Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firefox-esr for openSUSE:Factory checked in at 2025-12-10 15:32:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old) and /work/SRC/openSUSE:Factory/.firefox-esr.new.1939 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firefox-esr" Wed Dec 10 15:32:08 2025 rev:24 rq:1321776 version:140.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/firefox-esr/MozillaFirefox.changes 2025-11-13 17:30:19.162626373 +0100 +++ /work/SRC/openSUSE:Factory/.firefox-esr.new.1939/MozillaFirefox.changes 2025-12-10 15:32:38.871609190 +0100 @@ -1,0 +2,33 @@ +Tue Dec 9 08:53:41 UTC 2025 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.6.0 ESR Build1 + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.6 + https://www.mozilla.org/security/advisories/mfsa2025-94 + MFSA 2025-94 (boo#1254551) + * CVE-2025-14321 (bmo#1992760) + Use-after-free in the WebRTC: Signaling component + * CVE-2025-14322 (bmo#1996473) + Sandbox escape due to incorrect boundary conditions in the + Graphics: CanvasWebGL component + * CVE-2025-14323 (bmo#1996555) + Privilege escalation in the DOM: Notifications component + * CVE-2025-14324 (bmo#1996840) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2025-14325 (bmo#1998050) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2025-14328 (bmo#1996761) + Privilege escalation in the Netmonitor component + * CVE-2025-14329 (bmo#1997018) + Privilege escalation in the Netmonitor component + * CVE-2025-14330 (bmo#1997503) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2025-14331 (bmo#2000218) + Same-origin policy bypass in the Request Handling component + * CVE-2025-14333 (bmo#1966501, bmo#1997639) + Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird + ESR 140.6, Firefox 146 and Thunderbird 146 +- BuildRequires: cargo1.86 and rust1.86 +- BuildRequires: clang19-devel on Leap 15.6 + +------------------------------------------------------------------- firefox-esr.changes: same change Old: ---- firefox-140.5.0esr.source.tar.xz firefox-140.5.0esr.source.tar.xz.asc l10n-140.5.0esr.tar.xz New: ---- firefox-140.6.0esr.source.tar.xz firefox-140.6.0esr.source.tar.xz.asc l10n-140.6.0esr.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firefox-esr.spec ++++++ --- /var/tmp/diff_new_pack.0aS5K5/_old 2025-12-10 15:32:53.852240795 +0100 +++ /var/tmp/diff_new_pack.0aS5K5/_new 2025-12-10 15:32:53.856240964 +0100 @@ -41,8 +41,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.5.0 -%define orig_version 140.5.0 +%define mainver %major.6.0 +%define orig_version 140.6.0 %define orig_suffix esr %define update_channel esr %define branding 1 @@ -168,7 +168,7 @@ BuildRequires: pkgconfig(gconf-2.0) >= 1.2.1 %endif %if 0%{?suse_version} < 1599 -BuildRequires: clang15-devel +BuildRequires: clang19-devel %else BuildRequires: clang-devel %endif ++++++ MozillaFirefox.changes.txt ++++++ --- /var/tmp/diff_new_pack.0aS5K5/_old 2025-12-10 15:32:53.984246361 +0100 +++ /var/tmp/diff_new_pack.0aS5K5/_new 2025-12-10 15:32:53.992246698 +0100 @@ -1,4 +1,37 @@ ------------------------------------------------------------------- +Tue Dec 9 08:53:41 UTC 2025 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.6.0 ESR Build1 + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.6 + https://www.mozilla.org/security/advisories/mfsa2025-94 + MFSA 2025-94 (boo#1254551) + * CVE-2025-14321 (bmo#1992760) + Use-after-free in the WebRTC: Signaling component + * CVE-2025-14322 (bmo#1996473) + Sandbox escape due to incorrect boundary conditions in the + Graphics: CanvasWebGL component + * CVE-2025-14323 (bmo#1996555) + Privilege escalation in the DOM: Notifications component + * CVE-2025-14324 (bmo#1996840) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2025-14325 (bmo#1998050) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2025-14328 (bmo#1996761) + Privilege escalation in the Netmonitor component + * CVE-2025-14329 (bmo#1997018) + Privilege escalation in the Netmonitor component + * CVE-2025-14330 (bmo#1997503) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2025-14331 (bmo#2000218) + Same-origin policy bypass in the Request Handling component + * CVE-2025-14333 (bmo#1966501, bmo#1997639) + Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird + ESR 140.6, Firefox 146 and Thunderbird 146 +- BuildRequires: cargo1.86 and rust1.86 +- BuildRequires: clang19-devel on Leap 15.6 + +------------------------------------------------------------------- Thu Nov 13 09:49:24 UTC 2025 - Manfred Hollstein <[email protected]> - Update MozillaFirefox.desktop from a fresh Factory/Tumbleweed ++++++ firefox-140.5.0esr.source.tar.xz -> firefox-140.6.0esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/firefox-esr/firefox-140.5.0esr.source.tar.xz /work/SRC/openSUSE:Factory/.firefox-esr.new.1939/firefox-140.6.0esr.source.tar.xz differ: char 15, line 1 ++++++ firefox-esr.changes.txt ++++++ --- /var/tmp/diff_new_pack.0aS5K5/_old 2025-12-10 15:32:54.140252938 +0100 +++ /var/tmp/diff_new_pack.0aS5K5/_new 2025-12-10 15:32:54.148253275 +0100 @@ -1,4 +1,37 @@ ------------------------------------------------------------------- +Tue Dec 9 08:53:41 UTC 2025 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.6.0 ESR Build1 + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.6 + https://www.mozilla.org/security/advisories/mfsa2025-94 + MFSA 2025-94 (boo#1254551) + * CVE-2025-14321 (bmo#1992760) + Use-after-free in the WebRTC: Signaling component + * CVE-2025-14322 (bmo#1996473) + Sandbox escape due to incorrect boundary conditions in the + Graphics: CanvasWebGL component + * CVE-2025-14323 (bmo#1996555) + Privilege escalation in the DOM: Notifications component + * CVE-2025-14324 (bmo#1996840) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2025-14325 (bmo#1998050) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2025-14328 (bmo#1996761) + Privilege escalation in the Netmonitor component + * CVE-2025-14329 (bmo#1997018) + Privilege escalation in the Netmonitor component + * CVE-2025-14330 (bmo#1997503) + JIT miscompilation in the JavaScript Engine: JIT component + * CVE-2025-14331 (bmo#2000218) + Same-origin policy bypass in the Request Handling component + * CVE-2025-14333 (bmo#1966501, bmo#1997639) + Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird + ESR 140.6, Firefox 146 and Thunderbird 146 +- BuildRequires: cargo1.86 and rust1.86 +- BuildRequires: clang19-devel on Leap 15.6 + +------------------------------------------------------------------- Thu Nov 13 09:49:24 UTC 2025 - Manfred Hollstein <[email protected]> - Update MozillaFirefox.desktop from a fresh Factory/Tumbleweed ++++++ l10n-140.5.0esr.tar.xz -> l10n-140.6.0esr.tar.xz ++++++ /work/SRC/openSUSE:Factory/firefox-esr/l10n-140.5.0esr.tar.xz /work/SRC/openSUSE:Factory/.firefox-esr.new.1939/l10n-140.6.0esr.tar.xz differ: char 15, line 1 ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.0aS5K5/_old 2025-12-10 15:32:54.404264069 +0100 +++ /var/tmp/diff_new_pack.0aS5K5/_new 2025-12-10 15:32:54.408264237 +0100 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="esr140" -VERSION="140.5.0" +VERSION="140.6.0" VERSION_SUFFIX="esr" -PREV_VERSION="140.4.0" +PREV_VERSION="140.5.0" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr140"; -RELEASE_TAG="558705980ca9db16de0564b5a6031b5d6e0a7efe" -RELEASE_TIMESTAMP="20251106203603" +RELEASE_TAG="18556c0b079c839f4d15597a57b0f048fdadcedd" +RELEASE_TIMESTAMP="20251201132345"
