dependencies.
* third_party/wasm2c/src/common.h,
third_party/wasm2c/src/prebuilt/wasm2c.include.c,
third_party/wasm2c/src/wasm2c.c.tmpl: Use compiler macros to detect big
endian.
-- Mike Hommey <glandium@debian.org> Wed, 15 Feb 2023 09:14:45 +0900
firefox (109.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2023-01, also known as:
CVE-2022-23597, CVE-2023-23598, CVE-2023-23601, CVE-2023-23602,
CVE-2023-23603, CVE-2023-23604, CVE-2023-23605, CVE-2023-23606.
* debian/control*:
- Bump nss build dependency.
- Bump cargo dependency back to what it's supposed to be.
* debian/browser.mozconfig.in, debian/control*: Enable wasm sandboxing
on bookworm.
* build/moz.configure/compilers-util.configure,
toolkit/moz.configure: Add more configure checks for the wasm toolchain
setup. bz#1747145.
toolkit/moz.configure: Allow to build without a wasi sysroot. bz#1810627
* build/moz.configure/rust.configure: Revert the relaxing of the cargo
dependency now that we have the right version in unstable.
-- Mike Hommey <glandium@debian.org> Wed, 18 Jan 2023 06:27:19 +0900
firefox (108.0.2-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Tue, 10 Jan 2023 08:00:05 +0900
firefox (108.0-2) unstable; urgency=medium
* security/manager/ssl/tests/unit/tlsserver/cmd/moz.build,
security/manager/ssl/tests/unit/tlsserver/lib/moz.build,
security/moz.build: Pseudo-revert bz#1754746 and bz#1799121.
Closes: #1026072.
* .cargo/config.in, Cargo.lock, Cargo.toml, third_party/rust/uniffi*,
third_party/rust/weedle2*: Make uniffi-bindgen more deterministic
across platforms.
-- Mike Hommey <glandium@debian.org> Thu, 15 Dec 2022 17:42:19 +0900
firefox (108.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-51, also known as:
CVE-2022-46871, CVE-2022-46872, CVE-2022-46873, CVE-2022-46874,
CVE-2022-46877, CVE-2022-46878, CVE-2022-46879.
* debian/control*: Bump rustc and nss build dependencies.
-- Mike Hommey <glandium@debian.org> Wed, 14 Dec 2022 07:56:15 +0900
firefox (107.0.1-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Sat, 03 Dec 2022 05:49:43 +0900
firefox (107.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-47, also known as:
CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406,
CVE-2022-45407, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410,
CVE-2022-45411, CVE-2022-45412, CVE-2022-40674, CVE-2022-45415,
CVE-2022-45416, CVE-2022-45417, CVE-2022-45418, CVE-2022-45419,
CVE-2022-45420, CVE-2022-45421.
* debian/rules:
- Use internal libevent on buster.
- Invoke python with PYTHONDONTWRITEBYTECODE instead of -B.
* debian/control*: Bump nss build dependency.
-- Mike Hommey <glandium@debian.org> Wed, 16 Nov 2022 08:10:27 +0900
firefox (106.0.5-1) unstable; urgency=medium
* New upstream release.
* media/ffvpx/config_unix_aarch64.h: Don't build libav with sysctl on
Unix AArch64. bz#1791275.
-- Mike Hommey <glandium@debian.org> Mon, 07 Nov 2022 06:06:42 +0900
firefox (106.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-44, also known as:
CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42930,
CVE-2022-42931, CVE-2022-42932.
* debian/control*: Bump nss and libvpx build dependencies.
* debian/rules: Build with vendored libvpx on bullseye.
* mozglue/misc/SIMD.cpp, mozglue/misc/SIMD_avx2.cpp: Restrict SIMD_avx2 to
AMD64. bz#1792158.
* modules/fdlibm/src/math_private.h: Do not define unused float_t type in
fdlibm. bz#1789560.
* js/src/jit/GenerateAtomicOperations.py: Add missing includes to
AtomicOperationsGenerated.h. bz#1792159.
* third_party/libwebrtc/build/config/compiler/BUILD.gn,
third_party/libwebrtc/**/moz.build: Fix webrtc FTBFS from missing sse2
flags. bz#1795993.
-- Mike Hommey <glandium@debian.org> Wed, 19 Oct 2022 05:59:30 +0900
firefox (105.0.1-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Wed, 28 Sep 2022 07:40:44 +0900
firefox (105.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-40, also known as:
CVE-2022-40959, CVE-2022-40960, CVE-2022-40958, CVE-2022-40956,
CVE-2022-40957, CVE-2022-40962.
* debian/control*: Bump rustc and nss build dependencies.
* python/mozbuild/mozbuild/nodeutil.py: Relax nodejs minimum version.
-- Mike Hommey <glandium@debian.org> Wed, 21 Sep 2022 07:22:10 +0900
firefox (104.0.2-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Tue, 13 Sep 2022 09:08:49 +0900
firefox (104.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-33, also known as:
CVE-2022-38472, CVE-2022-38473, CVE-2022-38475, CVE-2022-38477,
CVE-2022-38478.
* debian/rules, debian/control: Fix libavcodec recommends. Closes: #1017782.
* debian/control*: Bump nss and nodejs build dependencies.
-- Mike Hommey <glandium@debian.org> Wed, 24 Aug 2022 07:17:28 +0900
firefox (103.0.2-2) unstable; urgency=medium
* debian/rules: Remove old and now unnecessary workarounds.
* intl/icu/source/common/unicode/std_string.h,
intl/icu/source/common/utypeinfo.h,
intl/icu/source/io/unicode/ustream.h: Remove workaround for old libstdc++
problem, which now causes problems with GCC 12 on arm.
* third_party/libwebrtc/moz.build: Add missing webrtc directory for ppc64el
(bz#1775202).
-- Mike Hommey <glandium@debian.org> Mon, 15 Aug 2022 15:46:49 +0900
firefox (103.0.2-1) unstable; urgency=medium
* New upstream release.
* debian/rules:
- Use thinLTO for rust on armhf, to stay in the memory budget with an
armhf toolchain.
- Use MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=none instead of
MACH_USE_SYSTEM_PYTHON=1.
* debian/rules, debian/watch, debian/watch.in: Generate debian/watch and
fix it.
* js/src/jit/mips-shared/CodeGenerator-mips-shared.cpp,
js/src/jit/mips-shared/SharedICHelpers-mips-shared-inl.h,
js/src/jit/mips-shared/SharedICHelpers-mips-shared.h,
js/src/jit/mips64/Assembler-mips64.h,
js/src/jit/mips64/MacroAssembler-mips64.cpp,
js/src/jit/mips64/Simulator-mips64.cpp,
js/src/jit/mips64/Trampoline-mips64.cpp,
js/src/jit/shared/Lowering-shared-inl.h,
js/src/wasm/WasmFrameIter.cpp: Fix FTBFS on mips64. bz#1776825.
* third_party/libwebrtc/moz.build: Work around bz#1775202 to fix FTBFS on
ppc64el.
* config/makefiles/rust.mk: Allow to override rust LTO flag.
-- Mike Hommey <glandium@debian.org> Sun, 14 Aug 2022 15:28:01 +0900
firefox (103.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-28, also known as:
CVE-2022-36319, CVE-2022-36318, CVE-2022-36315, CVE-2022-36316,
CVE-2022-36320, CVE-2022-2505.
* debian/control*: Bump cbindgen and nss build dependencies.
-- Mike Hommey <glandium@debian.org> Wed, 27 Jul 2022 10:07:35 +0900
firefox (102.0.1-3) unstable; urgency=medium
* debian/rules: Fix the logic of the aarch64 test.
-- Mike Hommey <glandium@debian.org> Thu, 14 Jul 2022 11:31:47 +0900
firefox (102.0.1-2) unstable; urgency=medium
* debian/rules: Tentatively improve detection of known failing cases on
armhf.
-- Mike Hommey <glandium@debian.org> Thu, 14 Jul 2022 09:32:47 +0900
firefox (102.0.1-1) unstable; urgency=medium
* New upstream release.
* debian/rules: Tentatively improve detection of known failing cases on
armhf and mipsel.
-- Mike Hommey <glandium@debian.org> Thu, 14 Jul 2022 06:17:52 +0900
firefox (102.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-24, also known as:
CVE-2022-34479, CVE-2022-34470, CVE-2022-34468, CVE-2022-34482,
CVE-2022-34483, CVE-2022-34476, CVE-2022-34481, CVE-2022-34474,
CVE-2022-34471, CVE-2022-34472, CVE-2022-2200, CVE-2022-34480,
CVE-2022-34477, CVE-2022-34475, CVE-2022-34473, CVE-2022-34484,
CVE-2022-34485.
* build/moz.configure/bindgen.configure,
gfx/webrender_bindings/webrender_ffi.h: Work around build failure with
newer cbindgen. bz#1773259
-- Mike Hommey <glandium@debian.org> Wed, 29 Jun 2022 07:41:32 +0900
firefox (101.0.1-1) unstable; urgency=medium
* New upstream release.
* build/moz.configure/rust.configure, debian/control*: Allow to build with
cargo in unstable.
-- Mike Hommey <glandium@debian.org> Fri, 10 Jun 2022 06:24:01 +0900
firefox (101.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-20, also known as:
CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740,
CVE-2022-31741, CVE-2022-31742, CVE-2022-31743, CVE-2022-31744,
CVE-2022-31745, CVE-2022-1919, CVE-2022-31747, CVE-2022-31748.
* debian/rules: Fail the build early when building for armhf on armhf
(only works on arm64), and when building for mipsel on mipsel.
* debian/control*: Bump rustc, cargo, cbindgen and nss build dependencies.
-- Mike Hommey <glandium@debian.org> Wed, 01 Jun 2022 06:07:37 +0900
firefox (100.0.2-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-19, also known as CVE-2022-1802 and CVE-2022-1529.
-- Mike Hommey <glandium@debian.org> Sat, 21 May 2022 07:32:04 +0900
firefox (100.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-16, also known as:
CVE-2022-29914, CVE-2022-29909, CVE-2022-29916, CVE-2022-29911,
CVE-2022-29912, CVE-2022-29915, CVE-2022-29917, CVE-2022-29918.
-- Mike Hommey <glandium@debian.org> Wed, 04 May 2022 08:48:41 +0900
firefox (99.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-13, also known as:
CVE-2022-1097, CVE-2022-28281, CVE-2022-28282, CVE-2022-28283,
CVE-2022-28284, CVE-2022-28285, CVE-2022-28286, CVE-2022-28287,
CVE-2022-24713, CVE-2022-28289, CVE-2022-28288.
* debian/control*: Bump nss build dependency.
-- Mike Hommey <glandium@debian.org> Wed, 06 Apr 2022 09:04:22 +0900
firefox (98.0-2) unstable; urgency=medium
* debian/rules: Install crash reporter files on arm64.
* js/src/jit/GenerateAtomicOperations.py: Work around a GCC issue with
generated atomics. bz#1756347.
-- Mike Hommey <glandium@debian.org> Thu, 10 Mar 2022 09:09:43 +0900
firefox (98.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-10, also known as:
CVE-2022-26383, CVE-2022-26384, CVE-2022-26387, CVE-2022-26381,
CVE-2022-26382, CVE-2022-26385, CVE-2022-0843.
* Fixes for mfsa2022-09, also known as: CVE-2022-26485, CVE-2022-26486.
* debian/control*:
- Bump nss build dependency.
- Downgrade rust dependency to 1.56, and cargo to 0.57.
* Cargo.lock, config/makefiles/rust.mk, python/mozboot/mozboot/util.py,
servo/components/style/Cargo.toml, servo/components/style/build.rs,
servo/components/style/lib.rs,
servo/components/style/stylesheets/page_rule.rs,
servo/components/style/stylist.rs,
third_party/rust/audioipc2-client/.cargo-checksum.json,
third_party/rust/audioipc2-client/Cargo.toml,
third_party/rust/audioipc2-client/build.rs,
third_party/rust/audioipc2-client/src/lib.rs,
third_party/rust/wgpu-hal/.cargo-checksum.json,
third_party/rust/wgpu-hal/src/gles/egl.rs: Relax minimum supported Rust
version to 1.56.0.
-- Mike Hommey <glandium@debian.org> Wed, 09 Mar 2022 07:09:27 +0900
firefox (97.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-04, also known as:
CVE-2022-22754, CVE-2022-22755, CVE-2022-22756, CVE-2022-22759,
CVE-2022-22760, CVE-2022-22761, CVE-2022-22764, CVE-2022-0511.
* debian/control*: Bump nss, rustc and cargo build dependencies.
* debian/browser.install.in: Install libipcclientcerts.so.
-- Mike Hommey <glandium@debian.org> Wed, 09 Feb 2022 07:53:42 +0900
firefox (96.0.3-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Mon, 31 Jan 2022 06:21:31 +0900
firefox (96.0.1-1) unstable; urgency=medium
* New upstream release.
* modules/libpref/init/StaticPrefList.yaml: Disable cookie sameSite
schemeful. bz#1750264.
* dom/media/webrtc/third_party_build/gn-configs/x64_*_arm_linux.json,
dom/media/webrtc/third_party_build/gn-configs/x64_*_ppc64_linux.json,
third_party/libwebrtc/**/moz.build: Add webrtc configs for arm and
ppc64 linux. bz#1738845.
-- Mike Hommey <glandium@debian.org> Sat, 15 Jan 2022 07:41:14 +0900
firefox (96.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2022-01, also known as:
CVE-2022-22743, CVE-2022-22742, CVE-2022-22741, CVE-2022-22740,
CVE-2022-22738, CVE-2022-22737, CVE-2021-4140, CVE-2022-22748,
CVE-2022-22745, CVE-2022-22747, CVE-2022-22739, CVE-2022-22751,
CVE-2022-22752.
* debian/rules:
- Adjust preprocessor command to upstream changes.
- Set an objdir when using the preprocessor, and clean that up.
* debian/control*: Bump nss build dependency.
-- Mike Hommey <glandium@debian.org> Wed, 12 Jan 2022 08:03:30 +0900
firefox (95.0.1-1) unstable; urgency=medium
* New upstream release.
* debian/control.in: Build against rustc-mozilla/cargo-mozilla on relevant
older releases.
* modules/fdlibm/src/math_private.h: Fix FTBFS on i386. bz#1729459.
-- Mike Hommey <glandium@debian.org> Fri, 17 Dec 2021 07:05:23 +0900
firefox (95.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-52, also known as:
CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539,
CVE-2021-43540, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543,
CVE-2021-43544, CVE-2021-43545, CVE-2021-43546, MOZ-2021-0009.
* debian/browser.mozconfig.in: Explicitly disable wasm sandboxing. We don't
have the necessary tools yet.
-- Mike Hommey <glandium@debian.org> Wed, 08 Dec 2021 06:38:07 +0900
firefox (94.0.2-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Wed, 24 Nov 2021 06:57:55 +0900
firefox (94.0-2) unstable; urgency=medium
* debian/firefox.in: Use `command -v` instead of `which`. Does not affect
this package, though.
* .cargo/config.in, Cargo.lock, Cargo.toml,
third_party/rust/cc/.cargo-checksum.json,
third_party/rust/cc/Cargo.toml, third_party/rust/cc/src/lib.rs,
third_party/rust/cc/src/windows_registry.rs: Update cc crate to
b2f6b146b75299c444e05bbde50d03705c7c4b6e, aka 1.0.71 + GCC-11 fix for
armhf. bz#1739040.
* .cargo/config.in, Cargo.lock,
third_party/rust/cubeb-pulse/.cargo-checksum.json,
third_party/rust/cubeb-pulse/src/backend/stream.rs,
toolkit/library/rust/shared/Cargo.toml: Upgrade cubeb-pulse to fix a race
condition that can lead to shutdown deadlock. bz#1735905.
(suspected to) Closes: #998108.
-- Mike Hommey <glandium@debian.org> Thu, 11 Nov 2021 16:32:50 +0900
firefox (94.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-48, also known as:
CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507,
CVE-2021-38508, MOZ-2021-0004, CVE-2021-38509, MOZ-2021-0005,
MOZ-2021-0006, MOZ-2021-0007.
(MOZ-* pending CVE assignment)
* debian/control*: Bump nss, rustc and cargo build dependencies.
* Cargo.toml, Cargo.lock, third_party/rust/naga/.cargo-checksum.json,
third_party/rust/naga/Cargo.toml,
third_party/rust/wgpu-core/.cargo-checksum.json,
third_party/rust/wgpu-core/Cargo.toml, build/moz.configure/rust.configure:
Remove workaround to build with an old cargo, now that Debian has a recent
version.
-- Mike Hommey <glandium@debian.org> Wed, 03 Nov 2021 08:20:50 +0900
firefox (93.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-43, also known as:
CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-32810,
CVE-2021-38500, CVE-2021-38501, CVE-2021-38499.
* debian/control*: Bump nss build dependency.
* debian/rules: Set MOZBUILD_STATE_PATH.
* Cargo.toml, Cargo.lock, third_party/rust/naga/.cargo-checksum.json,
third_party/rust/naga/Cargo.toml,
third_party/rust/wgpu-core/.cargo-checksum.json,
third_party/rust/wgpu-core/Cargo.toml: Work around the lack of resolver
feature in unstable's cargo.
-- Mike Hommey <glandium@debian.org> Wed, 06 Oct 2021 06:53:13 +0900
firefox (92.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-38, also known as:
CVE-2021-38491, CVE-2021-38493, CVE-2021-38494.
* debian/rules: Build against embedded nspr and nss on bullseye.
* debian/upstream.mk: Add bookworm and trixie.
* debian/control*: Bump nss build dependency.
-- Mike Hommey <glandium@debian.org> Wed, 08 Sep 2021 07:57:38 +0900
firefox (91.0.1-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-37, also known as CVE-2021-29991.
* debian/import-tar.py, debian/repack.py: Fixed for python 3.9.
-- Mike Hommey <glandium@debian.org> Wed, 18 Aug 2021 10:28:35 +0900
firefox (91.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-33, also known as:
CVE-2021-29986, CVE-2021-29981, CVE-2021-29988, CVE-2021-29984,
CVE-2021-29980, CVE-2021-29987, CVE-2021-29985, CVE-2021-29982,
CVE-2021-29989, CVE-2021-29990.
* debian/control*: Bump nspr, nss and rustc build dependencies.
-- Mike Hommey <glandium@debian.org> Wed, 11 Aug 2021 07:18:22 +0900
firefox (90.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-28, also known as:
CVE-2021-29970, CVE-2021-29971, CVE-2021-29972, CVE-2021-29974,
CVE-2021-29975, CVE-2021-29976, CVE-2021-29977.
* debian/control*:
- Bump nss build dependency.
- Remove libgtk2 build dependency.
* debian/browser.install.in: Don't install gtk2/libmozgtk.so.
* widget/gtk/mozgtk/moz.build: Remove old workaround for bug #844357, which
was fixed in binutils a long time ago.
-- Mike Hommey <glandium@debian.org> Wed, 14 Jul 2021 06:07:27 +0900
firefox (89.0.2-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Thu, 24 Jun 2021 07:57:24 +0900
firefox (89.0.1-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Fri, 18 Jun 2021 06:03:11 +0900
firefox (89.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-23, also known as:
CVE-2021-29960, CVE-2021-29961, CVE-2021-29959, CVE-2021-29967,
CVE-2021-29966.
* debian/control*: Bump nss and cbindgen build dependency.
-- Mike Hommey <glandium@debian.org> Wed, 02 Jun 2021 05:36:18 +0900
firefox (88.0.1-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-20, also known as CVE-2021-29952.
-- Mike Hommey <glandium@debian.org> Thu, 06 May 2021 07:01:54 +0900
firefox (88.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-16, also known as:
CVE-2021-23994, CVE-2021-23995, CVE-2021-23996, CVE-2021-23997,
CVE-2021-23998, CVE-2021-23999, CVE-2021-24000, CVE-2021-24001,
CVE-2021-24002, CVE-2021-29945, CVE-2021-29944, CVE-2021-29946,
CVE-2021-29947.
* debian/control*: Bump nss build dependency.
-- Mike Hommey <glandium@debian.org> Tue, 20 Apr 2021 07:54:02 +0900
firefox (87.0-2) unstable; urgency=medium
* js/src/jit/mips-shared/CodeGenerator-mips-shared.cpp,
js/src/jit/mips-shared/MacroAssembler-mips-shared*,
js/src/jit/mips*/MacroAssembler-mips*: Add missing JIT functions.
* js/src/jit/mips64/MacroAssembler-mips64.cpp: Fix register conflict
in ma_addPtrTestOverflow. bz#1685662.
* gfx/wr/swgl/src/blend.h, gfx/wr/swgl/src/gl.cc: Don't use always_inline
on large SWGL functions. bz#1700520.
-- Mike Hommey <glandium@debian.org> Wed, 31 Mar 2021 10:12:40 +0900
firefox (87.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-10, also known as:
CVE-2021-23981, CVE-2021-23982, CVE-2021-23983, CVE-2021-23984,
CVE-2021-23985, CVE-2021-23986, CVE-2021-23987, CVE-2021-23988.
* debian/control*: Bump nss build dependency.
-- Mike Hommey <glandium@debian.org> Wed, 24 Mar 2021 06:06:10 +0900
firefox (86.0.1-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Fri, 12 Mar 2021 10:30:34 +0900
firefox (86.0-2) unstable; urgency=medium
* gfx/qcms/src/iccread.rs: Fix startup crash with malformed ICC profiles.
bz#1694670.
-- Mike Hommey <glandium@debian.org> Tue, 09 Mar 2021 07:24:46 +0900
firefox (86.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-07, also known as:
CVE-2021-23969, CVE-2021-23970, CVE-2021-23968, CVE-2021-23974,
CVE-2021-23971, CVE-2021-23972, CVE-2021-23975, CVE-2021-23973,
CVE-2021-23978, CVE-2021-23979.
* debian/control*: Bump nss and cbindgen build dependencies.
-- Mike Hommey <glandium@debian.org> Wed, 24 Feb 2021 06:57:42 +0900
firefox (85.0.1-1) unstable; urgency=medium
* New upstream release.
* build/moz.configure/rust.configure, debian/control*: Allow to build with
cargo in unstable.
-- Mike Hommey <glandium@debian.org> Sat, 06 Feb 2021 07:54:04 +0900
firefox (85.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-03, also known as:
CVE-2021-23953, CVE-2021-23954, CVE-2021-23955, CVE-2021-23956,
CVE-2021-23958, CVE-2021-23960, CVE-2021-23961, CVE-2021-23962,
CVE-2021-23963, CVE-2021-23964, CVE-2021-23965.
* debian/control*: Bump rustc, cargo and nss build dependencies.
-- Mike Hommey <glandium@debian.org> Wed, 27 Jan 2021 09:06:28 +0900
firefox (84.0.2-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2021-01, also known as CVE-2020-16044.
* debian/control*: Bump nss build dependency.
-- Mike Hommey <glandium@debian.org> Thu, 07 Jan 2021 07:27:55 +0900
firefox (84.0-3) unstable; urgency=medium
* debian/browser.install.in: s/aarch64/arm64/, facepalm.
-- Mike Hommey <glandium@debian.org> Fri, 18 Dec 2020 10:09:12 +0900
firefox (84.0-2) unstable; urgency=medium
* debian/browser.install.in: Install libmozsandbox.so on aarch64 and arm*.
-- Mike Hommey <glandium@debian.org> Fri, 18 Dec 2020 05:59:54 +0900
firefox (84.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2020-54, also known as:
CVE-2020-16042, CVE-2020-26971, CVE-2020-26972, CVE-2020-26973,
CVE-2020-26974, CVE-2020-26976, CVE-2020-26978, CVE-2020-26979,
CVE-2020-35111, CVE-2020-35113, CVE-2020-35114.
* debian/control*: Bump nss build dependency.
* build/moz.configure/rust.configure, debian/control*: Revert changes from
79.0-1 allowing to build with cargo in unstable as of 2020-07-29 because
we have the right version now.
* intl/icu_sources_data.py: Revert changes from 72.0-1 to avoid building
ICU in parallel because we don't build ICU using this script anymore.
-- Mike Hommey <glandium@debian.org> Wed, 16 Dec 2020 06:30:02 +0900
firefox (83.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2020-50, also known as:
CVE-2020-26951, CVE-2020-26952, CVE-2020-16012, CVE-2020-26953,
CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960,
CVE-2020-26961, CVE-2020-26962, CVE-2020-26963, CVE-2020-26965,
CVE-2020-26967, CVE-2020-26968, CVE-2020-26969.
* debian/control*: Bump nss and cbindgen build dependencies.
-- Mike Hommey <glandium@debian.org> Wed, 18 Nov 2020 07:06:09 +0900
firefox (82.0.3-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2020-49, also known as CVE-2020-26950.
-- Mike Hommey <glandium@debian.org> Tue, 10 Nov 2020 07:32:32 +0900
firefox (82.0.2-1) unstable; urgency=medium
* New upstream release.
* debian/control*: Remove autoconf2.13 build dependency.
* config/external/icu/data/moz.build: Use the right data file for ICU on
big endians. bz#1673769.
-- Mike Hommey <glandium@debian.org> Fri, 30 Oct 2020 06:03:59 +0900
firefox (82.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2020-45, also known as:
CVE-2020-15969, CVE-2020-15254, CVE-2020-15680, CVE-2020-15681,
CVE-2020-15682, CVE-2020-15683, CVE-2020-15684.
[Emilio Pozuelo Monfort]
* debian/browser.bug-presubj.in, debian/control.in, debian/rules,
debian/symbols.mk, debian/upstream.mk: Remove support for jessie.
* debian/control.in, debian/rules: stretch: build with LLVM 7, 4.0 doesn't
support -std=gnu++17.
* debian/rules:
- stretch: build with GCC 7 from gcc-mozilla.
- Call python with -B when regenerating the control files, so as to not
generate bytecode files.
- Call debian/l10n/gen with C.UTF-8 as the locale, otherwise it fails
in stretch when opening the iso-codes files.
- stretch: don't set NASM on !x86.
[Mike Hommey]
* debian/control*: Bump nss build dependency.
* build/unix/elfhack/elf.cpp, build/unix/elfhack/elfxx.h: Fix elfhack
for files > 2GiB and < 4GiB. bz#1495733.
-- Mike Hommey <glandium@debian.org> Wed, 21 Oct 2020 11:53:39 +0900
firefox (81.0-2) unstable; urgency=medium
* dom/media/AsyncLogger.h: Fix AsyncLogger::TracePayload's mName
size calculation. bz#1667007.
-- Mike Hommey <glandium@debian.org> Thu, 24 Sep 2020 16:22:35 +0900
firefox (81.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2020-42, also known as:
CVE-2020-15675, CVE-2020-15677, CVE-2020-15676, CVE-2020-15678,
CVE-2020-15673, CVE-2020-15674.
* debian/control*: Bump nss build dependency.
* debian/rules: Change l10n build integration:
- it is not necessary to override LOCALE_MERGEDIR anymore
- it is not necessary to call compare-locales manually
- set MACH_USE_SYSTEM_PYTHON=1
* js/src/jit/none/MacroAssembler-none.h: Bump CodeAlignment to 8.
bz#1666646.
-- Mike Hommey <glandium@debian.org> Wed, 23 Sep 2020 07:56:45 +0900
firefox (80.0.1-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Thu, 03 Sep 2020 09:36:06 +0900
firefox (80.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2020-36, also known as:
CVE-2020-15664, CVE-2020-12401, CVE-2020-6829, CVE-2020-12400,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15667, CVE-2020-15668,
CVE-2020-15670.
* debian/control*: Bump nss build dependency.
-- Mike Hommey <glandium@debian.org> Wed, 26 Aug 2020 07:24:49 +0900
firefox (79.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2020-30, also known as:
CVE-2020-15652, CVE-2020-6514, CVE-2020-15655, CVE-2020-15653,
CVE-2020-6463, CVE-2020-15656, CVE-2020-15658, CVE-2020-15654,
CVE-2020-15659.
* debian/control*: Bump cbindgen, rustc, cargo, nss and python3 build
dependencies.
* debian/rules: Add -Cembed-bitcode=yes to rust command lines when
using rustc >= 1.45.0.
* build/moz.configure/rust.configure, debian/control*: Allow to build with
cargo in unstable as of 2020-07-29.
-- Mike Hommey <glandium@debian.org> Wed, 29 Jul 2020 13:45:30 +0900
firefox (78.0.2-1) unstable; urgency=medium
* New upstream release.
* Fix for mfsa2020-28.
-- Mike Hommey <glandium@debian.org> Fri, 10 Jul 2020 09:37:04 +0900
firefox (78.0.1-1) unstable; urgency=medium
* New upstream release.
* debian/rules:
- Replace --disable-ion with --disable-jit.
- Don't generated the ICU data file for big-endian manually.
* js/src/jit/mips-shared/MacroAssembler-mips-shared-inl.h,
js/src/jit/mips64/MacroAssembler-mips64-inl.h: Add branchTestSymbol
and fallibleUnboxPtr. bz#1642265.
* config/external/icu/data/*icudata*, config/external/icu/data/moz.build,
js/moz.configure: Unify the includion of the ICU data file. bz#1650299.
* config/external/icu/common/moz.build,
config/external/icu/common/sources.mozbuild,
config/external/icu/data/convert_icudata.py,
config/external/icu/data/moz.build,
config/external/icu/defs.mozbuild,
config/external/icu/i18n/moz.build,
config/external/icu/i18n/sources.mozbuild,
config/external/icu/icupkg/moz.build,
config/external/icu/icupkg/sources.mozbuild,
config/external/icu/moz.build,
config/external/icu/toolutil/moz.build,
config/external/icu/toolutil/sources.mozbuild,
config/recurse.mk,
intl/icu_sources_data.py: Automatically convert the little-endian ICU data
file for big-endian builds.
-- Mike Hommey <glandium@debian.org> Fri, 03 Jul 2020 17:07:38 +0900
firefox (78.0-1) unstable; urgency=medium
* New upstream release
* Fixes for mfsa2020-24, also known as:
CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418,
CVE-2020-12419, CVE-2020-12420, CVE-2020-12421, CVE-2020-12422,
CVE-2020-12424, CVE-2020-12425, CVE-2020-12426.
* debian/control*: Bump nss build dependency.
* debian/control*, debian/rules: Remove build dependency on python2.7.
* debian/browser.mozconfig.in: Remove obsolete configure options.
* build/virtualenv_packages.txt: Don't install enum and enum34 virtualenv
packages in python3 virtualenvs. bz#1632429.
-- Mike Hommey <glandium@debian.org> Wed, 01 Jul 2020 10:14:06 +0900
firefox (77.0-1) unstable; urgency=medium
* New upstream release
* Fixes for mfsa2020-20, also known as:
CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12407,
CVE-2020-12408, CVE-2020-12409, CVE-2020-12410, CVE-2020-12411.
* debian/l10n/gen, debian/l10n_revs.py, debian/latest_nightly.py,
debian/rules, debian/symbols.mk: Convert to python 3.
* debian/control*: Bump nss and cbindgen build dependencies.
* debian/rules:
- Revert PKCS11 API change from 76.0.1-1 because the new API is
now explicitly used by upstream code.
- Stop passing -fno-schedule-insns2 -fno-lifetime-dse and
-fno-delete-null-pointer-checks to GCC.
-- Mike Hommey <glandium@debian.org> Wed, 03 Jun 2020 07:53:04 +0900
firefox (76.0.1-2) unstable; urgency=medium
* debian/browser.mozconfig.in: Allow addon sideload. Closes: #960084.
* debian/control*: Bump nasm build dependency to 2.14.
-- Mike Hommey <glandium@debian.org> Fri, 15 May 2020 09:10:36 +0900
firefox (76.0.1-1) unstable; urgency=medium
* New upstream release
* debian/rules: Force using old PKCS11 API when building against newer
NSS releases. Closes: #960012.
-- Mike Hommey <glandium@debian.org> Wed, 13 May 2020 09:09:57 +0900
firefox (76.0-2) unstable; urgency=medium
* Cargo.lock, third_party/rust/typenum/*: Upgrade typename to 1.12.0.
bz#1635671. Fixes FTBFS on i386.
-- Mike Hommey <glandium@debian.org> Wed, 06 May 2020 14:27:30 +0900
firefox (76.0-1) unstable; urgency=medium
* New upstream release
* Fixes for mfsa2020-16, also known as:
CVE-2020-12387, CVE-2020-6831, CVE-2020-12390, CVE-2020-12391,
CVE-2020-12392, CVE-2020-12394, CVE-2020-12395, CVE-2020-12396.
* debian/control*: Bump nss build dependency.
* debian/browser.install.in: Don't install blocklist.xml, it's not there
anymore.
* config/recurse.mk: Don't depend on in-tree NSS/NSPR when building against
system NSS/NSPR. bz#1634926.
-- Mike Hommey <glandium@debian.org> Wed, 06 May 2020 05:41:56 +0900
firefox (75.0-2) unstable; urgency=medium
* build/moz.configure/util.configure: In configure, pass extra compiler
flags after source path. Fixes FTBFS with --with-system-libvpx with
gcc-9 >= 9-20190125-2.
-- Mike Hommey <glandium@debian.org> Sun, 19 Apr 2020 09:03:28 +0900
firefox (75.0-1) unstable; urgency=medium
* New upstream release
* Fixes for mfsa2020-12, also known as:
CVE-2020-6821, CVE-2020-6822, CVE-2020-6823, CVE-2020-6824,
CVE-2020-6825, CVE-2020-6826.
* debian/control*: Bump nss, rustc, cargo, cbindgen and nodejs build
dependencies.
* debian/control*, debian/rules: Build against libvpx >= 1.8. We used
to build-conflicts with that version, but that's not necessary now
that upstream needs that version.
* debian/browser.install.in: Don't install .chk files, they aren't
produced anymore.
* debian/browser.install.in, debian/browser.mozconfig.in, debian/control*,
debian/rules: Don't build against system sqlite. This is not supported
anymore.
* python/mozbuild/mozbuild/nodeutil.py: Allow to build with older
versions of nodejs 10.
-- Mike Hommey <glandium@debian.org> Wed, 08 Apr 2020 09:41:38 +0900
firefox (74.0.1-1) unstable; urgency=medium
* New upstream release
* Fixes for mfsa2020-11, also known as: CVE-2020-6819, CVE-2020-6820.
-- Mike Hommey <glandium@debian.org> Sat, 04 Apr 2020 06:42:37 +0900
firefox (74.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2020-08, also known as:
CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6808,
CVE-2020-6809, CVE-2020-6810, CVE-2020-6811, CVE-2019-20503,
CVE-2020-6812, CVE-2020-6813, CVE-2020-6814, CVE-2020-6815.
* debian/rules:
- Use the -o flag to redirect preprocessor output rather than shell
redirection to work around bz#1621465.
- Remove obj-*/.mozbuild on clean.
* debian/control*: Bump nspr, nss, sqlite and cbindgen build dependencies.
* config/mozunit/mozunit/mozunit.py,
python/mozbuild/mozbuild/action/langpack_manifest.py,
python/mozbuild/mozbuild/jar.py, python/mozbuild/mozbuild/preprocessor.py,
python/mozbuild/mozbuild/test/backend/test_build.py: Use io.open() rather
than open() in mozbuild/preprocessor.py. bz#1613263.
* dom/canvas/ClientWebGLContext.h, dom/canvas/WebGLContext.h: Fix build
errors with -Werror=format-security with GCC.
-- Mike Hommey <glandium@debian.org> Wed, 11 Mar 2020 12:15:37 +0900
firefox (73.0.1-1) unstable; urgency=medium
* New upstream release.
* gfx/2d/SwizzleNEON.cpp: Fix NEON compile error with gcc and RGB unpacking.
bz#1610814.
-- Mike Hommey <glandium@debian.org> Thu, 20 Feb 2020 09:07:58 +0900
firefox (73.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2020-05, also known as:
CVE-2020-6796, CVE-2020-6798, CVE-2020-6800, CVE-2020-6801.
* debian/control*: Bump nss, rustc, cargo and cbindgen build dependencies.
* debian/browser.install.in: Do not install now removed chrome.manifest
and libnssdbm3.* files.
-- Mike Hommey <glandium@debian.org> Wed, 12 Feb 2020 06:57:23 +0900
firefox (72.0.2-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Wed, 22 Jan 2020 12:06:25 +0900
firefox (72.0.1-1) unstable; urgency=medium
* New upstream release.
* Fix for mfsa2020-03, also known as CVE-2019-17026.
-- Mike Hommey <glandium@debian.org> Thu, 09 Jan 2020 06:46:44 +0900
firefox (72.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2020-01, also known as:
CVE-2019-17016, CVE-2019-17017, CVE-2019-17020, CVE-2019-17022,
CVE-2019-17023, CVE-2019-17024, CVE-2019-17025.
* debian/rules:
- Don't build with --compress-debug-sections on jessie.
- Use sourcestamp.txt for MOZ_BUILD_DATE.
- Avoid running dh_update_autotools_config. We're dealing with this
manually and we don't want config.* files being touched under
third_party/rust.
* debian/control*:
- Bump nspr, nss and sqlite build dependencies.
- Add missing dependency on libdrm-dev.
* debian/browser.mozconfig.in: Explicitly build with wayland support
enabled.
* intl/icu_sources_data.py: Don't build ICU in parallel.
* gfx/skia/skia/third_party/skcms/src/Transform_inl.h: Work around older
GCC ICE on arm.
(Thanks Emilio Pozuelo Monfort)
-- Mike Hommey <glandium@debian.org> Wed, 08 Jan 2020 08:54:04 +0900
firefox (71.0-2) unstable; urgency=medium
* dom/indexedDB/ActorsParent.cpp: Work around lack of support for
http://eel.is/c++draft/class.temporary#6.7 in compilers. bz#1601707
Closes: #946249, #946547.
* layout/generic/WritingModes.h, servo/ports/geckolib/cbindgen.toml:
Fix build with newer cbindgen. bz#1602358.
-- Mike Hommey <glandium@debian.org> Thu, 12 Dec 2019 09:38:33 +0900
firefox (71.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2019-36, also known as:
CVE-2019-11756, CVE-2019-17008, CVE-2019-11745, CVE-2019-17014,
CVE-2019-17010, CVE-2019-17005, CVE-2019-17011, CVE-2019-17012,
CVE-2019-17013.
* debian/l10n/gen: Add support for ca-valencia.
* debian/control*: Bump nspr, nss, rustc and cargo build dependencies.
* debian/rules, debian/control.in:
- Build with nodejs-mozilla on jessie and stretch.
- Build with nasm-mozilla on jessie and stretch.
- Don't build with system libvpx on stretch.
(Thanks Emilio Pozuelo Monfort)
-- Mike Hommey <glandium@debian.org> Wed, 04 Dec 2019 10:09:38 +0900
firefox (70.0.1-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Sat, 09 Nov 2019 07:53:49 +0900
firefox (70.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2019-34, also known as:
CVE-2018-6156, CVE-2019-15903, CVE-2019-11757, CVE-2019-11759,
CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
CVE-2019-11765, CVE-2019-17000, CVE-2019-17001, CVE-2019-17002,
CVE-2019-11764.
* debian/control*: Bump nss, sqlite, rustc, cargo, and cbindgen build
dependencies.
-- Mike Hommey <glandium@debian.org> Wed, 23 Oct 2019 07:30:42 +0900
firefox (69.0.2-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Tue, 08 Oct 2019 08:06:31 +0900
firefox (69.0.1-1) unstable; urgency=medium
* New upstream release.
* Fix for mfsa2019-31, also known as CVE-2019-11754.
* debian/control*:
- Bump nss, rustc, cargo and cbindgen build dependencies. Closes: #939412.
- Remove build dependency versions where Debian has had the right version
since Jessie.
* debian/source/lintian-overrides: Adjust DotZlib.chm path.
-- Mike Hommey <glandium@debian.org> Tue, 24 Sep 2019 06:39:36 +0900
firefox (69.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2019-25, also known as:
CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11752,
CVE-2019-9812, CVE-2019-11741, CVE-2019-11743, CVE-2019-11748,
CVE-2019-11749, CVE-2019-5849, CVE-2019-11750, CVE-2019-11737,
CVE-2019-11738, CVE-2019-11747, CVE-2019-11734, CVE-2019-11735,
CVE-2019-11740.
* debian/upstream.mk: Read source repo and revision from json when
getting upstream info. Instead of the .txt file that doesn't exist
as of 69.
* debian/control*:
- Remove unused build dependency against python-ply.
- Remove python-minimal build dependency. All supported versions
of Debian have a new enough version.
- Remove build dependency against libjsoncpp-dev.
* debian/l10n/gen, debian/latest_nightly.py, debian/rules,
debian/symbols.mk, debian/upstream.mk, debian/watch: Use explicit
python2.7 instead of python.
* debian/rules: Use `mach python --no-virtualenv` to invoke the
preprocessor.
* config/system-headers,
toolkit/crashreporter/jsoncpp/src/lib_json/moz.build,
toolkit/crashreporter/minidump-analyzer/moz.build: Revert hack to
build against libjsoncpp. It was fine when it was only used by
the crash reporter, but that's not the case anymore, and it breaks
the build. Also, the bundled version is newer than what is available
in Debian.
-- Mike Hommey <glandium@debian.org> Wed, 04 Sep 2019 13:48:54 +0900
firefox (68.0.2-3) unstable; urgency=medium
* debian/control.in: Take source package name from preprocessing.
* build/moz.configure/old.configure: Avoid race condition creating
old-configure. bz#1574761.
* dom/media/systemservices/CamerasChild.cpp,
dom/media/systemservices/CamerasParent.cpp,
dom/media/systemservices/VideoEngine.cpp,
dom/media/webrtc/MediaEngineRemoteVideoSource.cpp: Don't use
__PRETTY_FUNCTION__ or __FUNCTION__ as format strings. bz#1531309.
Closes: #925680.
-- Mike Hommey <glandium@debian.org> Sun, 18 Aug 2019 20:47:26 +0900
firefox (68.0.2-2) unstable; urgency=medium
* debian/rules: Fix MOZ_APP_REMOTINGNAME. Upstream build system changes
made the config.status editing trick stop working. Export the variable for
configure to pick it instead. Closes: #932256
-- Mike Hommey <glandium@debian.org> Sun, 18 Aug 2019 08:41:43 +0900
firefox (68.0.2-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2019-24, also known as CVE-2019-11733.
* debian/control*, debian/rules: Don't build against system vpx >= 1.8.0.
It has API changes that cause FTBFS.
-- Mike Hommey <glandium@debian.org> Thu, 15 Aug 2019 08:06:59 +0900
firefox (68.0.1-2) unstable; urgency=medium
* debian/rules: Work around https://github.com/rust-lang/cargo/issues/7147.
-- Mike Hommey <glandium@debian.org> Fri, 19 Jul 2019 10:51:09 +0900
firefox (68.0.1-1) unstable; urgency=medium
* New upstream release.
* debian/rules:
- Hook stamps/dh_install-l10n to override_dh_install-indep rather than
binary-indep.
- Pass make job server down through dh_auto_build.
* debian/rules, debian/dh: Wrap dh to ensure debian/rules is invoked with
parallelism.
-- Mike Hommey <glandium@debian.org> Fri, 19 Jul 2019 07:53:19 +0900
firefox (68.0-3) unstable; urgency=medium
* debian/browser.README.Debian.in: Fix a reference to iceweasel in
README.Debian. Thanks Edward Betts.
* debian/rules:
- Only exclude "-g" from dpkg-buildflags output. All the other flags
that used to be excluded either already match upstream or add
reproducibility.
- Don't unexpectedly reset LDFLAGS.
- [firefox-esr] Remove iceweasel transitional packages on bullseye.
- Disable dh_strip_nondeterminism. Upstream build system already avoids
non-determinism it would strip, so there is no need for it further
modifying files.
- Avoid arch:all builds building arch:any stuff.
- Move AUTOCONF_DIRS cleanup after dh_clean.
- Add rust flags to improve reproducibility.
- Only touch or remove configure when it wasn't there to begin with.
- Call configure using its full path.
- Factor common configure arguments.
- Build langpacks with --disable-compile-environment, and pass less
configure arguments.
- Build each langpack from a separate build directory. This means time
wasted running configure more times, but all locales can now be built
in parallel.
* debian/symbols.mk, debian/symbols.apt.conf, debian/symbols.sources.list:
Miscellaneous changes to symbols download script.
* debian/make.mk: Exclude symbols.mk variables from dump output.
* debian/browser.mozconfig.in: Remove redundant --prefix=/usr.
* debian/control.in, debian/rules, debian/symbols.mk, debian/upstream.mk:
Remove packaging scripts compatibility with Wheezy.
* moz.configure: Only add confvars.sh as a dependency to config.status
when it exists. bz#1560340.
-- Mike Hommey <glandium@debian.org> Sun, 14 Jul 2019 15:20:45 +0900
firefox (68.0-2) unstable; urgency=medium
* debian/rules, debian/upstream.mk: Account for next Debian release.
* debian/rules, debian/control: Build against system sqlite again.
* gfx/skia/skia/third_party/skcms/src/Transform_inl.h: Work around GCC ICE
on mips*, i386 and s390x. Closes: #931757
* python/mozbuild/mozbuild/action/langpack_manifest.py: Use build id as
langpack version for reproducibility. bz#1565504.
-- Mike Hommey <glandium@debian.org> Fri, 12 Jul 2019 20:37:51 +0900
firefox (68.0-1) unstable; urgency=medium
* New upstream release.
* Fixes for mfsa2019-21, also known as:
CVE-2019-9811, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713,
CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717,
CVE-2019-11718, CVE-2019-11720, CVE-2019-11721, CVE-2019-11730,
CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727,
CVE-2019-11728, CVE-2019-11710, CVE-2019-11709.
* debian/control*: Bump nss, sqlite, rustc, cargo and cbindgen build
dependencies. Remove Build-Conflicts with nss 3.44-1, since we now
build-depend on a more recent version.
* debian/rules, debian/control: Don't build against system sqlite, as
Debian doesn't have the required version yet.
* [firefox-esr] debian/l10n/browser-l10n.control*, debian/l10n/gen:
Don't generate iceweasel l10n transition packages for locales that
were never offered with iceweasel.
* debian/control, debian/l10n/browser-l10n.control.in: Add transition
dependencies for Bengali l10n. There is now only one Bengali l10n
package instead of two.
* debian/rules: Disable JIT at build time on mips because it fails to build.
* build/gyp.mozbuild: Revert patch that disables libyuv assembly on
mips64. It apparently compiles, now.
-- Mike Hommey <glandium@debian.org> Wed, 10 Jul 2019 08:22:05 +0900
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog firefox-esr`.
Generated by dwww version 1.15 on Thu Jun 27 23:32:56 CEST 2024.