Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firefox-esr for openSUSE:Factory checked in at 2026-04-29 19:19:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firefox-esr (Old) and /work/SRC/openSUSE:Factory/.firefox-esr.new.30200 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firefox-esr" Wed Apr 29 19:19:46 2026 rev:33 rq:1349995 version:140.10.1 Changes: -------- --- /work/SRC/openSUSE:Factory/firefox-esr/MozillaFirefox.changes 2026-04-22 16:56:03.199202640 +0200 +++ /work/SRC/openSUSE:Factory/.firefox-esr.new.30200/MozillaFirefox.changes 2026-04-29 19:21:23.985819955 +0200 @@ -1,0 +2,53 @@ +Wed Apr 29 12:36:03 UTC 2026 - Manfred Hollstein <[email protected]> + +- Further tests have shown that the rule which llvm version should + be used, can be simplified: only on TW, Slowroll and Factory we + need to explicitly BuildRequire the llvm21 based packages, while + on all other (i.e. Leap) distribution versions we can stick with + the distro's default release of llvm. + +------------------------------------------------------------------- +Wed Apr 29 08:57:29 UTC 2026 - Manfred Hollstein <[email protected]> + +- Explicitly BuildIgnore: clang-tools to avoid pulling in the remaining + llvm22 packages. Also add BuildRequire for libclang13 provided by + the llvm version we use. + +------------------------------------------------------------------- +Tue Apr 28 13:56:41 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.10.1 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.10.1 + https://www.mozilla.org/security/advisories/mfsa2026-36 + MFSA 2026-36 (boo#1263110) + * CVE-2026-7320 (bmo#2027433) + Information disclosure due to incorrect boundary conditions + in the Audio/Video component + * CVE-2026-7321 (bmo#2029461) + Sandbox escape due to incorrect boundary conditions in the + WebRTC: Networking component + * CVE-2026-7322 (bmo#2021904, bmo#2022731, bmo#2027158, + bmo#2027733, bmo#2027973, bmo#2027976, bmo#2028231, + bmo#2028731, bmo#2028886, bmo#2029067, bmo#2029700, + bmo#2029724, bmo#2029806, bmo#2029814, bmo#2030108, + bmo#2030111, bmo#2031524, bmo#2031921, bmo#2032040) + Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR + 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and + Thunderbird 150.0.1 + * CVE-2026-7323 (bmo#2028537, bmo#2029911, bmo#2031121, + bmo#2033602) + Memory safety bugs fixed in Firefox ESR 140.10.1, Thunderbird + ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1 +- Add "-Wno-incompatible-pointer-types" to CFLAGS to avoid an error + for mixing AVCodecParser with FFCodecParser in the latest additions + of Mozilla's vendored FFmpeg + +------------------------------------------------------------------- +Mon Apr 27 08:41:54 UTC 2026 - Manfred Hollstein <[email protected]> + +- Use clang19-devel on all distributions older than TW, Slowroll or + Factory. Since LLVM22 breaks building firefox-esr, restrict + clang-devel to clang21-devel on TW, Slowroll and Factory. + +------------------------------------------------------------------- firefox-esr.changes: same change Old: ---- firefox-140.10.0esr.source.tar.xz firefox-140.10.0esr.source.tar.xz.asc l10n-140.10.0esr.tar.xz New: ---- firefox-140.10.1esr.source.tar.xz firefox-140.10.1esr.source.tar.xz.asc l10n-140.10.1esr.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firefox-esr.spec ++++++ --- /var/tmp/diff_new_pack.59QnKg/_old 2026-04-29 19:21:39.694462916 +0200 +++ /var/tmp/diff_new_pack.59QnKg/_new 2026-04-29 19:21:39.710463571 +0200 @@ -41,8 +41,8 @@ # major 69 # mainver %%major.99 %define major 140 -%define mainver %major.10.0 -%define orig_version 140.10.0 +%define mainver %major.10.1 +%define orig_version 140.10.1 %define orig_suffix esr %define update_channel esr %define branding 1 @@ -167,11 +167,13 @@ %if 0%{?suse_version} < 1550 BuildRequires: pkgconfig(gconf-2.0) >= 1.2.1 %endif -%if 0%{?suse_version} < 1599 -BuildRequires: clang19-devel +%if 0%{?suse_version} > 1600 +BuildRequires: clang21-devel +BuildRequires: llvm21-libclang13 %else BuildRequires: clang-devel %endif +#!BuildIgnore: clang-tools BuildRequires: pkgconfig(glib-2.0) >= 2.22 BuildRequires: pkgconfig(gobject-2.0) BuildRequires: pkgconfig(gtk+-3.0) >= 3.14.0 @@ -418,7 +420,7 @@ export BUILD_OFFICIAL=1 export MOZ_TELEMETRY_REPORTING=1 export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system -export CFLAGS="%{optflags}" +export CFLAGS="%{optflags} -Wno-incompatible-pointer-types" %if 0%{?suse_version} < 1550 && 0%{?sle_version} <= 150600 export CC=gcc-13 export CXX=g++-13 ++++++ MozillaFirefox.changes.txt ++++++ --- /var/tmp/diff_new_pack.59QnKg/_old 2026-04-29 19:21:40.694503848 +0200 +++ /var/tmp/diff_new_pack.59QnKg/_new 2026-04-29 19:21:40.742505812 +0200 @@ -1,4 +1,57 @@ ------------------------------------------------------------------- +Wed Apr 29 12:36:03 UTC 2026 - Manfred Hollstein <[email protected]> + +- Further tests have shown that the rule which llvm version should + be used, can be simplified: only on TW, Slowroll and Factory we + need to explicitly BuildRequire the llvm21 based packages, while + on all other (i.e. Leap) distribution versions we can stick with + the distro's default release of llvm. + +------------------------------------------------------------------- +Wed Apr 29 08:57:29 UTC 2026 - Manfred Hollstein <[email protected]> + +- Explicitly BuildIgnore: clang-tools to avoid pulling in the remaining + llvm22 packages. Also add BuildRequire for libclang13 provided by + the llvm version we use. + +------------------------------------------------------------------- +Tue Apr 28 13:56:41 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.10.1 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.10.1 + https://www.mozilla.org/security/advisories/mfsa2026-36 + MFSA 2026-36 (boo#1263110) + * CVE-2026-7320 (bmo#2027433) + Information disclosure due to incorrect boundary conditions + in the Audio/Video component + * CVE-2026-7321 (bmo#2029461) + Sandbox escape due to incorrect boundary conditions in the + WebRTC: Networking component + * CVE-2026-7322 (bmo#2021904, bmo#2022731, bmo#2027158, + bmo#2027733, bmo#2027973, bmo#2027976, bmo#2028231, + bmo#2028731, bmo#2028886, bmo#2029067, bmo#2029700, + bmo#2029724, bmo#2029806, bmo#2029814, bmo#2030108, + bmo#2030111, bmo#2031524, bmo#2031921, bmo#2032040) + Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR + 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and + Thunderbird 150.0.1 + * CVE-2026-7323 (bmo#2028537, bmo#2029911, bmo#2031121, + bmo#2033602) + Memory safety bugs fixed in Firefox ESR 140.10.1, Thunderbird + ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1 +- Add "-Wno-incompatible-pointer-types" to CFLAGS to avoid an error + for mixing AVCodecParser with FFCodecParser in the latest additions + of Mozilla's vendored FFmpeg + +------------------------------------------------------------------- +Mon Apr 27 08:41:54 UTC 2026 - Manfred Hollstein <[email protected]> + +- Use clang19-devel on all distributions older than TW, Slowroll or + Factory. Since LLVM22 breaks building firefox-esr, restrict + clang-devel to clang21-devel on TW, Slowroll and Factory. + +------------------------------------------------------------------- Tue Apr 21 12:42:20 UTC 2026 - Manfred Hollstein <[email protected]> - Firefox Extended Support Release 140.10.0 ESR ++++++ firefox-140.10.0esr.source.tar.xz -> firefox-140.10.1esr.source.tar.xz ++++++ /work/SRC/openSUSE:Factory/firefox-esr/firefox-140.10.0esr.source.tar.xz /work/SRC/openSUSE:Factory/.firefox-esr.new.30200/firefox-140.10.1esr.source.tar.xz differ: char 15, line 1 ++++++ firefox-esr.changes.txt ++++++ --- /var/tmp/diff_new_pack.59QnKg/_old 2026-04-29 19:21:41.486536266 +0200 +++ /var/tmp/diff_new_pack.59QnKg/_new 2026-04-29 19:21:41.542538558 +0200 @@ -1,4 +1,57 @@ ------------------------------------------------------------------- +Wed Apr 29 12:36:03 UTC 2026 - Manfred Hollstein <[email protected]> + +- Further tests have shown that the rule which llvm version should + be used, can be simplified: only on TW, Slowroll and Factory we + need to explicitly BuildRequire the llvm21 based packages, while + on all other (i.e. Leap) distribution versions we can stick with + the distro's default release of llvm. + +------------------------------------------------------------------- +Wed Apr 29 08:57:29 UTC 2026 - Manfred Hollstein <[email protected]> + +- Explicitly BuildIgnore: clang-tools to avoid pulling in the remaining + llvm22 packages. Also add BuildRequire for libclang13 provided by + the llvm version we use. + +------------------------------------------------------------------- +Tue Apr 28 13:56:41 UTC 2026 - Manfred Hollstein <[email protected]> + +- Firefox Extended Support Release 140.10.1 ESR + * Fixed: Various security fixes. +- Mozilla Firefox ESR 140.10.1 + https://www.mozilla.org/security/advisories/mfsa2026-36 + MFSA 2026-36 (boo#1263110) + * CVE-2026-7320 (bmo#2027433) + Information disclosure due to incorrect boundary conditions + in the Audio/Video component + * CVE-2026-7321 (bmo#2029461) + Sandbox escape due to incorrect boundary conditions in the + WebRTC: Networking component + * CVE-2026-7322 (bmo#2021904, bmo#2022731, bmo#2027158, + bmo#2027733, bmo#2027973, bmo#2027976, bmo#2028231, + bmo#2028731, bmo#2028886, bmo#2029067, bmo#2029700, + bmo#2029724, bmo#2029806, bmo#2029814, bmo#2030108, + bmo#2030111, bmo#2031524, bmo#2031921, bmo#2032040) + Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR + 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and + Thunderbird 150.0.1 + * CVE-2026-7323 (bmo#2028537, bmo#2029911, bmo#2031121, + bmo#2033602) + Memory safety bugs fixed in Firefox ESR 140.10.1, Thunderbird + ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1 +- Add "-Wno-incompatible-pointer-types" to CFLAGS to avoid an error + for mixing AVCodecParser with FFCodecParser in the latest additions + of Mozilla's vendored FFmpeg + +------------------------------------------------------------------- +Mon Apr 27 08:41:54 UTC 2026 - Manfred Hollstein <[email protected]> + +- Use clang19-devel on all distributions older than TW, Slowroll or + Factory. Since LLVM22 breaks building firefox-esr, restrict + clang-devel to clang21-devel on TW, Slowroll and Factory. + +------------------------------------------------------------------- Tue Apr 21 12:42:20 UTC 2026 - Manfred Hollstein <[email protected]> - Firefox Extended Support Release 140.10.0 ESR ++++++ l10n-140.10.0esr.tar.xz -> l10n-140.10.1esr.tar.xz ++++++ ++++++ tar_stamps ++++++ --- /var/tmp/diff_new_pack.59QnKg/_old 2026-04-29 19:21:42.690585548 +0200 +++ /var/tmp/diff_new_pack.59QnKg/_new 2026-04-29 19:21:42.710586367 +0200 @@ -1,11 +1,11 @@ PRODUCT="firefox" CHANNEL="esr140" -VERSION="140.10.0" +VERSION="140.10.1" VERSION_SUFFIX="esr" -PREV_VERSION="140.9.1" +PREV_VERSION="140.10.0" PREV_VERSION_SUFFIX="esr" #SKIP_LOCALES="" # Uncomment to skip l10n and compare-locales-generation RELEASE_REPO="https://hg.mozilla.org/releases/mozilla-esr140"; -RELEASE_TAG="a1c8c4081ea0e227dbde64c95ec6942fa71edb28" -RELEASE_TIMESTAMP="20260414220523" +RELEASE_TAG="a24e9e115e02794f72dab9ef6081244403b0183a" +RELEASE_TIMESTAMP="20260427105827"
