Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firefox-esr for openSUSE:Factory checked in at 2025-04-03 16:50:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old) and /work/SRC/openSUSE:Factory/.firefox-esr.new.1907 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firefox-esr" Thu Apr 3 16:50:43 2025 rev:7 rq:1266840 version:128.9.0 Changes: -------- --- /work/SRC/openSUSE:Factory/firefox-esr/firefox-esr.changes 2025-03-27 22:34:50.822928772 +0100 +++ /work/SRC/openSUSE:Factory/.firefox-esr.new.1907/firefox-esr.changes 2025-04-03 16:52:08.276587729 +0200 @@ -1,0 +2,23 @@ +Thu Apr 3 09:40:50 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- BuildRequires: clang-devel on Tumbleweed/Factory, which works for + both clang19-devel as well as clang20-devel + +------------------------------------------------------------------- +Mon Mar 31 09:27:15 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 128.9.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 128.9.0 + https://www.mozilla.org/security/advisories/mfsa2025-22 + MFSA 2025-22 (boo#1240083) + * CVE-2025-3028 (bmo#1941002) + Use-after-free triggered by XSLTProcessor + * CVE-2025-3029 (bmo#1952213) + URL Bar Spoofing via non-BMP Unicode characters + * CVE-2025-3030 (bmo#1850615, bmo#1932468, bmo#1942551, + bmo#1951017, bmo#1951494) + Memory safety bugs fixed in Firefox 137, Thunderbird 137, + Firefox ESR 128.9, and Thunderbird 128.9 + +------------------------------------------------------------------- @@ -8,0 +32,3 @@ + * CVE-2025-2857 (bmo#1956398, + bmo#https://www.cve.org/CVERecord?id=CVE-2025-2783) + Incorrect handle could lead to sandbox escapes Old: ---- firefox-128.8.1esr.source.tar.xz firefox-128.8.1esr.source.tar.xz.asc l10n-128.8.1esr.tar.xz New: ---- firefox-128.9.0esr.source.tar.xz firefox-128.9.0esr.source.tar.xz.asc l10n-128.9.0esr.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firefox-esr.spec ++++++ --- /var/tmp/diff_new_pack.1cEIwK/_old 2025-04-03 16:52:14.580853343 +0200 +++ /var/tmp/diff_new_pack.1cEIwK/_new 2025-04-03 16:52:14.588853680 +0200 @@ -41,8 +41,8 @@ # major 69 # mainver %%major.99 %define major 128 -%define mainver %major.8.1 -%define orig_version 128.8.1 +%define mainver %major.9.0 +%define orig_version 128.9.0 %define orig_suffix esr %define update_channel esr %define branding 1 @@ -168,7 +168,7 @@ %if 0%{?suse_version} < 1599 BuildRequires: clang15-devel %else -BuildRequires: clang18-devel +BuildRequires: clang-devel %endif BuildRequires: pkgconfig(glib-2.0) >= 2.22 BuildRequires: pkgconfig(gobject-2.0) ++++++ MozillaFirefox.changes.txt ++++++ --- /var/tmp/diff_new_pack.1cEIwK/_old 2025-04-03 16:52:14.788862108 +0200 +++ /var/tmp/diff_new_pack.1cEIwK/_new 2025-04-03 16:52:14.816863287 +0200 @@ -1,4 +1,27 @@ ------------------------------------------------------------------- +Thu Apr 3 09:40:50 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- BuildRequires: clang-devel on Tumbleweed/Factory, which works for + both clang19-devel as well as clang20-devel + +------------------------------------------------------------------- +Mon Mar 31 09:27:15 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 128.9.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 128.9.0 + https://www.mozilla.org/security/advisories/mfsa2025-22 + MFSA 2025-22 (boo#1240083) + * CVE-2025-3028 (bmo#1941002) + Use-after-free triggered by XSLTProcessor + * CVE-2025-3029 (bmo#1952213) + URL Bar Spoofing via non-BMP Unicode characters + * CVE-2025-3030 (bmo#1850615, bmo#1932468, bmo#1942551, + bmo#1951017, bmo#1951494) + Memory safety bugs fixed in Firefox 137, Thunderbird 137, + Firefox ESR 128.9, and Thunderbird 128.9 + +------------------------------------------------------------------- Thu Mar 27 08:19:23 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> - Firefox Extended Support Release 128.8.1 ESR @@ -6,6 +29,9 @@ - Mozilla Firefox 136.0.4, ESR 128.8.1, ESR 115.21.1 https://www.mozilla.org/security/advisories/mfsa2025-19 MFSA 2025-19 (boo#???????) + * CVE-2025-2857 (bmo#1956398, + bmo#https://www.cve.org/CVERecord?id=CVE-2025-2783) + Incorrect handle could lead to sandbox escapes ------------------------------------------------------------------- Sun Mar 16 11:29:41 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> ++++++ firefox-128.8.1esr.source.tar.xz -> firefox-128.9.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/firefox-esr/firefox-128.8.1esr.source.tar.xz /work/SRC/openSUSE:Factory/.firefox-esr.new.1907/firefox-128.9.0esr.source.tar.xz differ: char 15, line 1 ++++++ firefox-esr.changes.txt ++++++ --- /var/tmp/diff_new_pack.1cEIwK/_old 2025-04-03 16:52:15.080874410 +0200 +++ /var/tmp/diff_new_pack.1cEIwK/_new 2025-04-03 16:52:15.088874747 +0200 @@ -1,4 +1,27 @@ ------------------------------------------------------------------- +Thu Apr 3 09:40:50 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- BuildRequires: clang-devel on Tumbleweed/Factory, which works for + both clang19-devel as well as clang20-devel + +------------------------------------------------------------------- +Mon Mar 31 09:27:15 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> + +- Firefox Extended Support Release 128.9.0 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 128.9.0 + https://www.mozilla.org/security/advisories/mfsa2025-22 + MFSA 2025-22 (boo#1240083) + * CVE-2025-3028 (bmo#1941002) + Use-after-free triggered by XSLTProcessor + * CVE-2025-3029 (bmo#1952213) + URL Bar Spoofing via non-BMP Unicode characters + * CVE-2025-3030 (bmo#1850615, bmo#1932468, bmo#1942551, + bmo#1951017, bmo#1951494) + Memory safety bugs fixed in Firefox 137, Thunderbird 137, + Firefox ESR 128.9, and Thunderbird 128.9 + +------------------------------------------------------------------- Thu Mar 27 08:19:23 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> - Firefox Extended Support Release 128.8.1 ESR @@ -6,6 +29,9 @@ - Mozilla Firefox 136.0.4, ESR 128.8.1, ESR 115.21.1 https://www.mozilla.org/security/advisories/mfsa2025-19 MFSA 2025-19 (boo#???????) + * CVE-2025-2857 (bmo#1956398, + bmo#https://www.cve.org/CVERecord?id=CVE-2025-2783) + Incorrect handle could lead to sandbox escapes ------------------------------------------------------------------- Sun Mar 16 11:29:41 UTC 2025 - Manfred Hollstein <manfre...@gmx.net> ++++++ l10n-128.8.1esr.tar.xz -> l10n-128.9.0esr.tar.xz ++++++ ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.1cEIwK/_old 2025-04-03 16:52:15.580895477 +0200 +++ /var/tmp/diff_new_pack.1cEIwK/_new 2025-04-03 16:52:15.596896152 +0200 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="esr128" -VERSION="128.8.1" +VERSION="128.9.0" VERSION_SUFFIX="esr" -PREV_VERSION="128.8.0" +PREV_VERSION="128.8.1" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr128"; -RELEASE_TAG="d156a4452c9d41aa78724265e41c26b7ff76941a" -RELEASE_TIMESTAMP="20250326232952" +RELEASE_TAG="3aaf665616b3c0f61839d40a02a9f7ae8778b04c" +RELEASE_TIMESTAMP="20250327044906"
